UltraDNS + HashiCorp Vault Demo

This demo shows how to pull UltraDNS API credentials from a HashiCorp Vault KV store at runtime, exchange them for a bearer token, and then call the /status endpoint to verify connectivity.

---

1. Install HashiCorp Vault

On macOS with Homebrew (check the Vault docs for Windows/Linux instructions):

brew tap hashicorp/tap
brew install hashicorp/tap/vault

Verify the install:

vault --version

---

2. Start Vault in Dev Mode

In one terminal, run Vault:

vault server -dev

Copy the Root Token and API Address from the output.

---

3. Configure Vault in Another Terminal

Export the environment variables:

export VAULT_ADDR='http://127.0.0.1:8200'
export VAULT_TOKEN='root-token-from-above'

Confirm it’s working:

vault status

Enable the KV v2 secrets engine:

vault secrets enable -path=secret kv-v2

Add your UltraDNS credentials:

vault kv put secret/ultradns username='demo-user' password='demo-pass'
vault kv get secret/ultradns   # verify

---

4. Set Up a Python Virtual Environment

python -m venv .venv
source .venv/bin/activate

Install requests:

pip install requests

---

5. Run the Demo Script

The script ultradns_vault_status.py will:

1. Fetch your credentials from Vault (secret/ultradns).
2. Authenticate against UltraDNS /authorization/token.
3. Call the /status endpoint with the returned bearer token.

Set environment variables:

# Vault
export VAULT_ADDR='http://127.0.0.1:8200'
export VAULT_TOKEN='root-token-from-above'
export VAULT_SECRET_PATH='secret/ultradns'   # default
export VAULT_USERNAME_KEY='username'         # default
export VAULT_PASSWORD_KEY='password'         # default

# UltraDNS
export ULTRADNS_API_BASE='https://api.ultradns.com'
# Optionally request a specific token lifetime (seconds)
# export ULTRADNS_EXPIRE_IN='86400'

Run:

python3 ultradns_vault_status.py

Expected output (with valid credentials):

[vault] Got username 'demo-user' from Vault (password length 9 chars)
[auth] Received bearer token, expires_in=3600
[status] Response: {
  "message": "Good"
}