airflow.providers.google.cloud.hooks.secret_manager

Hook for Secrets Manager service

Module Contents

Classes

SecretsManagerHook

Hook for the Google Secret Manager API.

class airflow.providers.google.cloud.hooks.secret_manager.SecretsManagerHook(gcp_conn_id: str = 'google_cloud_default', delegate_to: Optional[str] = None, impersonation_chain: Optional[Union[str, Sequence[str]]] = None)[source]

Bases: airflow.providers.google.common.hooks.base_google.GoogleBaseHook

Hook for the Google Secret Manager API.

See https://cloud.google.com/secret-manager

All the methods in the hook where project_id is used must be called with keyword arguments rather than positional.

Parameters
  • gcp_conn_id (str) -- The connection ID to use when fetching connection info.

  • delegate_to (str) -- The account to impersonate using domain-wide delegation of authority, if any. For this to work, the service account making the request must have domain-wide delegation enabled.

  • impersonation_chain (Union[str, Sequence[str]]) -- Optional service account to impersonate using short-term credentials, or chained list of accounts required to get the access_token of the last account in the list, which will be impersonated in the request. If set as a string, the account must grant the originating account the Service Account Token Creator IAM role. If set as a sequence, the identities from the list must grant Service Account Token Creator IAM role to the directly preceding identity, with first account from the list granting this role to the originating account.

get_conn(self) airflow.providers.google.cloud._internal_client.secret_manager_client._SecretManagerClient[source]

Retrieves the connection to Secret Manager.

Returns

Secret Manager client.

Return type

airflow.providers.google.cloud._internal_client.secret_manager_client._SecretManagerClient

get_secret(self, secret_id: str, secret_version: str = 'latest', project_id: Optional[str] = None) Optional[str][source]

Get secret value from the Secret Manager.

Parameters
  • secret_id (str) -- Secret Key

  • secret_version (str) -- version of the secret (default is 'latest')

  • project_id (str) -- Project id (if you want to override the project_id from credentials)

Was this entry helpful?