Google Secrets Manager¶
Secret Manager stores API keys, passwords, certificates, and other sensitive data.
Secrets are relatively easy to upload or store manually via the gcloud console, and this is often a one-time operation. However, secrets may need to be accessed frequently and there’s a bit of boilerplate to getting and decoding the secrets. There is a function here to handle that for you.
from cloudy.google import secrets_manager
See Google's Secrets Manager Documentation.
get_secret(secret_id, google_config, secret_version='latest')
¶
Get secret from Google Cloud Secret Manager.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
secret_id |
str |
the secret ID, which is likely its human-readable name |
required |
google_config |
GoogleCloudConfig |
a |
required |
secret_version |
str |
the version of the secret to retrive. should be "latest" in most cases |
'latest' |
Returns:
| Type | Description |
|---|---|
str |
The value of the secret key pair value stored. |
Source code in cloudy/google/secrets_manager.py
def get_secret(secret_id: str, google_config: configs.GoogleCloudConfig, secret_version: str = "latest") -> str:
"""Get secret from Google Cloud Secret Manager.
Args:
secret_id: the secret ID, which is likely its human-readable name
google_config: a `configs.GoogleCloudConfig` object with project, region, and account information.
secret_version: the version of the secret to retrive. should be "latest" in most cases
Returns:
The value of the secret key pair value stored.
"""
_logger.debug("Getting secret {}".format(secret_id))
_initialize_client()
secret_name = SECRETS_CLIENT.secret_version_path(google_config.project_id, secret_id, secret_version)
response = SECRETS_CLIENT.access_secret_version(secret_name)
return response.payload.data.decode("UTF-8")