Python SDK

Introduction

The Akeyless SDK for Python makes it easy for you to integrate your Python applications, libraries, or scripts with the Akeyless Vault secret management services. The below Python code examples show a typical sequence of how to integrate secrets into your application.

Install and Import the Package

$ pip install akeyless
import akeyless

API host configuration

Akeyless Python SDK can be used either with a public API endpoint, or with a private Akeyless Gateway (with or without customer fragments):

# using public API endpoint
configuration = akeyless.Configuration(
        host = "https://api.akeyless.io"
)

# using private Akeyless Gateway cluster
configuration = akeyless.Configuration(
        host = "https://akeyless.myorganization.com"
)

Setting up Akeyless client

api_client = akeyless.ApiClient(configuration)
api = akeyless.V2Api(api_client)

Authentication

API-Key
To access your Akeyless Vault, the API client must first authenticate. The following examples use API Key authentication:

body = akeyless.Auth(access_id='p-1234567890', access_key='aXQncyBvbmx5IGJhc2U2NC4uLgo=')
res = api.auth(body)

# if auth was successful, there should be a token
token = res.token

The received token should be provided for every request that requires authentication.

Akeyless Universal Identity
Another way to use the SDK is using Akeyless Universal Identity:

body = akeyless.GetSecretValue(names=['my-secret'], uid_token='<some-token>')
res = api.get_secret_value(body)
print(res['my-secret'])

Please note that for Akeyless Universal Identity authentication you should use
uid_token, while for any other authentication method you should use token.

Cloud Identity
​If your code runs in the cloud, you can use cloud identity to authenticate:

$ pip install akeyless_cloud_id
from akeyless_cloud_id import CloudId

cloud_id_generator = CloudId()
cloud_id = cloud_id_generator.generate()

body = akeyless.Auth(access_id='p-1234567890', access_type='aws_iam', cloud_id=cloud_id)
res = api.auth(body)
token = res.token
from akeyless_cloud_id import CloudId

cloud_id_generator = CloudId()
cloud_id = cloud_id_generator.generateAzure()

body = akeyless.Auth(access_id='p-1234567890', access_type='azure_ad', cloud_id=cloud_id)
res = api.auth(body)
token = res.token
from akeyless_cloud_id import CloudId

cloud_id_generator = CloudId()
cloud_id = cloud_id_generator.generateGcp()

body = akeyless.Auth(access_id='p-1234567890', access_type='gcp', cloud_id=cloud_id)
res = api.auth(body)
token = res.token

Make sure that you use the right access-id of your cloud identity authentication method that grants sufficient access to the resource you run the code from.

Examples

Get static secret value(s):

body = akeyless.GetSecretValue(names=['secret-1', 'secret-2'], token=token)
res = api.get_secret_value(body)
print(res['secret-1'])
print(res['secret-2'])

Create a new static secret

body = akeyless.CreateSecret(name='new-secret', value='my-password', token=token)
api.create_secret(body)

Create a new Role

body = akeyless.CreateRole(token=token, name='dev-ro')
api.create_role(body)

body = akeyless.SetRoleRule(capability=['list', 'read'], path='/dev/*',
        role_name='dev-ro', token=token)

for rule_type in ['role-rule', 'item-rule', 'auth-method-rule']:
    body.rule_type = rule_type
    api.set_role_rule(body)

Create a new Authentication Method

body = akeyless.CreateAuthMethod(name='dev-api-key', token=token)
res = api.create_auth_method(body)

print(res.access_id)
print(res.access_key)

Associate a Role with an Authentication Method

body = akeyless.AssocRoleAuthMethod(am_name='dev-api-key', role_name='dev-ro',
        token=token)
api.assoc_role_auth_method(body)

📘

Method reference

For more information, see the complete API documentation:
https://github.com/akeylesslabs/akeyless-python#documentation-for-api-endpoints