docs-archive/apache-airflow-providers-google/1.0.0/_sources/_api/airflow/providers/google/cloud/secrets/secret_manager/index.rst.txt - airflow-site - Git at Google

 :mod:`airflow.providers.google.cloud.secrets.secret_manager`
 ============================================================

 .. py:module:: airflow.providers.google.cloud.secrets.secret_manager

 .. autoapi-nested-parse::

    Objects relating to sourcing connections from Google Cloud Secrets Manager


 Module Contents
 ---------------

 .. data:: SECRET_ID_PATTERN
    :annotation: = ^[a-zA-Z0-9-_]*$


 .. py:class:: CloudSecretManagerBackend(connections_prefix: str = 'airflow-connections', variables_prefix: str = 'airflow-variables', config_prefix: str = 'airflow-config', gcp_keyfile_dict: Optional[dict] = None, gcp_key_path: Optional[str] = None, gcp_scopes: Optional[str] = None, project_id: Optional[str] = None, sep: str = '-', **kwargs)

    Bases: :class:`airflow.secrets.BaseSecretsBackend`, :class:`airflow.utils.log.logging_mixin.LoggingMixin`

    Retrieves Connection object from Google Cloud Secrets Manager

    Configurable via ``airflow.cfg`` as follows:

    .. code-block:: ini

        [secrets]
        backend = airflow.providers.google.cloud.secrets.secret_manager.CloudSecretManagerBackend
        backend_kwargs = {"connections_prefix": "airflow-connections", "sep": "-"}

    For example, if the Secrets Manager secret id is ``airflow-connections-smtp_default``, this would be
    accessible if you provide ``{"connections_prefix": "airflow-connections", "sep": "-"}`` and request
    conn_id ``smtp_default``.

    If the Secrets Manager secret id is ``airflow-variables-hello``, this would be
    accessible if you provide ``{"variables_prefix": "airflow-variables", "sep": "-"}`` and request
    Variable Key ``hello``.

    The full secret id should follow the pattern "[a-zA-Z0-9-_]".

    :param connections_prefix: Specifies the prefix of the secret to read to get Connections.
        If set to None (null), requests for connections will not be sent to GCP Secrets Manager
    :type connections_prefix: str
    :param variables_prefix: Specifies the prefix of the secret to read to get Variables.
        If set to None (null), requests for variables will not be sent to GCP Secrets Manager
    :type variables_prefix: str
    :param config_prefix: Specifies the prefix of the secret to read to get Airflow Configurations
        containing secrets.
        If set to None (null), requests for configurations will not be sent to GCP Secrets Manager
    :type config_prefix: str
    :param gcp_key_path: Path to Google Cloud Service Account key file (JSON). Mutually exclusive with
        gcp_keyfile_dict. use default credentials in the current environment if not provided.
    :type gcp_key_path: str
    :param gcp_keyfile_dict: Dictionary of keyfile parameters. Mutually exclusive with gcp_key_path.
    :type gcp_keyfile_dict: dict
    :param gcp_scopes: Comma-separated string containing OAuth2 scopes
    :type gcp_scopes: str
    :param project_id: Project ID to read the secrets from. If not passed, the project ID from credentials
        will be used.
    :type project_id: str
    :param sep: Separator used to concatenate connections_prefix and conn_id. Default: "-"
    :type sep: str


    .. method:: client(self)

       Cached property returning secret client.

       :return: Secrets client


    .. method:: _is_valid_prefix_and_sep(self)


    .. method:: get_conn_uri(self, conn_id: str)

       Get secret value from the SecretManager.

       :param conn_id: connection id
       :type conn_id: str


    .. method:: get_variable(self, key: str)

       Get Airflow Variable from Environment Variable

       :param key: Variable Key
       :return: Variable Value


    .. method:: get_config(self, key: str)

       Get Airflow Configuration

       :param key: Configuration Option Key
       :return: Configuration Option Value


    .. method:: _get_secret(self, path_prefix: str, secret_id: str)

       Get secret value from the SecretManager based on prefix.

       :param path_prefix: Prefix for the Path to get Secret
       :type path_prefix: str
       :param secret_id: Secret Key
       :type secret_id: str
	:mod:`airflow.providers.google.cloud.secrets.secret_manager`
	============================================================

	.. py:module:: airflow.providers.google.cloud.secrets.secret_manager

	.. autoapi-nested-parse::

	Objects relating to sourcing connections from Google Cloud Secrets Manager



	Module Contents
	---------------

	.. data:: SECRET_ID_PATTERN
	:annotation: = ^[a-zA-Z0-9-_]*$



	.. py:class:: CloudSecretManagerBackend(connections_prefix: str = 'airflow-connections', variables_prefix: str = 'airflow-variables', config_prefix: str = 'airflow-config', gcp_keyfile_dict: Optional[dict] = None, gcp_key_path: Optional[str] = None, gcp_scopes: Optional[str] = None, project_id: Optional[str] = None, sep: str = '-', **kwargs)

	Bases: :class:`airflow.secrets.BaseSecretsBackend`, :class:`airflow.utils.log.logging_mixin.LoggingMixin`

	Retrieves Connection object from Google Cloud Secrets Manager

	Configurable via ``airflow.cfg`` as follows:

	.. code-block:: ini

	[secrets]
	backend = airflow.providers.google.cloud.secrets.secret_manager.CloudSecretManagerBackend
	backend_kwargs = {"connections_prefix": "airflow-connections", "sep": "-"}

	For example, if the Secrets Manager secret id is ``airflow-connections-smtp_default``, this would be
	accessible if you provide ``{"connections_prefix": "airflow-connections", "sep": "-"}`` and request
	conn_id ``smtp_default``.

	If the Secrets Manager secret id is ``airflow-variables-hello``, this would be
	accessible if you provide ``{"variables_prefix": "airflow-variables", "sep": "-"}`` and request
	Variable Key ``hello``.

	The full secret id should follow the pattern "[a-zA-Z0-9-_]".

	:param connections_prefix: Specifies the prefix of the secret to read to get Connections.
	If set to None (null), requests for connections will not be sent to GCP Secrets Manager
	:type connections_prefix: str
	:param variables_prefix: Specifies the prefix of the secret to read to get Variables.
	If set to None (null), requests for variables will not be sent to GCP Secrets Manager
	:type variables_prefix: str
	:param config_prefix: Specifies the prefix of the secret to read to get Airflow Configurations
	containing secrets.
	If set to None (null), requests for configurations will not be sent to GCP Secrets Manager
	:type config_prefix: str
	:param gcp_key_path: Path to Google Cloud Service Account key file (JSON). Mutually exclusive with
	gcp_keyfile_dict. use default credentials in the current environment if not provided.
	:type gcp_key_path: str
	:param gcp_keyfile_dict: Dictionary of keyfile parameters. Mutually exclusive with gcp_key_path.
	:type gcp_keyfile_dict: dict
	:param gcp_scopes: Comma-separated string containing OAuth2 scopes
	:type gcp_scopes: str
	:param project_id: Project ID to read the secrets from. If not passed, the project ID from credentials
	will be used.
	:type project_id: str
	:param sep: Separator used to concatenate connections_prefix and conn_id. Default: "-"
	:type sep: str


	.. method:: client(self)

	Cached property returning secret client.

	:return: Secrets client




	.. method:: _is_valid_prefix_and_sep(self)




	.. method:: get_conn_uri(self, conn_id: str)

	Get secret value from the SecretManager.

	:param conn_id: connection id
	:type conn_id: str




	.. method:: get_variable(self, key: str)

	Get Airflow Variable from Environment Variable

	:param key: Variable Key
	:return: Variable Value




	.. method:: get_config(self, key: str)

	Get Airflow Configuration

	:param key: Configuration Option Key
	:return: Configuration Option Value




	.. method:: _get_secret(self, path_prefix: str, secret_id: str)

	Get secret value from the SecretManager based on prefix.

	:param path_prefix: Prefix for the Path to get Secret
	:type path_prefix: str
	:param secret_id: Secret Key
	:type secret_id: str