Secret Manager¶
bibtutils.gcp.secrets¶
Functionality making use of GCP’s Secret Manager.
See the official Secret Manager Python Client documentation here: link.
- bibtutils.gcp.secrets.get_secret(host_project, secret_name, **kwargs)[source]¶
An alias for
get_secret_json()
. Any extra arguments (kwargs
) are passed to theget_sercret_by_uri()
function.from bibtutils.gcp.secrets import get_secret secret = get_secret('my_project', 'my_secret') print(secret['password'])
- bibtutils.gcp.secrets.get_secret_by_name(host_project, secret_name, **kwargs)[source]¶
Gets a secret from GCP and returns it either as decoded utf-8 or raw bytes (depending on decode parameter). Executing account must have (at least) secret version accessor permissions on the secret. Any extra arguments (
kwargs
) are passed to theget_sercret_by_uri()
function.from bibtutils.gcp.secrets import get_secret_by_name secret = get_secret_by_name('my_project', 'my_secret') print(secret)
- bibtutils.gcp.secrets.get_secret_by_uri(secret_uri, decode=True, credentials=None, timeout=None)[source]¶
Gets a secret from GCP and returns it either as decoded utf-8 or raw bytes (depending on
decode
parameter). Executing account must have (at least) secret version accessor permissions on the secret.from bibtutils.gcp.secrets import get_secret_by_uri secret = get_secret_by_uri( 'projects/my_project/secrets/my_secret/versions/latest' ) print(secret)
- Parameters:
secret_uri (
str
) – the uri of the secret to fetch. secret uri format:'projects/{host_project}/secrets/{secret_name}/versions/latest'
decode (
bool
) – (Optional) whether or not to decode the bytes. Defaults toTrue
.credentials (
google.oauth2.credentials.Credentials
) – the credentials object to use when making the API call, if not to use the account running the function for authentication.timeout (
float
) – request timeout may be specified if desired.
- Return type:
- Returns:
the secret data.
- bibtutils.gcp.secrets.get_secret_json(host_project, secret_name, **kwargs)[source]¶
Gets a secret from GCP and returns it parsed into a dict. Executing account must have (at least) secret version accessor permissions on the secret. Note: secret must be in JSON format. Any extra arguments (
kwargs
) are passed to theget_sercret_by_uri()
function.from bibtutils.gcp.secrets import get_secret_json secret = get_secret_json('my_project', 'my_secret') print(secret['password'])