ads.vault package#

Submodules#

ads.vault.vault module#

class ads.vault.vault.Vault(vault_id: str | None = None, key_id: str | None = None, compartment_id=None, secret_client_auth=None, vault_client_auth=None, auth=None)[source]#

Bases: object

Parameters:
  • vault_id ((str, optional). Default None) – ocid of the vault

  • key_id ((str, optional). Default None) – ocid of the key that is used for encrypting the content

  • compartment_id ((str, optional). Default None) – ocid of the compartment_id where the vault resides. When available in environment variable - NB_SESSION_COMPARTMENT_OCID, will defult to that.

  • secret_client_auth ((dict, optional, deprecated since 2.5.1). Default None.) – deprecated since 2.5.1. Use auth instead

  • vault_client_auth ((dict, optional, deprecated since 2.5.1). Default None.) – deprecated since 2.5.1. Use auth instead

  • auth ((dict, optional)) – Dictionay returned from ads.common.auth.api_keys() or ads.common.auth.resource_principal(). By default, will follow what is set in ads.set_auth. Use this attribute to override the default.

create_secret(value: dict, secret_name: str | None = None, description: str | None = None, encode=True, freeform_tags: dict | None = None, defined_tags: dict | None = None) str[source]#

Saves value into vault as a secret.

Parameters:
  • value (dict) – The value to store as a secret.

  • secret_name (str, optional) – The name of the secret.

  • description (str, optional) – The description of the secret.

  • encode ((bool, optional). Default True) – Whether to encode using the default encoding.

  • freeform_tags ((dict, optional). Default None) – freeform_tags as defined by the oci sdk

  • defined_tags ((dict, optional). Default None) – defined_tags as defined by the oci sdk

Return type:

The secret ocid that correspond to the value saved as a secret into vault.

get_secret(secret_id: str, decoded=True) dict[source]#

Retrieve secret content based on the secret ocid provided

Parameters:
  • secret_id (str) – The secret ocid.

  • decoded ((bool, optional). Default True) – Whether to decode the content that is retrieved from vault service using the default decoder.

Return type:

The secret content as a dictionary.

update_secret(secret_id: str, secret_content: dict, encode: bool = True) str[source]#

Updates content of a secret.

Parameters:
  • secret_id (str) – The secret id where the stored secret will be updated.

  • secret_content (dict,) – The updated content.

  • encode ((bool, optional). Default True) – Whether to encode the secret_content using default encoding

Return type:

The secret ocid with updated content.

Module contents#