Get a secret
Retrieve a secret
One of the key operations of a Vault is to retrieve secrets stored in the Vault for use by your application code. Using the secret manager to manage access to secrets rather than hard coding is a good way to minimize the risk of secret leakage and breaches.
import os
import pangea.exceptions as pe
from pangea.config import PangeaConfig
from pangea.services import Vault
def get_secret(secret_id: str) -> str:
token = os.getenv("PANGEA_VAULT_TOKEN")
domain = os.getenv("PANGEA_DOMAIN")
config = PangeaConfig(domain=domain)
vault = Vault(token, config=config)
try:
# If no version is specified, then the current version is returned.
response = vault.get(secret_id)
except pe.PangeaAPIException as e:
print(f"Vault Request Error: {e.response.summary}")
for err in e.errors:
print(f"\t{err.detail} \n")
else:
return response.result.current_version.secret
Get a specific secret version
In some cases, you may have more than one active version of a secret. You may want to retrieve metadata about the secret.
import os
import pangea.exceptions as pe
from pangea.config import PangeaConfig
from pangea.services import Vault
def get_secret_version(secret_id, version):
token = os.getenv("PANGEA_VAULT_TOKEN")
domain = os.getenv("PANGEA_DOMAIN")
config = PangeaConfig(domain=domain)
vault = Vault(token, config=config)
try:
# get specified version
response = vault.get(secret_id, version)
except pe.PangeaAPIException as e:
print(f"Vault Request Error: {e.response.summary}")
for err in e.errors:
print(f"\t{err.detail} \n")
# possible to return multiple versions
return response.result.versions[0].secret
Was this article helpful?