Using OpenStack Key Manager¶
Before working with the Key Manager service, you’ll need to create a
connection to your OpenStack cloud by following the Connect user
guide. This will provide you with the conn
variable used in the examples
below.
Note
Some interactions with the Key Manager service differ from that
of other services in that resources do not have a proper id
parameter,
which is necessary to make some calls. Instead, resources have a separately
named id attribute, e.g., the Secret resource has secret_id
.
The examples below outline when to pass in those id values.
Create a Secret¶
The Key Manager service allows you to create new secrets by passing the
attributes of the Secret
to the
create_secret()
method.
def create_secret(conn):
print("Create a secret:")
conn.key_manager.create_secret(
name="My public key",
secret_type="public",
expiration="2020-02-28T23:59:59",
payload="ssh rsa...",
payload_content_type="text/plain",
)
List Secrets¶
Once you have stored some secrets, they are available for you to list
via the secrets()
method.
This method returns a generator, which yields each
Secret
.
def list_secrets(conn):
print("List Secrets:")
for secret in conn.key_manager.secrets():
print(secret)
The secrets()
method can
also make more advanced queries to limit the secrets that are returned.
def list_secrets_query(conn):
print("List Secrets:")
for secret in conn.key_manager.secrets(
secret_type="symmetric", expiration="gte:2020-01-01T00:00:00"
):
print(secret)
Get Secret Payload¶
Once you have received a Secret
,
you can obtain the payload for it by passing the secret’s id value to
the secrets()
method.
Use the secret_id
attribute
when making this request.
def get_secret_payload(conn):
print("Get a secret's payload:")
# Assuming you have an object `s` which you perhaps received from
# a conn.key_manager.secrets() call...
secret = conn.key_manager.get_secret(s.secret_id)
print(secret.payload)