Alibaba Cloud Secrets Manager Client V2 implementation for Python
Project description
Alibaba Cloud Secrets Manager Client V2 implementation for Python
The Alibaba Cloud Secrets Manager Client V2 implementation for Python developers to easily work with Alibaba Cloud KMS Secrets.
Read this in other languages: 简体中文
License
Features
Provide quick integration capability to gain secret information
Provide Alibaba secrets cache ( memory cache or encryption file cache )
Provide tolerated disaster by the secrets with the same secret name and secret data in different regions
Provide default backoff strategy and user-defined backoff strategy
Requirements
Python 3.7+
Install
Install the official release version through PIP (taking Linux as an example):
$ pip install aliyun-secret-manager-client-v2You can also install the unzipped installer package directly:
$ sudo python setup.py installSample Code
Ordinary User Sample Code
Build Secrets Manager Client by system environment variables or configuration file (secretsmanager.properties) (system environment variables setting for details,configure configuration details)
from alibabacloud_secretsmanager_client_v2.secret_manager_cache_client_builder import SecretManagerCacheClientBuilder
if __name__ == '__main__':
secret_cache_client = SecretManagerCacheClientBuilder.new_client()
secret_info = secret_cache_client.get_secret_info("#secretName#")
print(secret_info.__dict__)Build Secrets Manager Client by a custom configuration file (you can customize the file name or file path name) (configure configuration details)
from alibabacloud_secretsmanager_client_v2.secret_manager_cache_client_builder import SecretManagerCacheClientBuilder
from alibabacloud_secretsmanager_client_v2.service.default_secret_manager_client_builder import DefaultSecretManagerClientBuilder
if __name__ == '__main__':
secret_cache_client = SecretManagerCacheClientBuilder.new_cache_client_builder(
DefaultSecretManagerClientBuilder.standard().with_custom_config_file("#customConfigFileName#").build()).build()
secret_info = secret_cache_client.get_secret_info("#secretName#")
print(secret_info.__dict__)Build Secrets Manager Client by the given parameters(accessKey, accessSecret, regionId, etc)
import os
from alibabacloud_secretsmanager_client_v2.secret_manager_cache_client_builder import SecretManagerCacheClientBuilder
from alibabacloud_secretsmanager_client_v2.service.default_secret_manager_client_builder import DefaultSecretManagerClientBuilder
from alibabacloud_secretsmanager_client_v2.utils.credentials_provider_utils import CredentialsProviderUtils
if __name__ == '__main__':
secret_cache_client = SecretManagerCacheClientBuilder.new_cache_client_builder(
DefaultSecretManagerClientBuilder.standard().with_credentials_provider(CredentialsProviderUtils
.with_access_key(os.getenv("#accessKeyId#"), os.getenv("#accessKeySecret#"))).with_region("#regionId#").build()).build()
secret_info = secret_cache_client.get_secret_info("#secretName#")
print(secret_info.__dict__)Build Secrets Manager Client by Aliyun default credential chain. For more information, please refer to Aliyun default credential chain.
from alibabacloud_secretsmanager_client_v2.secret_manager_cache_client_builder import SecretManagerCacheClientBuilder
from alibabacloud_secretsmanager_client_v2.service.default_secret_manager_client_builder import DefaultSecretManagerClientBuilder
if __name__ == '__main__':
secret_cache_client = SecretManagerCacheClientBuilder.new_cache_client_builder(
DefaultSecretManagerClientBuilder.standard().with_credentials_provider().with_region("#regionId#").build()).build()
secret_info = secret_cache_client.get_secret_info("#secretName#")
print(secret_info.__dict__)Build Secrets Manager Client by the given parameters(roleArn、oidcProviderArn、oidcTokenFilePath, etc)
from alibabacloud_secretsmanager_client_v2.secret_manager_cache_client_builder import SecretManagerCacheClientBuilder
from alibabacloud_secretsmanager_client_v2.service.default_secret_manager_client_builder import DefaultSecretManagerClientBuilder
from aliyun_credentials.provider import OIDCRoleArnCredentialProvider
if __name__ == '__main__':
secret_cache_client = SecretManagerCacheClientBuilder.new_cache_client_builder(
DefaultSecretManagerClientBuilder.standard()
.with_credentials_provider(
OIDCRoleArnCredentialProvider.builder()
.role_arn("#roleArn#")
.oidc_provider_arn("#oidcProviderArn#")
.oidc_token_file_path("#oidcTokenFilePath#")
.build())
.with_region("#regionId#")
.build())
.build()
secret_info = secret_cache_client.get_secret_info("#secretName#")
print(secret_info.__dict__)Customized User Code
Use custom parameters or user’s own implementation
import os
from alibabacloud_secretsmanager_client_v2.secret_manager_cache_client_builder import SecretManagerCacheClientBuilder
from alibabacloud_secretsmanager_client_v2.cache.file_cache_secret_store_strategy import FileCacheSecretStoreStrategy
from alibabacloud_secretsmanager_client_v2.service.default_secret_manager_client_builder import DefaultSecretManagerClientBuilder
from alibabacloud_secretsmanager_client_v2.service.default_refresh_secret_strategy import DefaultRefreshSecretStrategy
from alibabacloud_secretsmanager_client_v2.service.full_jitter_back_off_strategy import FullJitterBackoffStrategy
from alibabacloud_secretsmanager_client_v2.utils.credentials_provider_utils import CredentialsProviderUtils
if __name__ == '__main__':
secret_cache_client = SecretManagerCacheClientBuilder \
.new_cache_client_builder(DefaultSecretManagerClientBuilder.standard()
.with_credentials_provider(CredentialsProviderUtils.with_access_key(os.getenv("#accessKeyId#"), os.getenv("#accessKeySecret#")))
.with_region("#regionId#")
.with_back_off_strategy(FullJitterBackoffStrategy(3, 2000, 10000)).build()) \
.with_cache_secret_strategy(FileCacheSecretStoreStrategy("#cacheSecretPath#", True, "#salt#")) \
.with_refresh_secret_strategy(DefaultRefreshSecretStrategy("#ttlName#")) \
.with_cache_stage("#stage#") \
.with_secret_ttl("#secretName#", 1 * 60 * 1000) \
.with_secret_ttl("#secretName1#", 2 * 60 * 1000).build()
secret_info = secret_cache_client.get_secret_info("#secretName#")
print(secret_info.__dict__)FAQ
How to resolve “cannot find the built-in ca certificate for region[$regionId], please provide the caFilePath parameter.” error?
Error Cause: The built-in CA certificate for this region does not exist in the SDK.
Solution: 1. Please update the SDK to the latest version.
If you still encounter this error after updating to the latest version, you can download the latest CA certificate (CA certificates can be downloaded at Key Management Service - Instances - Instance Details page) and pass in the CA certificate path parameter. The specific methods are as follows:
Method 1: Passing CA certificate path via coding
from alibabacloud_secretsmanager_client_v2.secret_manager_cache_client_builder import SecretManagerCacheClientBuilder
from alibabacloud_secretsmanager_client_v2.service.default_secret_manager_client_builder import DefaultSecretManagerClientBuilder
from alibabacloud_secretsmanager_client_v2.model.region_info import RegionInfo
from alibabacloud_secretsmanager_client_v2.utils.credentials_provider_utils import CredentialsProviderUtils
if __name__ == '__main__':
try:
# Create RegionInfo with CA certificate path
region_info = RegionInfo(
region_id="#regionId#",
endpoint="#kmsInstanceEndpoint#", # Specify KMS instance endpoint
ca_file_path="#caFilePath#" # Specify CA certificate file path
)
secret_cache_client = SecretManagerCacheClientBuilder.new_cache_client_builder(
DefaultSecretManagerClientBuilder.standard()
.with_credentials_provider(CredentialsProviderUtils.with_access_key(
os.getenv("#accessKeyId#"),
os.getenv("#accessKeySecret#")))
.with_region(region_info) # Using RegionInfo with CA certificate path
.build())
.build()
# ... use client
except Exception as e:
print(e)Method 2: Passing CA certificate path via configuration file
Add caFilePath parameter in the secretsmanager.properties configuration file:
# KMS service region with CA certificate path and endpoint
cache_client_region_id=[{"regionId":"<regionId>","endpoint":"<kmsInstanceId>.cryptoservice.kms.aliyuncs.com","caFilePath":"<ca certificate file path>"}]Method 3: Passing CA certificate path via environment variables
Refer to Environment Variable Configuration Instructions and add the CA certificate path parameter in the environment variable configuration:
# KMS service region with CA certificate path and endpoint
export cache_client_region_id=[{"regionId":"<regionId>","endpoint":"<kmsInstanceId>.cryptoservice.kms.aliyuncs.com","caFilePath":"<ca certificate file path>"}]Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file alibabacloud_secretsmanager_client_v2-2.0.0.tar.gz.
File metadata
- Download URL: alibabacloud_secretsmanager_client_v2-2.0.0.tar.gz
- Upload date:
- Size: 59.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
830f993f9073f7437c8acc7967d6bf61936cdc4ebbd2b718461bff6f78b75654
|
|
| MD5 |
f5b71f1a846d5b573a9e61f5dd4bbaa2
|
|
| BLAKE2b-256 |
15ab074f5b8ba7a5ab1a52005eb3e4f3ecbc06d587113d9036b215731814f485
|
File details
Details for the file alibabacloud_secretsmanager_client_v2-2.0.0-py3-none-any.whl.
File metadata
- Download URL: alibabacloud_secretsmanager_client_v2-2.0.0-py3-none-any.whl
- Upload date:
- Size: 105.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
60cb4ceee80bf2d42ceafa8f4b671785f36efa2e54c6bf68e01a764571508026
|
|
| MD5 |
7caf17451008262d3696d1719fe13b9f
|
|
| BLAKE2b-256 |
9f8999cd59f28bce39e9f90ba34f70d1859d4ee46daee3198baab3cce7b2bd7c
|
