## Manage Database Credentials using GCP Secret Manager

Here is the process involved to get secret details as part of the applications.
* Create Secret Manager Client Object
* Get Secret Details
* Use Secret Details (to connect to Databases)

In [1]:
from google.cloud import secretmanager

In [2]:
client = secretmanager.SecretManagerServiceClient()

In [3]:
client.access_secret_version?

[1;31mSignature:[0m
[0mclient[0m[1;33m.[0m[0maccess_secret_version[0m[1;33m([0m[1;33m
[0m    [0mrequest[0m[1;33m:[0m [0mUnion[0m[1;33m[[0m[0mgoogle[0m[1;33m.[0m[0mcloud[0m[1;33m.[0m[0msecretmanager_v1[0m[1;33m.[0m[0mtypes[0m[1;33m.[0m[0mservice[0m[1;33m.[0m[0mAccessSecretVersionRequest[0m[1;33m,[0m [0mdict[0m[1;33m,[0m [0mNoneType[0m[1;33m][0m [1;33m=[0m [1;32mNone[0m[1;33m,[0m[1;33m
[0m    [1;33m*[0m[1;33m,[0m[1;33m
[0m    [0mname[0m[1;33m:[0m [0mOptional[0m[1;33m[[0m[0mstr[0m[1;33m][0m [1;33m=[0m [1;32mNone[0m[1;33m,[0m[1;33m
[0m    [0mretry[0m[1;33m:[0m [0mUnion[0m[1;33m[[0m[0mgoogle[0m[1;33m.[0m[0mapi_core[0m[1;33m.[0m[0mretry[0m[1;33m.[0m[0mretry_unary[0m[1;33m.[0m[0mRetry[0m[1;33m,[0m [0mgoogle[0m[1;33m.[0m[0mapi_core[0m[1;33m.[0m[0mgapic_v1[0m[1;33m.[0m[0mmethod[0m[1;33m.[0m[0m_MethodDefault[0m[1;33m,[0m [0mNoneType[0m[1;33m][0m [1;33m=[0m 

In [4]:
project_id = 'wired-method-417107'
secret_id = 'retailsecret'
version_id = 1

In [5]:
secret_name = f'projects/{project_id}/secrets/{secret_id}/versions/{version_id}'

In [6]:
secret_name

'projects/wired-method-417107/secrets/retailsecret/versions/1'

In [7]:
response = client.access_secret_version(name=secret_name)

In [8]:
type(response)

google.cloud.secretmanager_v1.types.service.AccessSecretVersionResponse

In [9]:
response.payload

data: "{\"host\": \"34.101.145.162\", \"database\": \"khaz_retail_db\", \"user\": \"khaz_retail_user\", \"password\": \"postgres\" }"
data_crc32c: 2046057330

In [10]:
response.payload.data

b'{"host": "34.101.145.162", "database": "khaz_retail_db", "user": "khaz_retail_user", "password": "postgres" }'

In [11]:
response.payload.data.decode('utf-8')

'{"host": "34.101.145.162", "database": "khaz_retail_db", "user": "khaz_retail_user", "password": "postgres" }'

In [12]:
import json

In [13]:
secret_details = json.loads(response.payload.data.decode('utf-8'))

In [14]:
secret_details.keys()

dict_keys(['host', 'database', 'user', 'password'])

In [15]:
secret_details['user']

'khaz_retail_user'

In [16]:
secret_details['password']

'postgres'

In [17]:
import json
from google.cloud import secretmanager

def get_secret_details(secret_name):
    client = secretmanager.SecretManagerServiceClient()
    response = client.access_secret_version(name=secret_name)
    return json.loads(response.payload.data.decode('utf-8'))

In [19]:
project_id = 'wired-method-417107'
secret_id = 'retailsecret'
version_id = 1

secret_name = f'projects/{project_id}/secrets/{secret_id}/versions/{version_id}'
secret_details = get_secret_details(secret_name)

In [20]:
secret_details

{'host': '34.101.145.162',
 'database': 'khaz_retail_db',
 'user': 'khaz_retail_user',
 'password': 'postgres'}

In [21]:
conn_uri = 'postgresql://{user}:{password}@{host}:{port}/{database}'

In [22]:
conn_uri.format(port=5432, **secret_details)

'postgresql://khaz_retail_user:postgres@34.101.145.162:5432/khaz_retail_db'

In [23]:
import pandas as pd

In [24]:
df = pd.read_sql(
    '''
        SELECT order_status, sum(order_count) AS order_count FROM daily_status_count
        GROUP BY 1
        ORDER BY 2 DESC
    ''',
    conn_uri.format(port=5432, **secret_details)
)

In [25]:
df

Unnamed: 0,order_status,order_count
0,COMPLETE,22899.0
1,PENDING_PAYMENT,15030.0
2,PROCESSING,8275.0
3,PENDING,7610.0
4,CLOSED,7556.0
5,ON_HOLD,3798.0
6,SUSPECTED_FRAUD,1558.0
7,CANCELED,1428.0
8,PAYMENT_REVIEW,729.0
