This Python module allows to retrive secrets from Thycotic Secret Server. It utilizes the REST API
Project description
Thycotic Secret Server Reader
This Python module allows to retrive secrets from Thycotic Secret Server. It utilizes the REST API
see: https://docs.thycotic.com/ss/10.8.0/api-scripting/rest-api-reference-download
License
MIT
Installation
Installation with PyPi:
pip install secread
Installation with poetry:
poetry add secread
Configuration
To configure the module use following environment variables. It is also possible to provide the file '.env' with the settings
# copy the template as environment file
cp .env.example .env
# Edit configuration file
vi .env
#############################################################################
# Settings for Thycotic Secret Server Reader
SECRET_SERVER_SITE='https://pw.example.com/SecretServer'
SECRET_SERVER_AUTH_API='/oauth2/token'
SECRET_SERVER_USERNAME='apiuser'
SECRET_SERVER_PASSWORD='my_password_for_apiuser'
# Values for SECRET_SERVER_SSL_VERIFY
# - True server certificate will be verified (Default)
# - False server certificate will be ignored; warning
# - Path path to trusted cerificate bundle e.g. '/etc/ssl/certs/ca-bundle.trust.crt'
SECRET_SERVER_SSL_VERIFY='/etc/ssl/certs/ca-bundle.trust.crt'
# Default field-items to extract from result.
SECRET_SERVER_DEFAULT_SLUGS='["id", "url", "username", "password"]'
# SECRET_SERVER_IS_DUMMY (Default: False)
# - False: Secert-Server-API is active
# - True: The API will not be used. SECRET_SERVER_TEST_DUMMY_RESULT will be returned
# SECRET_SERVER_IS_DUMMY=False
SECRET_SERVER_TEST_DUMMY_RESULT='{"id": "12345", username": "testuser", "password": "testpassword", "url": "https://localhost/SecretServer"}'
# 'name' of the secret that is used for testing on live server
# TEST_SECRET_NAME='GitLab Token netsearch-ro'
Development
The installation instruction for poetry is here: https://python-poetry.org/docs/#installation
git clone https://github.com/jifox/secret-server-reader.git
cd secret-server-reader
# Set python environment to use for development
# poetry env use python3.8
# Install the module
poetry install
# Execute tests (be sure to configure the system before)
poetry run pytest -v
Update pypi
Before updating pypi, the version number must be incremented in following files:
- pyproject.toml
- secread/init.py
- secread/tests/test_secread.py
poetry build
poetry publish
Examples
"""Tests for module secread"""
import os
import pytest
from secread import __version__, SecretServer
def test_version():
assert __version__ == "0.1.1"
@pytest.fixture
def sec_server():
return SecretServer()
def test_default_slugs_is_a_list(sec_server: SecretServer):
slugs = sec_server.SECRET_SERVER_DEFAULT_SLUGS
assert isinstance(slugs, list)
def test_secretserver(sec_server: SecretServer):
token = sec_server.getAuthToken()
assert len(token) > 0, "Token could not be read"
def test_get_secret_response_by_name(sec_server: SecretServer):
secname = os.getenv("TEST_SECRET_NAME", "GitLab Token netsearch-ro")
res = sec_server.searchSecretResponse(secname)
fields = sec_server.getFieldItemWithSlug(res)
assert "username" in fields.keys(), "Missing username"
assert "password" in fields.keys(), "Missing password"
def test_get_secret_by_name(sec_server: SecretServer):
secname = os.getenv("TEST_SECRET_NAME", "GitLab Token netsearch-ro")
res = sec_server.searchSecret(secname)
assert "username" in res.keys(), "Missing username"
assert "password" in res.keys(), "Missing password"
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
secread-0.1.4.tar.gz
(8.4 kB
view hashes)
