docs-archive/1.10.13/_sources/_api/airflow/contrib/secrets/gcp_secrets_manager/index.rst.txt - airflow-site - Git at Google

 :mod:`airflow.contrib.secrets.gcp_secrets_manager`
 ==================================================

 .. py:module:: airflow.contrib.secrets.gcp_secrets_manager

 .. autoapi-nested-parse::

    Objects relating to sourcing connections from GCP Secrets Manager


 Module Contents
 ---------------

 .. data:: SECRET_ID_PATTERN
    :annotation: = ^[a-zA-Z0-9-_]*$


 .. py:class:: CloudSecretsManagerBackend(connections_prefix='airflow-connections', variables_prefix='airflow-variables', gcp_key_path=None, gcp_scopes=None, sep='-', **kwargs)

    Bases: :class:`airflow.secrets.BaseSecretsBackend`, :class:`airflow.utils.log.logging_mixin.LoggingMixin`

    Retrieves Connection object from GCP Secrets Manager

    Configurable via ``airflow.cfg`` as follows:

    .. code-block:: ini

        [secrets]
        backend = airflow.contrib.secrets.gcp_secrets_manager.CloudSecretsManagerBackend
        backend_kwargs = {"connections_prefix": "airflow-connections", "sep": "-"}

    For example, if the Secrets Manager secret id is ``airflow-connections-smtp_default``, this would be
    accessiblen if you provide ``{"connections_prefix": "airflow-connections", "sep": "-"}`` and request
    conn_id ``smtp_default``.

    If the Secrets Manager secret id is ``airflow-variables-hello``, this would be
    accessible if you provide ``{"variables_prefix": "airflow-variables", "sep": "-"}`` and request
    Variable Key ``hello``.

    The full secret id should follow the pattern "[a-zA-Z0-9-_]".

    :param connections_prefix: Specifies the prefix of the secret to read to get Connections.
    :type connections_prefix: str
    :param variables_prefix: Specifies the prefix of the secret to read to get Variables.
    :type variables_prefix: str
    :param gcp_key_path: Path to GCP Credential JSON file;
        use default credentials in the current environment if not provided.
    :type gcp_key_path: str
    :param gcp_scopes: Comma-separated string containing GCP scopes
    :type gcp_scopes: str
    :param sep: separator used to concatenate connections_prefix and conn_id. Default: "-"
    :type sep: str


    .. method:: _is_valid_prefix_and_sep(self)


    .. method:: client(self)

       Create an authenticated KMS client


    .. method:: get_conn_uri(self, conn_id)

       Get secret value from Secrets Manager.

       :param conn_id: connection id
       :type conn_id: str


    .. method:: get_variable(self, key)

       Get Airflow Variable from Environment Variable

       :param key: Variable Key
       :return: Variable Value


    .. method:: _get_secret(self, path_prefix, secret_id)

       Get secret value from Parameter Store.

       :param path_prefix: Prefix for the Path to get Secret
       :type path_prefix: str
       :param secret_id: Secret Key
       :type secret_id: str
	:mod:`airflow.contrib.secrets.gcp_secrets_manager`
	==================================================

	.. py:module:: airflow.contrib.secrets.gcp_secrets_manager

	.. autoapi-nested-parse::

	Objects relating to sourcing connections from GCP Secrets Manager



	Module Contents
	---------------

	.. data:: SECRET_ID_PATTERN
	:annotation: = ^[a-zA-Z0-9-_]*$



	.. py:class:: CloudSecretsManagerBackend(connections_prefix='airflow-connections', variables_prefix='airflow-variables', gcp_key_path=None, gcp_scopes=None, sep='-', **kwargs)

	Bases: :class:`airflow.secrets.BaseSecretsBackend`, :class:`airflow.utils.log.logging_mixin.LoggingMixin`

	Retrieves Connection object from GCP Secrets Manager

	Configurable via ``airflow.cfg`` as follows:

	.. code-block:: ini

	[secrets]
	backend = airflow.contrib.secrets.gcp_secrets_manager.CloudSecretsManagerBackend
	backend_kwargs = {"connections_prefix": "airflow-connections", "sep": "-"}

	For example, if the Secrets Manager secret id is ``airflow-connections-smtp_default``, this would be
	accessiblen if you provide ``{"connections_prefix": "airflow-connections", "sep": "-"}`` and request
	conn_id ``smtp_default``.

	If the Secrets Manager secret id is ``airflow-variables-hello``, this would be
	accessible if you provide ``{"variables_prefix": "airflow-variables", "sep": "-"}`` and request
	Variable Key ``hello``.

	The full secret id should follow the pattern "[a-zA-Z0-9-_]".

	:param connections_prefix: Specifies the prefix of the secret to read to get Connections.
	:type connections_prefix: str
	:param variables_prefix: Specifies the prefix of the secret to read to get Variables.
	:type variables_prefix: str
	:param gcp_key_path: Path to GCP Credential JSON file;
	use default credentials in the current environment if not provided.
	:type gcp_key_path: str
	:param gcp_scopes: Comma-separated string containing GCP scopes
	:type gcp_scopes: str
	:param sep: separator used to concatenate connections_prefix and conn_id. Default: "-"
	:type sep: str


	.. method:: _is_valid_prefix_and_sep(self)




	.. method:: client(self)

	Create an authenticated KMS client




	.. method:: get_conn_uri(self, conn_id)

	Get secret value from Secrets Manager.

	:param conn_id: connection id
	:type conn_id: str




	.. method:: get_variable(self, key)

	Get Airflow Variable from Environment Variable

	:param key: Variable Key
	:return: Variable Value




	.. method:: _get_secret(self, path_prefix, secret_id)

	Get secret value from Parameter Store.

	:param path_prefix: Prefix for the Path to get Secret
	:type path_prefix: str
	:param secret_id: Secret Key
	:type secret_id: str