`airflow.providers.google.cloud.hooks.secret_manager`¶

This module contains a Secret Manager hook.

Module Contents¶

Classes¶

GoogleCloudSecretManagerHook

Hook for the Google Cloud Secret Manager API.

class airflow.providers.google.cloud.hooks.secret_manager.GoogleCloudSecretManagerHook(gcp_conn_id='google_cloud_default', impersonation_chain=None, **kwargs)[source]¶

Bases: airflow.providers.google.common.hooks.base_google.GoogleBaseHook

Hook for the Google Cloud Secret Manager API.

See https://cloud.google.com/secret-manager

client()[source]¶

Create a Secret Manager Client.

Returns: Secret Manager client.

get_conn()[source]¶

Retrieve the connection to Secret Manager.

Returns: Secret Manager client.
Return type: google.cloud.secretmanager_v1.SecretManagerServiceClient

create_secret(project_id, secret_id, secret=None, retry=DEFAULT, timeout=None, metadata=())[source]¶

Create a secret.

Parameters

project_id (str) – Required. ID of the GCP project that owns the job. If set to None or missing, the default project_id from the GCP connection is used.
secret_id (str) – Required. ID of the secret to create.
secret (dict | google.cloud.secretmanager_v1.Secret | None) – Optional. Secret to create.
retry (google.api_core.retry.Retry | google.api_core.gapic_v1.method._MethodDefault) – Optional. Designation of what errors, if any, should be retried.
timeout (float | None) – Optional. The timeout for this request.
metadata (collections.abc.Sequence[tuple[str, str]]) – Optional. Strings which should be sent along with the request as metadata.

Returns

Secret object.

Return type

google.cloud.secretmanager_v1.Secret

add_secret_version(project_id, secret_id, secret_payload=None, retry=DEFAULT, timeout=None, metadata=())[source]¶

Add a version to the secret.

Parameters

project_id (str) – Required. ID of the GCP project that owns the job. If set to None or missing, the default project_id from the GCP connection is used.
secret_id (str) – Required. ID of the secret to create.
secret_payload (dict | google.cloud.secretmanager_v1.SecretPayload | None) – Optional. A secret payload.
retry (google.api_core.retry.Retry | google.api_core.gapic_v1.method._MethodDefault) – Optional. Designation of what errors, if any, should be retried.
timeout (float | None) – Optional. The timeout for this request.
metadata (collections.abc.Sequence[tuple[str, str]]) – Optional. Strings which should be sent along with the request as metadata.

Returns

Secret version object.

Return type

google.cloud.secretmanager_v1.SecretVersion

list_secrets(project_id, page_size=0, page_token=None, secret_filter=None, retry=DEFAULT, timeout=None, metadata=())[source]¶

List secrets.

Parameters

project_id (str) – Required. ID of the GCP project that owns the job. If set to None or missing, the default project_id from the GCP connection is used.
page_size (int) – Optional, number of results to return in the list.
page_token (str | None) – Optional, token to provide to skip to a particular spot in the list.
secret_filter (str | None) – Optional. Filter string.
retry (google.api_core.retry.Retry | google.api_core.gapic_v1.method._MethodDefault) – Optional. Designation of what errors, if any, should be retried.
timeout (float | None) – Optional. The timeout for this request.
metadata (collections.abc.Sequence[tuple[str, str]]) – Optional. Strings which should be sent along with the request as metadata.

Returns

Secret List object.

Return type

google.cloud.secretmanager_v1.services.secret_manager_service.pagers.ListSecretsPager

secret_exists(project_id, secret_id)[source]¶

Check whether secret exists.

Parameters

project_id (str) – Required. ID of the GCP project that owns the job. If set to None or missing, the default project_id from the GCP connection is used.
secret_id (str) – Required. ID of the secret to find.

Returns

True if the secret exists, False otherwise.

Return type

bool

access_secret(project_id, secret_id, secret_version='latest', retry=DEFAULT, timeout=None, metadata=())[source]¶

Access a secret version.

Parameters

project_id (str) – Required. ID of the GCP project that owns the job. If set to None or missing, the default project_id from the GCP connection is used.
secret_id (str) – Required. ID of the secret to access.
secret_version (str) – Optional. Version of the secret to access. Default: latest.
retry (google.api_core.retry.Retry | google.api_core.gapic_v1.method._MethodDefault) – Optional. Designation of what errors, if any, should be retried.
timeout (float | None) – Optional. The timeout for this request.
metadata (collections.abc.Sequence[tuple[str, str]]) – Optional. Strings which should be sent along with the request as metadata.

Returns

Access secret version response object.

Return type

google.cloud.secretmanager_v1.AccessSecretVersionResponse

delete_secret(project_id, secret_id, retry=DEFAULT, timeout=None, metadata=())[source]¶

Delete a secret.

Parameters

project_id (str) – Required. ID of the GCP project that owns the job. If set to None or missing, the default project_id from the GCP connection is used.
secret_id (str) – Required. ID of the secret to delete.
retry (google.api_core.retry.Retry | google.api_core.gapic_v1.method._MethodDefault) – Optional. Designation of what errors, if any, should be retried.
timeout (float | None) – Optional. The timeout for this request.
metadata (collections.abc.Sequence[tuple[str, str]]) – Optional. Strings which should be sent along with the request as metadata.

Returns

Access secret version response object.

Return type

None

airflow.providers.google.cloud.hooks.secret_manager¶

Module Contents¶

Classes¶

`airflow.providers.google.cloud.hooks.secret_manager`¶