Python SDK
Introduction
The Akeyless SDK for Python makes it easy for you to integrate your Python applications, libraries, or scripts with the Akeyless Vault secret management services. The below Python code examples show a typical sequence of how to integrate secrets into your application.
Install and Import the Package
$ pip install akeyless
import akeyless
API host configuration
Akeyless Python SDK can be used either with a public API endpoint, or with a private Akeyless Gateway (with or without customer fragments):
# using public API endpoint
configuration = akeyless.Configuration(
host = "https://api.akeyless.io"
)
# using private Akeyless Gateway cluster
configuration = akeyless.Configuration(
host = "https://akeyless.myorganization.com"
)
Setting up Akeyless client
api_client = akeyless.ApiClient(configuration)
api = akeyless.V2Api(api_client)
Authentication
API-Key
To access your Akeyless Vault, the API client must first authenticate. The following examples use API Key authentication:
body = akeyless.Auth(access_id='p-1234567890', access_key='aXQncyBvbmx5IGJhc2U2NC4uLgo=')
res = api.auth(body)
# if auth was successful, there should be a token
token = res.token
The received token should be provided for every request that requires authentication.
Akeyless Universal Identity
Another way to use the SDK is using Akeyless Universal Identity:
body = akeyless.GetSecretValue(names=['my-secret'], uid_token='<some-token>')
res = api.get_secret_value(body)
print(res['my-secret'])
Please note that for Akeyless Universal Identity authentication you should use
uid_token
, while for any other authentication method you should use token
.
Cloud Identity
If your code runs in the cloud, you can use cloud identity to authenticate:
$ pip install akeyless_cloud_id
from akeyless_cloud_id import CloudId
cloud_id_generator = CloudId()
cloud_id = cloud_id_generator.generate()
body = akeyless.Auth(access_id='p-1234567890', access_type='aws_iam', cloud_id=cloud_id)
res = api.auth(body)
token = res.token
from akeyless_cloud_id import CloudId
cloud_id_generator = CloudId()
cloud_id = cloud_id_generator.generateAzure()
body = akeyless.Auth(access_id='p-1234567890', access_type='azure_ad', cloud_id=cloud_id)
res = api.auth(body)
token = res.token
from akeyless_cloud_id import CloudId
cloud_id_generator = CloudId()
cloud_id = cloud_id_generator.generateGcp()
body = akeyless.Auth(access_id='p-1234567890', access_type='gcp', cloud_id=cloud_id)
res = api.auth(body)
token = res.token
Make sure that you use the right access-id of your cloud identity authentication method that grants sufficient access to the resource you run the code from.
Examples
Get static secret value(s):
body = akeyless.GetSecretValue(names=['secret-1', 'secret-2'], token=token)
res = api.get_secret_value(body)
print(res['secret-1'])
print(res['secret-2'])
Create a new static secret
body = akeyless.CreateSecret(name='new-secret', value='my-password', token=token)
api.create_secret(body)
Create a new Role
body = akeyless.CreateRole(token=token, name='dev-ro')
api.create_role(body)
body = akeyless.SetRoleRule(capability=['list', 'read'], path='/dev/*',
role_name='dev-ro', token=token)
for rule_type in ['role-rule', 'item-rule', 'auth-method-rule']:
body.rule_type = rule_type
api.set_role_rule(body)
Create a new Authentication Method
body = akeyless.CreateAuthMethod(name='dev-api-key', token=token)
res = api.create_auth_method(body)
print(res.access_id)
print(res.access_key)
Associate a Role with an Authentication Method
body = akeyless.AssocRoleAuthMethod(am_name='dev-api-key', role_name='dev-ro',
token=token)
api.assoc_role_auth_method(body)
Method reference
For more information, see the complete API documentation:
https://github.com/akeylesslabs/akeyless-python#documentation-for-api-endpoints
Updated 4 months ago