## Manage Database Credentials using GCP Secret Manager

Here is the process involved to get secret details as part of the applications.
* Create Secret Manager Client Object
* Get Secret Details
* Use Secret Details (to connect to Databases)

In [1]:
# from google.cloud import secretmanager
from google.cloud import secretmanager 



In [2]:
# client = secretmanager.SecretManagerServiceClient()
client = secretmanager.SecretManagerServiceClient()

In [3]:
# client.access_secret_version?
client.access_secret_version?

[0;31mSignature:[0m
[0mclient[0m[0;34m.[0m[0maccess_secret_version[0m[0;34m([0m[0;34m[0m
[0;34m[0m    [0mrequest[0m[0;34m:[0m [0mUnion[0m[0;34m[[0m[0mgoogle[0m[0;34m.[0m[0mcloud[0m[0;34m.[0m[0msecretmanager_v1[0m[0;34m.[0m[0mtypes[0m[0;34m.[0m[0mservice[0m[0;34m.[0m[0mAccessSecretVersionRequest[0m[0;34m,[0m [0mdict[0m[0;34m,[0m [0mNoneType[0m[0;34m][0m [0;34m=[0m [0;32mNone[0m[0;34m,[0m[0;34m[0m
[0;34m[0m    [0;34m*[0m[0;34m,[0m[0;34m[0m
[0;34m[0m    [0mname[0m[0;34m:[0m [0mOptional[0m[0;34m[[0m[0mstr[0m[0;34m][0m [0;34m=[0m [0;32mNone[0m[0;34m,[0m[0;34m[0m
[0;34m[0m    [0mretry[0m[0;34m:[0m [0mUnion[0m[0;34m[[0m[0mgoogle[0m[0;34m.[0m[0mapi_core[0m[0;34m.[0m[0mretry[0m[0;34m.[0m[0mretry_unary[0m[0;34m.[0m[0mRetry[0m[0;34m,[0m [0mgoogle[0m[0;34m.[0m[0mapi_core[0m[0;34m.[0m[0mgapic_v1[0m[0;34m.[0m[0mmethod[0m[0;34m.[0m[0m_MethodDefault[0m[0;34m,[0m

In [4]:
# project_id = 'tidy-fort-361710'
# secret_id = 'retailsecret'
# version_id = 1
project_id = 'data-engineering-gcp-483907'
secret_id = 'retailsecret'
version_id = 1 


In [5]:
# secret_name = f'projects/{project_id}/secrets/{secret_id}/versions/{version_id}'
secret_name = f'projects/{project_id}/secrets/{secret_id}/versions/{version_id}'

In [6]:
# secret_name
secret_name

'projects/data-engineering-gcp-483907/secrets/retailsecret/versions/1'

In [7]:
# response = client.access_secret_version(name=secret_name)
response = client.access_secret_version(name=secret_name)

In [9]:
response

name: "projects/277371599402/secrets/retailsecret/versions/1"
payload {
  data: "{\"host\": \"104.197.141.244\",\n\"database\": \"itversity_retail_db\", \n\"user\": \"itversity_retail_user\", \n\"password\": \"itversity\"}"
  data_crc32c: 3007144142
}

In [8]:
type(response)

google.cloud.secretmanager_v1.types.service.AccessSecretVersionResponse

In [10]:
# response.payload
response.payload

data: "{\"host\": \"104.197.141.244\",\n\"database\": \"itversity_retail_db\", \n\"user\": \"itversity_retail_user\", \n\"password\": \"itversity\"}"
data_crc32c: 3007144142

In [11]:
# response.payload.data
response.payload.data

b'{"host": "104.197.141.244",\n"database": "itversity_retail_db", \n"user": "itversity_retail_user", \n"password": "itversity"}'

In [12]:
# response.payload.data.decode('utf-8')
response.payload.data.decode('utf-8')

'{"host": "104.197.141.244",\n"database": "itversity_retail_db", \n"user": "itversity_retail_user", \n"password": "itversity"}'

In [13]:
# import json
import json

In [14]:
# secret_details = json.loads(response.payload.data.decode('utf-8'))
secret_details = json.loads(response.payload.data.decode('utf-8'))

In [15]:
# secret_details.keys()
secret_details.keys()

dict_keys(['host', 'database', 'user', 'password'])

In [16]:
# secret_details['user']
secret_details['user']

'itversity_retail_user'

In [18]:
# secret_details['password']
secret_details['password']

'itversity'

In [19]:
# import json
# from google.cloud import secretmanager

# def get_secret_details(secret_name):
#     client = secretmanager.SecretManagerServiceClient()
#     response = client.access_secret_version(name=secret_name)
#     return json.loads(response.payload.data.decode('utf-8'))

import json  
from google.cloud import secretmanager 

def get_secret_details(secret_name):
    client = secretmanager.SecretManagerServiceClient()
    response = client.access_secret_version(name=secret_name) 
    return json.loads(response.payload.data.decode('utf-8'))

In [20]:
# project_id = 'tidy-fort-361710'
# secret_id = 'retailsecret'
# version_id = 1

# secret_name = f'projects/{project_id}/secrets/{secret_id}/versions/{version_id}'
secret_details = get_secret_details(secret_name)

In [21]:
secret_details

{'host': '104.197.141.244',
 'database': 'itversity_retail_db',
 'user': 'itversity_retail_user',
 'password': 'itversity'}

In [None]:
conn_uri = 'postgresql://{user}:{password}@{host}:{port}/{database}'

In [None]:
conn_uri.format(port=5432, **secret_details)

In [None]:
import pandas as pd

In [None]:
df = pd.read_sql(
    '''
        SELECT order_status, sum(order_count) AS order_count FROM daily_status_count
        GROUP BY 1
        ORDER BY 2 DESC
    ''',
    conn_uri.format(port=5432, **secret_details)
)

In [None]:
df