Decipher the Berglas keys
Python library help to use Berglas, to encrypt and to decrypt the secrets stored in a GCP storage.
See Berglas for details about bucket bootstrapping and secret creation
You have to get the library
pip install berglas-python
Then use it in the same way as Go library
The library berglas_python library is able to:
- Encrypt and upload the secrets
- Download and decrypt any secrets that match the Berglas environment variable reference syntax
- Replace the value for the environment variable with the decrypted secret
Here an example of usage
import os import berglas_python as berglas project_id = os.environ.get("MY-PROJECT") # This higher-level API parses the secret reference at the specified # environment variable, downloads and decrypts the secret, and replaces the # contents of the given environment variable with the secret result. berglas.Replace(project_id, "MY-SECRET") # This lower-level API parses the secret reference, downloads and decrypts # the secret, and returns the result. This is useful if you need to mutate # the result. my_secret = os.environ.get("MY-SECRET") plaintext = berglas.Resolve(project_id, my_secret) os.environ.unsetenv("MY-SECRET") os.environ.setdefault("MY-SECRET", plaintext) # This is lower-level API encrypts the plaintext string and uploads the blob berglas.Encrypt(project_id, 'MY-BUCKET/MY-SECRET-FILE', 'STRING-TO-ENCRYPT')
This library is licensed under Apache 2.0. Full license text is available in LICENSE.
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size||File type||Python version||Upload date||Hashes|
|Filename, size berglas_python-0.3.0.tar.gz (4.6 kB)||File type Source||Python version None||Upload date||Hashes View hashes|