Skip to main content

Decipher the Berglas keys

Project description


Python library help to use Berglas, to encrypt and to decrypt the secrets stored in a GCP storage.

See Berglas for details about bucket bootstrapping and secret creation

Library Usage

You have to get the library

pip install berglas-python

Then use it in the same way as Go library

The library berglas_python library is able to:

Here an example of usage

import os

import berglas_python as berglas

project_id = os.environ.get("MY-PROJECT")

# This higher-level API parses the secret reference at the specified
# environment variable, downloads and decrypts the secret, and replaces the
# contents of the given environment variable with the secret result.

berglas.Replace(project_id, "MY-SECRET")

# This lower-level API parses the secret reference, downloads and decrypts
# the secret, and returns the result. This is useful if you need to mutate
# the result.
my_secret = os.environ.get("MY-SECRET")
plaintext = berglas.Resolve(project_id, my_secret)
os.environ.setdefault("MY-SECRET", plaintext)

# This is lower-level API encrypts the plaintext string and uploads the blob
berglas.Encrypt(project_id, 'MY-BUCKET/MY-SECRET-FILE', 'STRING-TO-ENCRYPT')


This library is licensed under Apache 2.0. Full license text is available in LICENSE.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

berglas_python-0.3.4.tar.gz (5.0 kB view hashes)

Uploaded source

Built Distribution

berglas_python-0.3.4-py3-none-any.whl (9.3 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page