Skip to content
Python library for decypting Berglas secrets
Python
Branch: master
Clone or download
Pull request Compare This branch is 2 commits behind guillaumeblaquiere:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
examples
.gitignore
LICENSE
README.md
__init__.py
berglas-python.iml
berglas_python.py
requirements.txt
setup.py

README.md

Overview

Python library help to use Berglas, to encrypt and to decrypt the secrets stored in a GCP storage.

See Berglas for details about bucket bootstrapping and secret creation

Library Usage

You have to get the library

pip install berglas-python

Then use it in the same way as Go library

The library berglas_python library is able to:

Here an example of usage

import os

import berglas_python as berglas

project_id = os.environ.get("MY-PROJECT")

# This higher-level API parses the secret reference at the specified
# environment variable, downloads and decrypts the secret, and replaces the
# contents of the given environment variable with the secret result.

berglas.Replace(project_id, "MY-SECRET")

# This lower-level API parses the secret reference, downloads and decrypts
# the secret, and returns the result. This is useful if you need to mutate
# the result.
my_secret = os.environ.get("MY-SECRET")
plaintext = berglas.Resolve(project_id, my_secret)
os.environ.unsetenv("MY-SECRET")
os.environ.setdefault("MY-SECRET", plaintext)

# This is lower-level API encrypts the plaintext string and uploads the blob
berglas.Encrypt(project_id, 'MY-BUCKET/MY-SECRET-FILE', 'STRING-TO-ENCRYPT')

License

This library is licensed under Apache 2.0. Full license text is available in LICENSE.

You can’t perform that action at this time.