Skip to content
Python library for decypting Berglas secrets
Branch: master
Clone or download
Pull request Compare This branch is 2 commits behind guillaumeblaquiere:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Python library help to use Berglas, to encrypt and to decrypt the secrets stored in a GCP storage.

See Berglas for details about bucket bootstrapping and secret creation

Library Usage

You have to get the library

pip install berglas-python

Then use it in the same way as Go library

The library berglas_python library is able to:

Here an example of usage

import os

import berglas_python as berglas

project_id = os.environ.get("MY-PROJECT")

# This higher-level API parses the secret reference at the specified
# environment variable, downloads and decrypts the secret, and replaces the
# contents of the given environment variable with the secret result.

berglas.Replace(project_id, "MY-SECRET")

# This lower-level API parses the secret reference, downloads and decrypts
# the secret, and returns the result. This is useful if you need to mutate
# the result.
my_secret = os.environ.get("MY-SECRET")
plaintext = berglas.Resolve(project_id, my_secret)
os.environ.setdefault("MY-SECRET", plaintext)

# This is lower-level API encrypts the plaintext string and uploads the blob
berglas.Encrypt(project_id, 'MY-BUCKET/MY-SECRET-FILE', 'STRING-TO-ENCRYPT')


This library is licensed under Apache 2.0. Full license text is available in LICENSE.

You can’t perform that action at this time.