Skip to main content

The Thycotic Secret Server Python SDK

Project description

The Thycotic Secret Server Python SDK

PyPI Version License Python Versions

The Thycotic Secret Server Python SDK contains classes that interact with Secret Server via the REST API.

Install

python -m pip install python-tss-sdk

Secret Server Cloud

The SDK API requires a username, password, and a tenant.

tenant simplifies the configuration when using Secret Server Cloud by assuming the default folder structure and creating the base URL from a template that takes the tenant and an optional top-level domain (TLD) that defaults to com, as parameters.

Use

Instantiate the SecretServerCloud class with tenant , username and password and (optionally include a tld). To retrieve a secret, pass an integer id to get_secret() which will return the secret as a JSON encoded string.

from thycotic.secrets.server import SecretServerCloud

secret_server = SecretServerCloud("mytenant", "myusername", "mypassword")

secret = secret_server.get_secret(1)

The SDK API also contains a Secret @dataclass containing a subset of the Secret's attributes and a dictionary of all the fields keyed by the Secret's slug.

Secret Server

There are three ways in which you can authorize the SecretServer class to fetch secrets.

  • Password Authorization (with PasswordGrantAuthorizer)
  • Domain Authorization (with DomainPasswordGrantAuthorizer)
  • Access Token Authorization (with AccessTokenAuthorizer)

Usage

Password Authorization

If using traditional username and password authentication to log in to your Secret Server, you can pass the PasswordGrantAuthorizer into the SecretServer class at instantiation. The PasswordGrantAuthorizer requires a base_url, username, and password. It optionally takes a token_path_uri, but defaults to /oauth2/token.

from thycotic.secrets.server import PasswordGrantAuthorizer

authorizer = PasswordGrantAuthorizer("https://hostname/SecretServer", "myusername", "mypassword")

Domain Authorization

To use a domain credential, use the DomainPasswordGrantAuthorizer. It requires a base_url, username, domain, and password. It optionally takes a token_path_uri, but defaults to /oauth2/token.

from thycotic.secrets.server import DomainPasswordGrantAuthorizer

authorizer = DomainPasswordGrantAuthorizer("https://hostname/SecretServer", "myusername", "mydomain", "mypassword")

Access Token Authorization

If you already have an access_token, you can pass directly via the AccessTokenAuthorizer.

from thycotic.secrets.server import AccessTokenAuthorizer

authorizer = AccessTokenAuthorizer("AgJ1slfZsEng9bKsssB-tic0Kh8I...")

Initializing SecretServer

NOTE: In v1.0.0 SecretServer replaces SecretServerV1. However, SecretServerV0 is available to use instead, for backwards compatibility with v0.0.5 and v0.0.6.

To instantiate the SecretServer class, it requires a base_url, authorizer object (see above), and an optional api_path_uri (defaults to "/api/v1")

from thycotic.secrets.server import SecretServer

secret_server = SecretServer("https://hostname/SecretServer", my_authorizer)

Secrets can be fetched using the get_secret method, which takes an integer id of the secret and, returns a json object:

secret = secret_server.get_secret(1)

print(f"username: {secret.fields['username'].value}\npassword: {secret.fields['password'].value}")

Alternatively, you can use pass the json to ServerSecret which returns a dataclass object representation of the secret:

from thycotic.secrets.server import ServerSecret

secret = ServerSecret(**secret_server.get_secret(1))

username = secret.fields['username'].value

Create a Build Environment (optional)

The SDK requires Python 3.6 or higher.

First, ensure Python is in $PATH, then run:

# Clone the repo
git clone https://github.com/thycotic/python-tss-sdk
cd python-tss-sdk

# Create a virtual environment
python -m venv venv
. venv/bin/activate

# Install dependencies
python -m pip install --upgrade pip
pip install -r requirements.txt

Valid credentials are required to run the unit tests. The credentials should be stored in environment variables or in a .env file:

export TSS_USERNAME=myusername
export TSS_PASSWORD=mysecretpassword
export TSS_TENANT=mytenant

The tests assume that the user associated with the specified TSS_USERNAME and TSS_PASSWORD can read the secret with ID 1, and that the Secret itself contains username and password fields.

Note: The secret ID can be changed manually in test_server.py to a secret ID that the user can access.

To run the tests with tox:

tox

To build the package, use Flit:

flit build

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

python-tss-sdk-1.0.1.tar.gz (14.1 kB view details)

Uploaded Source

Built Distribution

python_tss_sdk-1.0.1-py3-none-any.whl (11.0 kB view details)

Uploaded Python 3

File details

Details for the file python-tss-sdk-1.0.1.tar.gz.

File metadata

  • Download URL: python-tss-sdk-1.0.1.tar.gz
  • Upload date:
  • Size: 14.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7

File hashes

Hashes for python-tss-sdk-1.0.1.tar.gz
Algorithm Hash digest
SHA256 90928c46500f6dfad922cdeb7fc25485d734c77b60fb5303d00d47bb08ac1312
MD5 4e7b8a2e63df32ce08e0791975fc67d5
BLAKE2b-256 e5648e3b09b35b6463a9e06a4d68695cf0cd83fd42582a196a135d6ca6ff93b8

See more details on using hashes here.

Provenance

File details

Details for the file python_tss_sdk-1.0.1-py3-none-any.whl.

File metadata

  • Download URL: python_tss_sdk-1.0.1-py3-none-any.whl
  • Upload date:
  • Size: 11.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7

File hashes

Hashes for python_tss_sdk-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 32025b4e3f6fccdb74009b7032d905ee56addf55bfbacd71f09bb17553bf826e
MD5 22ec6e1895c29014c1210e1eb74f57ea
BLAKE2b-256 7b59ddcad58cdbe9e5d0348e4115656cc718ed4806a69b11aa85715503e907f8

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page