The Thycotic DevOps Secret Vault Python SDK
Project description
The Thycotic DevOps Secrets Vault Python SDK
The Thycotic DevOps Secrets Vault (DSV) Python SDK contains classes that interact with the DSV REST API.
Install
python -m pip install python-dsv-sdk
Usage
There are two ways in which you can authorize the SecretsVault
class to fetch secrets.
- Password Authorization (with
PasswordGrantAuthorizer
) - Access Token Authorization (with
AccessTokenAuthorizer
)
Authorizers
Password Authorization
If using a traditional client_id
and a client_secret
to authenticate in to your DevOps Secrets Vault, you can pass the PasswordGrantAuthorizer
into the SecretsVault
class at instantiation. The PasswordGrantAuthorizer
requires a base_url
, username
, and password
. It optionally takes a token_path_uri
, but defaults to /v1/token
.
from thycotic.secrets.vault import PasswordGrantAuthorizer
authorizer = PasswordGrantAuthorizer("https://mytenant.secretsvaultcloud.com/", "my_client_id", "my_client_secret")
Access Token Authorization
If you already have a valid access_token
, you can pass directly via the AccessTokenAuthorizer
.
from thycotic.secrets.vault import AccessTokenAuthorizer
authorizer = AccessTokenAuthorizer("YgJ1slfZs8ng9bKsRsB-tic0Kh8I...")
Secrets Vault
Instantiate SecretsVault
by passing your base_url
and Authorizer
as arguments:
from thycotic.secrets.vault import SecretsVault
vault = SecretsVault("https://mytenant.secretsvaultcloud.com/", authorizer)
Secrets can be fetched using the get_secret
method, which takes the secret_path
of the secret and returns a json
object. Alternatively, you can use pass the json to VaultSecret
which returns a dataclass
object representation of the secret:
from thycotic.secrets.vault import VaultSecret
secret = VaultSecret(**vault.get_secret("/test/secret"))
print(f"username: {secret.data['username']}\npassword: {secret.data['password']}")
Create a Build Environment (optional)
The SDK requires Python 3.6 or higher.
First, ensure Python 3.6 is in $PATH
then run:
# Clone the repo
git clone https://github.com/thycotic/python-dsv-sdk
cd python-dsv-sdk
# Create a virtual environment
python -m venv venv
. venv/bin/activate
# Install dependencies
python -m pip install --upgrade pip
pip install -r requirements.txt
Valid credentials are required to run the unit tests. The credentials should be stored in environment variables or in a .env
file:
export DSV_CLIENT_ID="e7f6be68-0acb-4020-9c55-c7b161620199"
export DSV_CLIENT_SECRET="0lYBbBbaXtkMd3WYydhfhuy0rHNFet_jq7QA4ZfEjxU"
export DSV_BASE_URL="https://my.secretsvaultcloud.com/"
The tests assume that the client associated with the specified CLIENT_ID
can read the secret with the path /test/sdk/simple
.
Note: The secret path can be changed manually in
test_server.py
to a secret path that the client can access.
To run the tests with tox
:
tox
To build the package, use Flit:
flit build
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for python_dsv_sdk-1.0.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4279b5bb0016f197b42789aee820c87458efdbb8447b758905cf7501111e4365 |
|
MD5 | fc129bf4ea17465c843cefca735c26c3 |
|
BLAKE2b-256 | e4b944322f3421202d917d834af262535393a5d697833db4802836442d9aceb6 |