Using OpenStack Key Manager¶
Before working with the Key Manager service, you’ll need to create a
connection to your OpenStack cloud by following the Connect user
guide. This will provide you with the conn variable used in the examples
below.
Note
Some interactions with the Key Manager service differ from that
of other services in that resources do not have a proper id parameter,
which is necessary to make some calls. Instead, resources have a separately
named id attribute, e.g., the Secret resource has secret_id.
The examples below outline when to pass in those id values.
Create a Secret¶
The Key Manager service allows you to create new secrets by passing the
attributes of the Secret to the
create_secret() method.
def create_secret(conn):
print("Create a secret:")
conn.key_manager.create_secret(
name="My public key",
secret_type="public",
expiration="2020-02-28T23:59:59",
payload="ssh rsa...",
payload_content_type="text/plain",
)
List Secrets¶
Once you have stored some secrets, they are available for you to list
via the secrets() method.
This method returns a generator, which yields each
Secret.
def list_secrets(conn):
print("List Secrets:")
for secret in conn.key_manager.secrets():
print(secret)
The secrets() method can
also make more advanced queries to limit the secrets that are returned.
def list_secrets_query(conn):
print("List Secrets:")
for secret in conn.key_manager.secrets(
secret_type="symmetric", expiration="gte:2020-01-01T00:00:00"
):
print(secret)
Get Secret Payload¶
Once you have received a Secret,
you can obtain the payload for it by passing the secret’s id value to
the secrets() method.
Use the secret_id attribute
when making this request.
def get_secret_payload(conn):
print("Get a secret's payload:")
# Assuming you have an object `s` which you perhaps received from
# a conn.key_manager.secrets() call...
secret = conn.key_manager.get_secret(s.secret_id)
print(secret.payload)
Find Secret¶
To find a secret by name or ID, use the
find_secret() method.
This method can search for a Secret
by either its name or ID, making it flexible when you don’t have
the exact secret ID.
def find_secret(conn, name_or_id):
print(f"Find Secret: {name_or_id}")
secret = conn.key_manager.find_secret(name_or_id)
if secret:
print(secret)
return secret
else:
print("Secret not found")
return None
Delete Secret¶
To delete a secret, use the
delete_secret() method.
The secret can be identified by its ID or by using
find_secret() to locate
it by name first.
def delete_secret(conn, name_or_id):
print(f"Delete Secret: {name_or_id}")
secret = conn.key_manager.find_secret(name_or_id)
if secret:
conn.key_manager.delete_secret(secret)
else:
print("Secret not found")
