# Password Safe API integration
[![License](https://img.shields.io/badge/license-MIT%20-brightgreen.svg)](LICENSE)
Password Safe API integration written in Python, Abstract complexity of managing secrets with the API
## Python version compatibility
This library is compatible with Python >= v3.11.
## Install Package
```sh
# PyPI
pip install secrets-safe-library
```
## Arguments
### Retrieve Secrets
- api_url:
- description: BeyondTrust Password Safe API URL.
- type: string
- required: True
- client_id:
- description: API OAuth Client ID.
- type: string
- required: True
- client_secret:
- description: API OAuth Client Secret.
- type: string
- required: True
- secret_list:
- description: List of secrets ["path/title","path/title"] or managed accounts ["ms/ma","ms/ma"] to be retrieved, separated by a comma.
- type: list
- required: True
- certificate_path:
- description: Password Safe API pfx Certificate Path. For use when authenticating using a Client Certificate.
- type: string
- required: False
- certificate_password:
- description: Password Safe API pfx Certificate Password. For use when authenticating using a Client Certificate.
- type: string
- required: False
- verify_ca:
- description: Indicates whether to verify the certificate authority on the Secrets Safe instance.
- type: boolean
- default: True
- required: False
## Methods
- get_secrets(self, paths)
- Invoked for Managed Account or Secrets Safe secrets.
- Returns a list of secrets in the requested order.
- get_secret(self, path)
- Invoked for Managed Account or Secrets Safe secrets.
- Returns the requested secret.
## Example of usage
We strongly recommend you to use a virtual environment and install dependences from requirements.txt file.
Import `secrets_safe_library`
```sh
pip install -r ~/requirements.txt
```
script example using library:
```python
import os
import logging
from secrets_safe_library import secrets_safe, authentication, utils, managed_account
import requests
from retry_requests import retry
env = os.environ
LOGGER_NAME = "custom_logger"
logging.basicConfig(format = '%(asctime)-5s %(name)-15s %(levelname)-8s %(message)s',
level = logging.DEBUG)
# logger object is optional but is strongly recommended
logger = logging.getLogger(LOGGER_NAME)
TIMEOUT_CONNECTION_SECONDS = 30
TIMEOUT_REQUEST_SECONDS = 30
CERTIFICATE = env['CERTIFICATE']
CERTIFICATE_KEY = env['CERTIFICATE_KEY']
def main():
try:
with requests.Session() as session:
req = retry(session, retries=3, backoff_factor=0.2, status_to_retry=(400,408,500,502,503,504))
certificate, certificate_key = utils.prepare_certificate_info(CERTIFICATE, CERTIFICATE_KEY)
authentication_obj = authentication.Authentication(
req,
TIMEOUT_CONNECTION_SECONDS,
TIMEOUT_REQUEST_SECONDS,
"https://example.com:443/BeyondTrust/api/public/v3",
"<client_id>",
"<client_secret>",
certificate,
certificate_key,
True,
None)
# sign app in password safe API
get_api_access_response = authentication_obj.get_api_access()
if get_api_access_response.status_code == 200:
# instantiate secrets safe object
secrets_safe_obj = secrets_safe.SecretsSafe(authentication_obj, logger)
get_secrets_response = secrets_safe_obj.get_secrets(["oagrp/text,oagrp/credential"])
utils.print_log(logger, f"=> Retrive secrets: {get_secrets_response}", logging.DEBUG)
else:
print(f"Please check credentials, error {get_api_access_response.text}")
authentication_obj.sign_app_out()
except Exception as e:
utils.print_log(logger, f"Error: {e}", logging.ERROR)
# calling main method
main()
```
Raw data
{
"_id": null,
"home_page": null,
"name": "test-secrets-safe-library-bt",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.11",
"maintainer_email": null,
"keywords": "beyondtrust, devops, secrets, secretssafe, security",
"author": "BeyondTrust Corporation",
"author_email": "support@beyondtrust.com",
"download_url": "https://files.pythonhosted.org/packages/38/2b/fddf89427cd99294248bf8bcc33bbd37c0b63ba4dcc4232e37b42a9ebfdd/test_secrets_safe_library_bt-1.0.tar.gz",
"platform": null,
"description": "# Password Safe API integration\n[![License](https://img.shields.io/badge/license-MIT%20-brightgreen.svg)](LICENSE)\n\nPassword Safe API integration written in Python, Abstract complexity of managing secrets with the API\n\n## Python version compatibility\n \nThis library is compatible with Python >= v3.11.\n\n## Install Package\n\n```sh\n# PyPI\npip install secrets-safe-library\n```\n## Arguments\n\n### Retrieve Secrets\n- api_url:\n - description: BeyondTrust Password Safe API URL.\n - type: string\n - required: True\n- client_id:\n - description: API OAuth Client ID.\n - type: string\n - required: True\n- client_secret:\n - description: API OAuth Client Secret.\n - type: string\n - required: True\n- secret_list:\n - description: List of secrets [\"path/title\",\"path/title\"] or managed accounts [\"ms/ma\",\"ms/ma\"] to be retrieved, separated by a comma.\n - type: list\n - required: True\n- certificate_path:\n - description: Password Safe API pfx Certificate Path. For use when authenticating using a Client Certificate.\n - type: string\n - required: False\n- certificate_password:\n - description: Password Safe API pfx Certificate Password. For use when authenticating using a Client Certificate.\n - type: string\n - required: False\n- verify_ca:\n - description: Indicates whether to verify the certificate authority on the Secrets Safe instance.\n - type: boolean \n - default: True\n - required: False\n\n## Methods\n- get_secrets(self, paths)\n\t- Invoked for Managed Account or Secrets Safe secrets.\n\t- Returns a list of secrets in the requested order.\n- get_secret(self, path)\n\t- Invoked for Managed Account or Secrets Safe secrets.\n\t- Returns the requested secret.\n\n## Example of usage\n\nWe strongly recommend you to use a virtual environment and install dependences from requirements.txt file.\n\nImport `secrets_safe_library`\n\n```sh\npip install -r ~/requirements.txt\n```\n\nscript example using library:\n```python\nimport os\nimport logging\nfrom secrets_safe_library import secrets_safe, authentication, utils, managed_account\nimport requests\nfrom retry_requests import retry\n\nenv = os.environ\nLOGGER_NAME = \"custom_logger\"\n\nlogging.basicConfig(format = '%(asctime)-5s %(name)-15s %(levelname)-8s %(message)s',\n\nlevel = logging.DEBUG)\n\n# logger object is optional but is strongly recommended\nlogger = logging.getLogger(LOGGER_NAME)\n\nTIMEOUT_CONNECTION_SECONDS = 30\nTIMEOUT_REQUEST_SECONDS = 30\n\nCERTIFICATE = env['CERTIFICATE']\nCERTIFICATE_KEY = env['CERTIFICATE_KEY']\n\ndef main():\n try:\n with requests.Session() as session:\n req = retry(session, retries=3, backoff_factor=0.2, status_to_retry=(400,408,500,502,503,504))\n \n certificate, certificate_key = utils.prepare_certificate_info(CERTIFICATE, CERTIFICATE_KEY)\n \n authentication_obj = authentication.Authentication(\n req,\n TIMEOUT_CONNECTION_SECONDS,\n TIMEOUT_REQUEST_SECONDS,\n \"https://example.com:443/BeyondTrust/api/public/v3\",\n \"<client_id>\",\n \"<client_secret>\",\n certificate,\n certificate_key,\n True,\n None)\n\n # sign app in password safe API\n get_api_access_response = authentication_obj.get_api_access()\n\n if get_api_access_response.status_code == 200:\n # instantiate secrets safe object\n secrets_safe_obj = secrets_safe.SecretsSafe(authentication_obj, logger)\n\n get_secrets_response = secrets_safe_obj.get_secrets([\"oagrp/text,oagrp/credential\"])\n utils.print_log(logger, f\"=> Retrive secrets: {get_secrets_response}\", logging.DEBUG)\n else:\n print(f\"Please check credentials, error {get_api_access_response.text}\")\n \n authentication_obj.sign_app_out()\n\n except Exception as e:\n utils.print_log(logger, f\"Error: {e}\", logging.ERROR)\n\n# calling main method\nmain()\n```\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Password Safe API integration written in Python, Abstract complexity of managing secrets with the API.",
"version": "1.0",
"project_urls": {
"support": "https://www.beyondtrust.com/docs/index.htm#support"
},
"split_keywords": [
"beyondtrust",
" devops",
" secrets",
" secretssafe",
" security"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "51185941b212623e0cb5df73e348d1c01b8f61658ca78000e78e12f1ef52d907",
"md5": "aeda588703e0910ef1712fb63812361b",
"sha256": "83714ee77569d4284566e91b7e75d7a40bfbc0b03f3b888e20ba2e9c89ff30a0"
},
"downloads": -1,
"filename": "test_secrets_safe_library_bt-1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "aeda588703e0910ef1712fb63812361b",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.11",
"size": 13905,
"upload_time": "2024-09-06T20:36:50",
"upload_time_iso_8601": "2024-09-06T20:36:50.768967Z",
"url": "https://files.pythonhosted.org/packages/51/18/5941b212623e0cb5df73e348d1c01b8f61658ca78000e78e12f1ef52d907/test_secrets_safe_library_bt-1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "382bfddf89427cd99294248bf8bcc33bbd37c0b63ba4dcc4232e37b42a9ebfdd",
"md5": "59b533439ce3cd63aa9a1c17de33dbdf",
"sha256": "566da4e4d09f1a0f42ca34f1c484826989a5734988ba4981e5fba21acf50ad3a"
},
"downloads": -1,
"filename": "test_secrets_safe_library_bt-1.0.tar.gz",
"has_sig": false,
"md5_digest": "59b533439ce3cd63aa9a1c17de33dbdf",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.11",
"size": 10803,
"upload_time": "2024-09-06T20:36:52",
"upload_time_iso_8601": "2024-09-06T20:36:52.407822Z",
"url": "https://files.pythonhosted.org/packages/38/2b/fddf89427cd99294248bf8bcc33bbd37c0b63ba4dcc4232e37b42a9ebfdd/test_secrets_safe_library_bt-1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-09-06 20:36:52",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "test-secrets-safe-library-bt"
}