alibabacloud-credentials


Namealibabacloud-credentials JSON
Version 0.3.6 PyPI version JSON
download
home_pagehttps://github.com/aliyun/credentials-python
SummaryThe alibabacloud credentials module of alibabaCloud Python SDK.
upload_time2024-10-28 03:40:03
maintainerNone
docs_urlNone
authorAlibaba Cloud
requires_python>=3.6
licenseApache License 2.0
keywords alibabacloud sdk tea
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            English | [简体中文](README-CN.md)

![Alibaba Cloud Logo](https://aliyunsdk-pages.alicdn.com/icons/AlibabaCloud.svg)

# Alibaba Cloud Credentials for Python

[![PyPI version](https://badge.fury.io/py/alibabacloud_credentials.svg)](https://badge.fury.io/py/alibabacloud_credentials)
[![Python Test](https://github.com/aliyun/credentials-python/actions/workflows/testPython.yml/badge.svg)](https://github.com/aliyun/credentials-python/actions/workflows/testPython.yml)
[![codecov](https://codecov.io/gh/aliyun/credentials-python/graph/badge.svg?token=Y0J1E7T35I)](https://codecov.io/gh/aliyun/credentials-python)

## Installation

- **Install with pip**

Python SDK uses a common package management tool named `pip`. If pip is not installed, see the [pip user guide](https://pip.pypa.io/en/stable/installing/ "pip User Guide") to install pip.

```bash
# Install the alibabacloud_credentials
pip install alibabacloud_credentials
```

## Usage

Before you begin, you need to sign up for an Alibaba Cloud account and retrieve your [Credentials](https://usercenter.console.aliyun.com/#/manage/ak).

### Credential Type

#### Access Key

Setup access_key credential through [User Information Management][ak], it have full authority over the account, please keep it safe. Sometimes for security reasons, you cannot hand over a primary account AccessKey with full access to the developer of a project. You may create a sub-account [RAM Sub-account][ram] , grant its [authorization][permissions],and use the AccessKey of RAM Sub-account.

```python
from alibabacloud_credentials.client import Client
from alibabacloud_credentials.models import Config

config = Config(
    type='access_key',                    # credential type
    access_key_id='accessKeyId',          # AccessKeyId
    access_key_secret='accessKeySecret',  # AccessKeySecret
)
cred = Client(config)

access_key_id = cred.get_access_key_id()
access_key_secret = cred.get_access_key_secret()
cred_type = cred.get_type()
```

#### STS

Create a temporary security credential by applying Temporary Security Credentials (TSC) through the Security Token Service (STS).

```python
from alibabacloud_credentials.client import Client
from alibabacloud_credentials.models import Config

config = Config(
    type='sts',                           # credential type
    access_key_id='accessKeyId',          # AccessKeyId
    access_key_secret='accessKeySecret',  # AccessKeySecret
    security_token='securityToken'        # STS Token
)
cred = Client(config)

access_key_id = cred.get_access_key_id()
access_key_secret = cred.get_access_key_secret()
security_token = cred.get_security_token()
cred_type = cred.get_type()
```

#### RAM Role ARN

By specifying [RAM Role][RAM Role], the credential will be able to automatically request maintenance of STS Token. If you want to limit the permissions([How to make a policy][policy]) of STS Token, you can assign value for `Policy`.

```python
from alibabacloud_credentials.client import Client
from alibabacloud_credentials.models import Config

config = Config(
    type='ram_role_arn',                  # credential type
    access_key_id='accessKeyId',          # AccessKeyId
    access_key_secret='accessKeySecret',  # AccessKeySecret
    security_token='securityToken',       # STS Token
    role_arn='roleArn',                   # Format: acs:ram::USER_ID:role/ROLE_NAME
    role_session_name='roleSessionName',  # Role Session Name
    policy='policy',                      # Not required, limit the permissions of STS Token
    role_session_expiration=3600          # Not required, limit the Valid time of STS Token
)
cred = Client(config)

access_key_id = cred.get_access_key_id()
access_key_secret = cred.get_access_key_secret()
security_token = cred.get_security_token()
cred_type = cred.get_type()
```

#### OIDC Role ARN

By specifying [OIDC Role][OIDC Role], the credential will be able to automatically request maintenance of STS Token. If you want to limit the permissions([How to make a policy][policy]) of STS Token, you can assign value for `Policy`.

```python
from alibabacloud_credentials.client import Client
from alibabacloud_credentials.models import Config

config = Config(
    type='oidc_role_arn',                  # credential type
    access_key_id='accessKeyId',          # AccessKeyId
    access_key_secret='accessKeySecret',  # AccessKeySecret
    security_token='securityToken',       # STS Token
    role_arn='roleArn',                   # Format: acs:ram::USER_ID:role/ROLE_NAME
    oidc_provider_arn='oidcProviderArn',  # Format: acs:ram::USER_Id:oidc-provider/OIDC Providers
    oidc_token_file_path='/Users/xxx/xxx',# oidc_token_file_path can be replaced by setting environment variable: ALIBABA_CLOUD_OIDC_TOKEN_FILE
    role_session_name='roleSessionName',  # Role Session Name
    policy='policy',                      # Not required, limit the permissions of STS Token
    role_session_expiration=3600          # Not required, limit the Valid time of STS Token
)
cred = Client(config)

access_key_id = cred.get_access_key_id()
access_key_secret = cred.get_access_key_secret()
security_token = cred.get_security_token()
cred_type = cred.get_type()
```

#### ECS RAM Role

Both ECS and ECI instances support binding instance RAM roles. When the Credentials tool is used in an instance, the RAM role bound to the instance will be automatically obtained, and the STS Token of the RAM role will be obtained by accessing the metadata service to complete the initialization of the credential client.

The instance metadata server supports two access modes: hardened mode and normal mode. The Credentials tool uses hardened mode (IMDSv2) by default to obtain access credentials. If an exception occurs when using hardened mode, you can set disable_imds_v1 to perform different exception handling logic:

- When the value is false (default value), the normal mode will continue to be used to obtain access credentials.

- When the value is true, it means that only hardened mode can be used to obtain access credentials, and an exception will be thrown.

Whether the server supports IMDSv2 depends on your configuration on the server.

```python
from alibabacloud_credentials.client import Client
from alibabacloud_credentials.models import Config

config = Config(
    type='ecs_ram_role',      # credential type
    role_name='roleName',     # `role_name` is optional. It will be retrieved automatically if not set. It is highly recommended to set it up to reduce requests.
    disable_imds_v1=True      # Optional, whether to forcibly disable IMDSv1, that is, to use IMDSv2 hardening mode, which can be set by the environment variable ALIBABA_CLOUD_IMDSV1_DISABLED
)
cred = Client(config)

access_key_id = cred.get_access_key_id()
access_key_secret = cred.get_access_key_secret()
security_token = cred.get_security_token()
cred_type = cred.get_type()
```

#### Credentials URI

By specifying a credentials uri, get credential from the local or remote uri, the credential will be able to automatically request maintenance to keep it update.

```python
from alibabacloud_credentials.client import Client
from alibabacloud_credentials.models import Config

config = Config(
    type='credentials_uri',                        # credential type
    credentials_uri='http://local_or_remote_uri/', # Credentials URI
)
cred = Client(config)

access_key_id = cred.get_access_key_id()
access_key_secret = cred.get_access_key_secret()
security_token = cred.get_security_token()
cred_type = cred.get_type()
```

#### Bearer

If credential is required by the Cloud Call Centre (CCC), please apply for Bearer Token maintenance by yourself.

```python
from alibabacloud_credentials.client import Client
from alibabacloud_credentials.models import Config

config = Config(
    type='bearer',                        # credential type
    bearer_token='bearerToken',           # BearerToken
)
cred = Client(config)

access_key_id = cred.get_access_key_id()
access_key_secret = cred.get_access_key_secret()
security_token = cred.get_security_token()
cred_type = cred.get_type()
```

### Use the default credential provider chain

```python
from alibabacloud_credentials.client import Client as CredClient
from alibabacloud_ocr20191230.client import Client as OcrClient
from alibabacloud_ocr20191230.models import GetAsyncJobResultRequest
from alibabacloud_tea_rpc.models import Config
from alibabacloud_tea_util.models import RuntimeOptions

cred = CredClient()
config = Config(credential=cred)

client = OcrClient(config)

request = GetAsyncJobResultRequest(
    job_id='<job_id>'
)

runtime_options = RuntimeOptions()
response = client.get_async_job_result(request, runtime_options)
```

The default credential provider chain looks for available credentials, with following order:

1. Environment Credentials

    Look for environment credentials in environment variable. If the `ALIBABA_CLOUD_ACCESS_KEY_ID` and `ALIBABA_CLOUD_ACCESS_KEY_SECRET` environment variables are defined and are not empty, the program will use them to create default credentials. If the `ALIBABA_CLOUD_ACCESS_KEY_ID`, `ALIBABA_CLOUD_ACCESS_KEY_SECRET` and `ALIBABA_CLOUD_SECURITY_TOKEN` environment variables are defined and are not empty, the program will use them to create temporary security credentials(STS). Note: This token has an expiration time, it is recommended to use it in a temporary environment.

2. Credentials File

    If there is `~/.alibabacloud/credentials.ini default file (Windows shows C:\Users\USER_NAME\.alibabacloud\credentials.ini)`, the program automatically creates credentials with the specified type and name. The default file is not necessarily exist, but a parse error will throw an exception. The name of configuration item is lowercase.This configuration file can be shared between different projects and between different tools. Because it is outside of the project and will not be accidentally committed to the version control. The path to the default file can be modified by defining the `ALIBABA_CLOUD_CREDENTIALS_FILE` environment variable. If not configured, use the default configuration `default`. You can also set the environment variables `ALIBABA_CLOUD_PROFILE` to use the configuration.

    ```ini
    [default]                          # default setting
    enable = true                      # Enable,Enabled by default if this option is not present
    type = access_key                  # Certification type: access_key
    access_key_id = foo                # Key
    access_key_secret = bar            # Secret

    [client1]                          # configuration that is named as `client1`
    type = ecs_ram_role                # Certification type: ecs_ram_role
    role_name = EcsRamRoleTest         # Role Name

    [client2]                          # configuration that is named as `client2`
    enable = false                     # Disable
    type = ram_role_arn                # Certification type: ram_role_arn
    region_id = cn-test
    policy = test                      # optional Specify permissions
    access_key_id = foo
    access_key_secret = bar
    role_arn = role_arn
    role_session_name = session_name   # optional

    [client3]                          # configuration that is named as `client3`
    enable = false                     # Disable
    type = oidc_role_arn               # Certification type: oidc_role_arn
    region_id = cn-test                 
    policy = test                      # optional Specify permissions
    access_key_id = foo                # optional
    access_key_secret = bar            # optional
    role_arn = role_arn
    oidc_provider_arn = oidc_provider_arn
    oidc_token_file_path = /xxx/xxx    # can be replaced by setting environment variable: ALIBABA_CLOUD_OIDC_TOKEN_FILE              
    role_session_name = session_name   # optional
    ```

3. Instance RAM Role

   If there is no credential information with a higher priority, the Credentials tool will obtain the value of ALIBABA_CLOUD_ECS_METADATA (ECS instance RAM role name) through the environment variable. If the value of this variable exists, the program will use the hardened mode (IMDSv2) to access the metadata service (Meta Data Server) of ECS to obtain the STS Token of the ECS instance RAM role as the default credential information. If an exception occurs when using the hardened mode, the normal mode will be used as a fallback to obtain access credentials. You can also set the environment variable ALIBABA_CLOUD_IMDSV1_DISABLED to perform different exception handling logic:

   - When the value is false, the normal mode will continue to obtain access credentials.

   - When the value is true, it means that only the hardened mode can be used to obtain access credentials, and an exception will be thrown.

   Whether the server supports IMDSv2 depends on your configuration on the server.

4. Credentials URI

    If the environment variable `ALIBABA_CLOUD_CREDENTIALS_URI` is defined and not empty, the program will take the value of the environment variable as credentials uri to get the temporary Security credentials.

## Issues

[Opening an Issue](https://github.com/aliyun/credentials-python/issues/new), Issues not conforming to the guidelines may be closed immediately.

## Changelog

Detailed changes for each release are documented in the [release notes](./ChangeLog.md).

## References

- [Latest Release](https://github.com/aliyun/credentials-python)

## License

[Apache-2.0](http://www.apache.org/licenses/LICENSE-2.0)

Copyright (c) 2009-present, Alibaba Cloud All rights reserved.

[ak]: https://usercenter.console.aliyun.com/#/manage/ak
[ram]: https://ram.console.aliyun.com/users
[permissions]: https://ram.console.aliyun.com/permissions
[RAM Role]: https://ram.console.aliyun.com/#/role/list
[OIDC Role]: https://help.aliyun.com/zh/ram/user-guide/role-based-sso-by-using-oidc
[policy]: https://help.aliyun.com/zh/ram/user-guide/policy-management/

            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/aliyun/credentials-python",
    "name": "alibabacloud-credentials",
    "maintainer": null,
    "docs_url": null,
    "requires_python": ">=3.6",
    "maintainer_email": null,
    "keywords": "alibabacloud, sdk, tea",
    "author": "Alibaba Cloud",
    "author_email": "alibaba-cloud-sdk-dev-team@list.alibaba-inc.com",
    "download_url": "https://files.pythonhosted.org/packages/fc/92/7cb0807d6d380fa09cbad6d4fe983781e657dcc16d60fc559d6575bf98be/alibabacloud_credentials-0.3.6.tar.gz",
    "platform": "any",
    "description": "English | [\u7b80\u4f53\u4e2d\u6587](README-CN.md)\n\n![Alibaba Cloud Logo](https://aliyunsdk-pages.alicdn.com/icons/AlibabaCloud.svg)\n\n# Alibaba Cloud Credentials for Python\n\n[![PyPI version](https://badge.fury.io/py/alibabacloud_credentials.svg)](https://badge.fury.io/py/alibabacloud_credentials)\n[![Python Test](https://github.com/aliyun/credentials-python/actions/workflows/testPython.yml/badge.svg)](https://github.com/aliyun/credentials-python/actions/workflows/testPython.yml)\n[![codecov](https://codecov.io/gh/aliyun/credentials-python/graph/badge.svg?token=Y0J1E7T35I)](https://codecov.io/gh/aliyun/credentials-python)\n\n## Installation\n\n- **Install with pip**\n\nPython SDK uses a common package management tool named `pip`. If pip is not installed, see the [pip user guide](https://pip.pypa.io/en/stable/installing/ \"pip User Guide\") to install pip.\n\n```bash\n# Install the alibabacloud_credentials\npip install alibabacloud_credentials\n```\n\n## Usage\n\nBefore you begin, you need to sign up for an Alibaba Cloud account and retrieve your [Credentials](https://usercenter.console.aliyun.com/#/manage/ak).\n\n### Credential Type\n\n#### Access Key\n\nSetup access_key credential through [User Information Management][ak], it have full authority over the account, please keep it safe. Sometimes for security reasons, you cannot hand over a primary account AccessKey with full access to the developer of a project. You may create a sub-account [RAM Sub-account][ram] , grant its [authorization][permissions]\uff0cand use the AccessKey of RAM Sub-account.\n\n```python\nfrom alibabacloud_credentials.client import Client\nfrom alibabacloud_credentials.models import Config\n\nconfig = Config(\n    type='access_key',                    # credential type\n    access_key_id='accessKeyId',          # AccessKeyId\n    access_key_secret='accessKeySecret',  # AccessKeySecret\n)\ncred = Client(config)\n\naccess_key_id = cred.get_access_key_id()\naccess_key_secret = cred.get_access_key_secret()\ncred_type = cred.get_type()\n```\n\n#### STS\n\nCreate a temporary security credential by applying Temporary Security Credentials (TSC) through the Security Token Service (STS).\n\n```python\nfrom alibabacloud_credentials.client import Client\nfrom alibabacloud_credentials.models import Config\n\nconfig = Config(\n    type='sts',                           # credential type\n    access_key_id='accessKeyId',          # AccessKeyId\n    access_key_secret='accessKeySecret',  # AccessKeySecret\n    security_token='securityToken'        # STS Token\n)\ncred = Client(config)\n\naccess_key_id = cred.get_access_key_id()\naccess_key_secret = cred.get_access_key_secret()\nsecurity_token = cred.get_security_token()\ncred_type = cred.get_type()\n```\n\n#### RAM Role ARN\n\nBy specifying [RAM Role][RAM Role], the credential will be able to automatically request maintenance of STS Token. If you want to limit the permissions([How to make a policy][policy]) of STS Token, you can assign value for `Policy`.\n\n```python\nfrom alibabacloud_credentials.client import Client\nfrom alibabacloud_credentials.models import Config\n\nconfig = Config(\n    type='ram_role_arn',                  # credential type\n    access_key_id='accessKeyId',          # AccessKeyId\n    access_key_secret='accessKeySecret',  # AccessKeySecret\n    security_token='securityToken',       # STS Token\n    role_arn='roleArn',                   # Format: acs:ram::USER_ID:role/ROLE_NAME\n    role_session_name='roleSessionName',  # Role Session Name\n    policy='policy',                      # Not required, limit the permissions of STS Token\n    role_session_expiration=3600          # Not required, limit the Valid time of STS Token\n)\ncred = Client(config)\n\naccess_key_id = cred.get_access_key_id()\naccess_key_secret = cred.get_access_key_secret()\nsecurity_token = cred.get_security_token()\ncred_type = cred.get_type()\n```\n\n#### OIDC Role ARN\n\nBy specifying [OIDC Role][OIDC Role], the credential will be able to automatically request maintenance of STS Token. If you want to limit the permissions([How to make a policy][policy]) of STS Token, you can assign value for `Policy`.\n\n```python\nfrom alibabacloud_credentials.client import Client\nfrom alibabacloud_credentials.models import Config\n\nconfig = Config(\n    type='oidc_role_arn',                  # credential type\n    access_key_id='accessKeyId',          # AccessKeyId\n    access_key_secret='accessKeySecret',  # AccessKeySecret\n    security_token='securityToken',       # STS Token\n    role_arn='roleArn',                   # Format: acs:ram::USER_ID:role/ROLE_NAME\n    oidc_provider_arn='oidcProviderArn',  # Format: acs:ram::USER_Id:oidc-provider/OIDC Providers\n    oidc_token_file_path='/Users/xxx/xxx',# oidc_token_file_path can be replaced by setting environment variable: ALIBABA_CLOUD_OIDC_TOKEN_FILE\n    role_session_name='roleSessionName',  # Role Session Name\n    policy='policy',                      # Not required, limit the permissions of STS Token\n    role_session_expiration=3600          # Not required, limit the Valid time of STS Token\n)\ncred = Client(config)\n\naccess_key_id = cred.get_access_key_id()\naccess_key_secret = cred.get_access_key_secret()\nsecurity_token = cred.get_security_token()\ncred_type = cred.get_type()\n```\n\n#### ECS RAM Role\n\nBoth ECS and ECI instances support binding instance RAM roles. When the Credentials tool is used in an instance, the RAM role bound to the instance will be automatically obtained, and the STS Token of the RAM role will be obtained by accessing the metadata service to complete the initialization of the credential client.\n\nThe instance metadata server supports two access modes: hardened mode and normal mode. The Credentials tool uses hardened mode (IMDSv2) by default to obtain access credentials. If an exception occurs when using hardened mode, you can set disable_imds_v1 to perform different exception handling logic:\n\n- When the value is false (default value), the normal mode will continue to be used to obtain access credentials.\n\n- When the value is true, it means that only hardened mode can be used to obtain access credentials, and an exception will be thrown.\n\nWhether the server supports IMDSv2 depends on your configuration on the server.\n\n```python\nfrom alibabacloud_credentials.client import Client\nfrom alibabacloud_credentials.models import Config\n\nconfig = Config(\n    type='ecs_ram_role',      # credential type\n    role_name='roleName',     # `role_name` is optional. It will be retrieved automatically if not set. It is highly recommended to set it up to reduce requests.\n    disable_imds_v1=True      # Optional, whether to forcibly disable IMDSv1, that is, to use IMDSv2 hardening mode, which can be set by the environment variable ALIBABA_CLOUD_IMDSV1_DISABLED\n)\ncred = Client(config)\n\naccess_key_id = cred.get_access_key_id()\naccess_key_secret = cred.get_access_key_secret()\nsecurity_token = cred.get_security_token()\ncred_type = cred.get_type()\n```\n\n#### Credentials URI\n\nBy specifying a credentials uri, get credential from the local or remote uri, the credential will be able to automatically request maintenance to keep it update.\n\n```python\nfrom alibabacloud_credentials.client import Client\nfrom alibabacloud_credentials.models import Config\n\nconfig = Config(\n    type='credentials_uri',                        # credential type\n    credentials_uri='http://local_or_remote_uri/', # Credentials URI\n)\ncred = Client(config)\n\naccess_key_id = cred.get_access_key_id()\naccess_key_secret = cred.get_access_key_secret()\nsecurity_token = cred.get_security_token()\ncred_type = cred.get_type()\n```\n\n#### Bearer\n\nIf credential is required by the Cloud Call Centre (CCC), please apply for Bearer Token maintenance by yourself.\n\n```python\nfrom alibabacloud_credentials.client import Client\nfrom alibabacloud_credentials.models import Config\n\nconfig = Config(\n    type='bearer',                        # credential type\n    bearer_token='bearerToken',           # BearerToken\n)\ncred = Client(config)\n\naccess_key_id = cred.get_access_key_id()\naccess_key_secret = cred.get_access_key_secret()\nsecurity_token = cred.get_security_token()\ncred_type = cred.get_type()\n```\n\n### Use the default credential provider chain\n\n```python\nfrom alibabacloud_credentials.client import Client as CredClient\nfrom alibabacloud_ocr20191230.client import Client as OcrClient\nfrom alibabacloud_ocr20191230.models import GetAsyncJobResultRequest\nfrom alibabacloud_tea_rpc.models import Config\nfrom alibabacloud_tea_util.models import RuntimeOptions\n\ncred = CredClient()\nconfig = Config(credential=cred)\n\nclient = OcrClient(config)\n\nrequest = GetAsyncJobResultRequest(\n    job_id='<job_id>'\n)\n\nruntime_options = RuntimeOptions()\nresponse = client.get_async_job_result(request, runtime_options)\n```\n\nThe default credential provider chain looks for available credentials, with following order:\n\n1. Environment Credentials\n\n    Look for environment credentials in environment variable. If the `ALIBABA_CLOUD_ACCESS_KEY_ID` and `ALIBABA_CLOUD_ACCESS_KEY_SECRET` environment variables are defined and are not empty, the program will use them to create default credentials. If the `ALIBABA_CLOUD_ACCESS_KEY_ID`, `ALIBABA_CLOUD_ACCESS_KEY_SECRET` and `ALIBABA_CLOUD_SECURITY_TOKEN` environment variables are defined and are not empty, the program will use them to create temporary security credentials(STS). Note: This token has an expiration time, it is recommended to use it in a temporary environment.\n\n2. Credentials File\n\n    If there is `~/.alibabacloud/credentials.ini default file (Windows shows C:\\Users\\USER_NAME\\.alibabacloud\\credentials.ini)`, the program automatically creates credentials with the specified type and name. The default file is not necessarily exist, but a parse error will throw an exception. The name of configuration item is lowercase.This configuration file can be shared between different projects and between different tools. Because it is outside of the project and will not be accidentally committed to the version control. The path to the default file can be modified by defining the `ALIBABA_CLOUD_CREDENTIALS_FILE` environment variable. If not configured, use the default configuration `default`. You can also set the environment variables `ALIBABA_CLOUD_PROFILE` to use the configuration.\n\n    ```ini\n    [default]                          # default setting\n    enable = true                      # Enable\uff0cEnabled by default if this option is not present\n    type = access_key                  # Certification type: access_key\n    access_key_id = foo                # Key\n    access_key_secret = bar            # Secret\n\n    [client1]                          # configuration that is named as `client1`\n    type = ecs_ram_role                # Certification type: ecs_ram_role\n    role_name = EcsRamRoleTest         # Role Name\n\n    [client2]                          # configuration that is named as `client2`\n    enable = false                     # Disable\n    type = ram_role_arn                # Certification type: ram_role_arn\n    region_id = cn-test\n    policy = test                      # optional Specify permissions\n    access_key_id = foo\n    access_key_secret = bar\n    role_arn = role_arn\n    role_session_name = session_name   # optional\n\n    [client3]                          # configuration that is named as `client3`\n    enable = false                     # Disable\n    type = oidc_role_arn               # Certification type: oidc_role_arn\n    region_id = cn-test                 \n    policy = test                      # optional Specify permissions\n    access_key_id = foo                # optional\n    access_key_secret = bar            # optional\n    role_arn = role_arn\n    oidc_provider_arn = oidc_provider_arn\n    oidc_token_file_path = /xxx/xxx    # can be replaced by setting environment variable: ALIBABA_CLOUD_OIDC_TOKEN_FILE              \n    role_session_name = session_name   # optional\n    ```\n\n3. Instance RAM Role\n\n   If there is no credential information with a higher priority, the Credentials tool will obtain the value of ALIBABA_CLOUD_ECS_METADATA (ECS instance RAM role name) through the environment variable. If the value of this variable exists, the program will use the hardened mode (IMDSv2) to access the metadata service (Meta Data Server) of ECS to obtain the STS Token of the ECS instance RAM role as the default credential information. If an exception occurs when using the hardened mode, the normal mode will be used as a fallback to obtain access credentials. You can also set the environment variable ALIBABA_CLOUD_IMDSV1_DISABLED to perform different exception handling logic:\n\n   - When the value is false, the normal mode will continue to obtain access credentials.\n\n   - When the value is true, it means that only the hardened mode can be used to obtain access credentials, and an exception will be thrown.\n\n   Whether the server supports IMDSv2 depends on your configuration on the server.\n\n4. Credentials URI\n\n    If the environment variable `ALIBABA_CLOUD_CREDENTIALS_URI` is defined and not empty, the program will take the value of the environment variable as credentials uri to get the temporary Security credentials.\n\n## Issues\n\n[Opening an Issue](https://github.com/aliyun/credentials-python/issues/new), Issues not conforming to the guidelines may be closed immediately.\n\n## Changelog\n\nDetailed changes for each release are documented in the [release notes](./ChangeLog.md).\n\n## References\n\n- [Latest Release](https://github.com/aliyun/credentials-python)\n\n## License\n\n[Apache-2.0](http://www.apache.org/licenses/LICENSE-2.0)\n\nCopyright (c) 2009-present, Alibaba Cloud All rights reserved.\n\n[ak]: https://usercenter.console.aliyun.com/#/manage/ak\n[ram]: https://ram.console.aliyun.com/users\n[permissions]: https://ram.console.aliyun.com/permissions\n[RAM Role]: https://ram.console.aliyun.com/#/role/list\n[OIDC Role]: https://help.aliyun.com/zh/ram/user-guide/role-based-sso-by-using-oidc\n[policy]: https://help.aliyun.com/zh/ram/user-guide/policy-management/\n",
    "bugtrack_url": null,
    "license": "Apache License 2.0",
    "summary": "The alibabacloud credentials module of alibabaCloud Python SDK.",
    "version": "0.3.6",
    "project_urls": {
        "Homepage": "https://github.com/aliyun/credentials-python"
    },
    "split_keywords": [
        "alibabacloud",
        " sdk",
        " tea"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "fc927cb0807d6d380fa09cbad6d4fe983781e657dcc16d60fc559d6575bf98be",
                "md5": "0470dd07cf42573f51afdefc66cf0459",
                "sha256": "caa82cf258648dcbe1ca14aeba50ba21845567d6ac3cd48d318e0a445fff7f96"
            },
            "downloads": -1,
            "filename": "alibabacloud_credentials-0.3.6.tar.gz",
            "has_sig": false,
            "md5_digest": "0470dd07cf42573f51afdefc66cf0459",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.6",
            "size": 18771,
            "upload_time": "2024-10-28T03:40:03",
            "upload_time_iso_8601": "2024-10-28T03:40:03.806697Z",
            "url": "https://files.pythonhosted.org/packages/fc/92/7cb0807d6d380fa09cbad6d4fe983781e657dcc16d60fc559d6575bf98be/alibabacloud_credentials-0.3.6.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-10-28 03:40:03",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "aliyun",
    "github_project": "credentials-python",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "lcname": "alibabacloud-credentials"
}
        
Elapsed time: 0.72216s