airflow.providers.google.cloud.hooks.secret_manager¶
This module contains a Secret Manager hook.
Module Contents¶
Classes¶
Hook for the Google Secret Manager API. |
|
Hook for the Google Cloud Secret Manager API. |
- class airflow.providers.google.cloud.hooks.secret_manager.SecretsManagerHook(gcp_conn_id='google_cloud_default', impersonation_chain=None, **kwargs)[source]¶
Bases:
airflow.providers.google.common.hooks.base_google.GoogleBaseHookHook for the Google Secret Manager API.
See https://cloud.google.com/secret-manager
All the methods in the hook where project_id is used must be called with keyword arguments rather than positional.
- Parameters
gcp_conn_id (str) – The connection ID to use when fetching connection info.
impersonation_chain (str | Sequence[str] | None) – Optional service account to impersonate using short-term credentials, or chained list of accounts required to get the access_token of the last account in the list, which will be impersonated in the request. If set as a string, the account must grant the originating account the Service Account Token Creator IAM role. If set as a sequence, the identities from the list must grant Service Account Token Creator IAM role to the directly preceding identity, with first account from the list granting this role to the originating account.
- get_conn()[source]¶
Retrieve the connection to Secret Manager.
- Returns
Secret Manager client.
- Return type
airflow.providers.google.cloud._internal_client.secret_manager_client._SecretManagerClient
- class airflow.providers.google.cloud.hooks.secret_manager.GoogleCloudSecretManagerHook(gcp_conn_id='google_cloud_default', delegate_to=None, impersonation_chain=None)[source]¶
Bases:
airflow.providers.google.common.hooks.base_google.GoogleBaseHookHook for the Google Cloud Secret Manager API.
See https://cloud.google.com/secret-manager
- get_conn()[source]¶
Retrieve the connection to Secret Manager.
- Returns
Secret Manager client.
- Return type
google.cloud.secretmanager_v1.SecretManagerServiceClient
- create_secret(project_id, secret_id, secret=None, retry=DEFAULT, timeout=None, metadata=())[source]¶
Create a secret.
See also
For more details see API documentation: https://cloud.google.com/python/docs/reference/secretmanager/latest/google.cloud.secretmanager_v1.services.secret_manager_service.SecretManagerServiceClient#google_cloud_secretmanager_v1_services_secret_manager_service_SecretManagerServiceClient_create_secret
- Parameters
project_id (str) – Required. ID of the GCP project that owns the job. If set to
Noneor missing, the default project_id from the GCP connection is used.secret_id (str) – Required. ID of the secret to create.
secret (dict | google.cloud.secretmanager_v1.Secret | None) – Optional. Secret to create.
retry (google.api_core.retry.Retry | google.api_core.gapic_v1.method._MethodDefault) – Optional. Designation of what errors, if any, should be retried.
timeout (float | None) – Optional. The timeout for this request.
metadata (Sequence[tuple[str, str]]) – Optional. Strings which should be sent along with the request as metadata.
- Returns
Secret object.
- Return type
google.cloud.secretmanager_v1.Secret
- add_secret_version(project_id, secret_id, secret_payload=None, retry=DEFAULT, timeout=None, metadata=())[source]¶
Add a version to the secret.
See also
For more details see API documentation: https://cloud.google.com/python/docs/reference/secretmanager/latest/google.cloud.secretmanager_v1.services.secret_manager_service.SecretManagerServiceClient#google_cloud_secretmanager_v1_services_secret_manager_service_SecretManagerServiceClient_add_secret_version
- Parameters
project_id (str) – Required. ID of the GCP project that owns the job. If set to
Noneor missing, the default project_id from the GCP connection is used.secret_id (str) – Required. ID of the secret to create.
secret_payload (dict | google.cloud.secretmanager_v1.SecretPayload | None) – Optional. A secret payload.
retry (google.api_core.retry.Retry | google.api_core.gapic_v1.method._MethodDefault) – Optional. Designation of what errors, if any, should be retried.
timeout (float | None) – Optional. The timeout for this request.
metadata (Sequence[tuple[str, str]]) – Optional. Strings which should be sent along with the request as metadata.
- Returns
Secret version object.
- Return type
google.cloud.secretmanager_v1.SecretVersion
- list_secrets(project_id, page_size=0, page_token=None, secret_filter=None, retry=DEFAULT, timeout=None, metadata=())[source]¶
List secrets.
See also
For more details see API documentation: https://cloud.google.com/python/docs/reference/secretmanager/latest/google.cloud.secretmanager_v1.services.secret_manager_service.SecretManagerServiceClient#google_cloud_secretmanager_v1_services_secret_manager_service_SecretManagerServiceClient_list_secrets
- Parameters
project_id (str) – Required. ID of the GCP project that owns the job. If set to
Noneor missing, the default project_id from the GCP connection is used.page_size (int) – Optional, number of results to return in the list.
page_token (str | None) – Optional, token to provide to skip to a particular spot in the list.
secret_filter (str | None) – Optional. Filter string.
retry (google.api_core.retry.Retry | google.api_core.gapic_v1.method._MethodDefault) – Optional. Designation of what errors, if any, should be retried.
timeout (float | None) – Optional. The timeout for this request.
metadata (Sequence[tuple[str, str]]) – Optional. Strings which should be sent along with the request as metadata.
- Returns
Secret List object.
- Return type
google.cloud.secretmanager_v1.services.secret_manager_service.pagers.ListSecretsPager
- access_secret(project_id, secret_id, secret_version='latest', retry=DEFAULT, timeout=None, metadata=())[source]¶
Access a secret version.
See also
For more details see API documentation: https://cloud.google.com/python/docs/reference/secretmanager/latest/google.cloud.secretmanager_v1.services.secret_manager_service.SecretManagerServiceClient#google_cloud_secretmanager_v1_services_secret_manager_service_SecretManagerServiceClient_access_secret_version
- Parameters
project_id (str) – Required. ID of the GCP project that owns the job. If set to
Noneor missing, the default project_id from the GCP connection is used.secret_id (str) – Required. ID of the secret to access.
secret_version (str) – Optional. Version of the secret to access. Default: latest.
retry (google.api_core.retry.Retry | google.api_core.gapic_v1.method._MethodDefault) – Optional. Designation of what errors, if any, should be retried.
timeout (float | None) – Optional. The timeout for this request.
metadata (Sequence[tuple[str, str]]) – Optional. Strings which should be sent along with the request as metadata.
- Returns
Access secret version response object.
- Return type
google.cloud.secretmanager_v1.AccessSecretVersionResponse
- delete_secret(project_id, secret_id, retry=DEFAULT, timeout=None, metadata=())[source]¶
Delete a secret.
See also
For more details see API documentation: https://cloud.google.com/python/docs/reference/secretmanager/latest/google.cloud.secretmanager_v1.services.secret_manager_service.SecretManagerServiceClient#google_cloud_secretmanager_v1_services_secret_manager_service_SecretManagerServiceClient_delete_secret
- Parameters
project_id (str) – Required. ID of the GCP project that owns the job. If set to
Noneor missing, the default project_id from the GCP connection is used.secret_id (str) – Required. ID of the secret to delete.
retry (google.api_core.retry.Retry | google.api_core.gapic_v1.method._MethodDefault) – Optional. Designation of what errors, if any, should be retried.
timeout (float | None) – Optional. The timeout for this request.
metadata (Sequence[tuple[str, str]]) – Optional. Strings which should be sent along with the request as metadata.
- Returns
Access secret version response object.
- Return type
None