The Thycotic Secret Server Python SDK
Project description
The Thycotic Secret Server Python SDK
The Thycotic Secret Server Python SDK contains classes that interact with Secret Server via the REST API.
Install
python -m pip install python-tss-sdk
Secret Server Cloud
The SDK API requires a username
, password
, and a tenant
.
tenant
simplifies the configuration when using Secret Server Cloud by assuming the default folder structure and creating the base URL from a template that takes the tenant
and an optional top-level domain (TLD) that defaults to com
, as parameters.
Use
Instantiate the SecretServerCloud
class with tenant
, username
and password
and (optionally include a tld
). To retrieve a secret, pass an integer id
to get_secret()
which will return the secret as a JSON encoded string.
from thycotic.secrets.server import SecretServerCloud
secret_server = SecretServerCloud("mytenant", "myusername", "mypassword")
secret = secret_server.get_secret(1)
The SDK API also contains a Secret
@dataclass
containing a subset of the Secret's attributes and a dictionary of all the fields keyed by the Secret's slug
.
Secret Server
There are three ways in which you can authorize the SecretServer
class to fetch secrets.
- Password Authorization (with
PasswordGrantAuthorizer
) - Domain Authorization (with
DomainPasswordGrantAuthorizer
) - Access Token Authorization (with
AccessTokenAuthorizer
)
Usage
Password Authorization
If using traditional username
and password
authentication to log in to your Secret Server, you can pass the PasswordGrantAuthorizer
in into the SecretServer
class at instantiation. The PasswordGrantAuthorizer
requires a token_url
, username
, and password
.
from thycotic.secrets.server import PasswordGrantAuthorizer
authorizer = PasswordGrantAuthorizer("https://hostname/SecretServer", "myusername", "mypassword")
Domain Authorization
To use a domain credential, use the DomainPasswordGrantAuthorizer
. It requires a token_url
, username
, domain
, and password
.
from thycotic.secrets.server import DomainPasswordGrantAuthorizer
authorizer = DomainPasswordGrantAuthorizer("https://hostname/SecretServer", "myusername", "mydomain", "mypassword")
Access Token Authorization
If you already have an access_token
, you can pass directly via the AccessTokenAuthorizer
.
from thycotic.secrets.server import AccessTokenAuthorizer
authorizer = AccessTokenAuthorizer("AgJ1slfZsEng9bKsssB-tic0Kh8I...")
Initializing SecretServer
NOTE: In v0.0.6 SecretServerV1
replaces SecretServer
. However, SecretServer
is still available for backwards compatibility with v0.0.5 and earlier. In version 0.1.0, the current implementation will be deprecated and SecretServerV1
will become SecretServer
.
To instantiate the SecretServerV1
class, it requires a base_url
, authorizer
object (see above), and an optional api_path_uri
(defaults to "/api/v1"
)
from thycotic.secrets.server import ServerSecretV1
secret_server = SecretServerV1("https://hostname/SecretServer", my_authorizer)
Secrets can be fetched using the get_secret
method, which takes an integer id
of the secret:
secret = secret_server.get_secret(1)
print(f"username: {secret.fields['username'].value}\npassword: {secret.fields['password'].value}")
Create a Build Environment (optional)
The SDK requires Python 3.6 or higher, and the Requests library.
First, ensure Python 3.6 is in $PATH
then run:
git clone https://github.com/thycotic/python-tss-sdk
cd python-tss-sdk
python -m venv venv
. venv/bin/activate
pip install -r requirements.txt
Both example.py
and the unit tests pull the settings from a JSON file.
with open('server_config.json') as f:
config = json.load(f)
They also assume that the user associated with the specified username
and password
can read the secret with ID 1
, and that the Secret itself contains username
and password
fields.
Create server_config.json
:
{
"username": "app_user",
"password": "Passw0rd!",
"tenant": "mytenant"
}
Finally, run pytest
, then build the package:
pytest
# Build
flit build
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for python_tss_sdk-0.0.6-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | eceea5bce40b3d2bc2df470a6a19f8a534f935eb52c599d61e567e9e1b830d72 |
|
MD5 | b2dd691245c0b18889026cdb1a8821eb |
|
BLAKE2b-256 | d4ef6e63ee3adf05d547893f96f8585b881715d2e376d847eaadc9f7af22197a |