Using OpenStack Key Manager¶
Before working with the Key Manager service, you’ll need to create a
connection to your OpenStack cloud by following the Connect user
guide. This will provide you with the
conn variable used in the examples
Some interactions with the Key Manager service differ from that
of other services in that resources do not have a proper
which is necessary to make some calls. Instead, resources have a separately
named id attribute, e.g., the Secret resource has
The examples below outline when to pass in those id values.
The Key Manager service allows you to create new secrets by passing the
attributes of the
Secret to the
def create_secret(conn): print("Create a secret:") conn.key_manager.create_secret(name="My public key", secret_type="public", expiration="2020-02-28T23:59:59", payload="ssh rsa...", payload_content_type="text/plain")
Once you have stored some secrets, they are available for you to list
This method returns a generator, which yields each
def list_secrets(conn): print("List Secrets:") for secret in conn.key_manager.secrets(): print(secret)
secrets() method can
also make more advanced queries to limit the secrets that are returned.
def list_secrets_query(conn): print("List Secrets:") for secret in conn.key_manager.secrets( secret_type="symmetric", expiration="gte:2020-01-01T00:00:00"): print(secret)
Once you have received a
you can obtain the payload for it by passing the secret’s id value to
when making this request.
def get_secret_payload(conn): print("Get a secret's payload:") # Assuming you have an object `s` which you perhaps received from # a conn.key_manager.secrets() call... secret = conn.key_manager.get_secret(s.secret_id) print(secret.payload)