From https://codelabs.developers.google.com/codelabs/secret-manager-python#5
Create a GCP secret and use secretmanager to manage secrets.

In [2]:
!pip3 install --user google-cloud-secret-manager

Collecting google-cloud-secret-manager
  Downloading google_cloud_secret_manager-2.21.1-py2.py3-none-any.whl.metadata (5.3 kB)
Downloading google_cloud_secret_manager-2.21.1-py2.py3-none-any.whl (193 kB)
Installing collected packages: google-cloud-secret-manager
Successfully installed google-cloud-secret-manager-2.21.1


In [2]:
PROJECT_ID = "deft-return-439619-h9"

In [None]:
from google.cloud import secretmanager

def create_secret(secret_id):
    # Create the Secret Manager client.
    client = secretmanager.SecretManagerServiceClient()

    # Build the resource name of the parent project.
    parent = f"projects/{PROJECT_ID}"

    # Build a dict of settings for the secret
    secret = {'replication': {'automatic': {}}}

    # Create the secret
    response = client.create_secret(secret_id=secret_id, parent=parent, secret=secret)

    # Print the new secret name.
    print(f'Created secret: {response.name}') 

def add_secret_version(secret_id, payload):
    # Create the Secret Manager client.
    client = secretmanager.SecretManagerServiceClient()

    # Build the resource name of the parent secret.
    parent = f"projects/{PROJECT_ID}/secrets/{secret_id}"

    # Convert the string payload into a bytes. This step can be omitted if you
    # pass in bytes instead of a str for the payload argument.
    payload = payload.encode('UTF-8')

    # Add the secret version.
    response = client.add_secret_version(parent=parent, payload={'data': payload})

    # Print the new secret version name.
    print(f'Added secret version: {response.name}')   

In [3]:

create_secret("neo4j_password")

Created secret: projects/371748443295/secrets/neo4j_password


In [5]:

add_secret_version("neo4j_password", "PLACEHOLDER") # Nandini

Added secret version: projects/371748443295/secrets/neo4j_password/versions/1


In [11]:
add_secret_version("neo4j_password", "PLACEHOLDER") #Sally

Added secret version: projects/371748443295/secrets/neo4j_password/versions/6


In [7]:
add_secret_version("neo4j_password", "PLACEHOLDER") #Sally local

Added secret version: projects/371748443295/secrets/neo4j_password/versions/3


In [8]:
create_secret("llama_api_key")
add_secret_version("llama_api_key","PLACEHOLDER") #Mouni

Created secret: projects/371748443295/secrets/llama_api_key
Added secret version: projects/371748443295/secrets/llama_api_key/versions/1


In [4]:
def access_secret_version(secret_id, version_id="latest"):
    # Create the Secret Manager client.
    client = secretmanager.SecretManagerServiceClient()

    # Build the resource name of the secret version.
    name = f"projects/{PROJECT_ID}/secrets/{secret_id}/versions/{version_id}"

    # Access the secret version.
    response = client.access_secret_version(name=name)

    # Return the decoded payload.
    return response.payload.data.decode('UTF-8')
    
import hashlib

def secret_hash(secret_value): 
  # return the sha224 hash of the secret value
  return hashlib.sha224(bytes(secret_value, "utf-8")).hexdigest()

# Call the function to retrieve the secret as a hash of it's value:
secret_hash(access_secret_version("my_secret_value"))

'9a3fc8b809ddc611c82aee950c636c7557e220893560ec2c1eeeb177'