47 lines
1.4 KiB
Python
47 lines
1.4 KiB
Python
import oci
|
|
import ast
|
|
import base64
|
|
|
|
# Specify the OCID of the secret to retrieve
|
|
|
|
|
|
def get_secretcontents(ocid):
|
|
#
|
|
# Authentication is done using Instance Principals on VMs and Resouce Principal on OCI Container Instances
|
|
# The function first tries Resource Principal and fails back to Instance Principal in case of error
|
|
#
|
|
try:
|
|
signer = oci.auth.signers.get_resource_principals_signer()
|
|
except:
|
|
signer = signer = oci.auth.signers.InstancePrincipalsSecurityTokenSigner()
|
|
|
|
# Create secret client and retrieve content
|
|
secretclient = oci.secrets.SecretsClient({}, signer=signer)
|
|
secretcontents = secretclient.get_secret_bundle(secret_id=ocid)
|
|
return secretcontents
|
|
|
|
|
|
def get_password(ocid):
|
|
|
|
secretcontents = get_secretcontents(ocid)
|
|
|
|
# Decode the secret from base64 and return password
|
|
keybase64 = secretcontents.data.secret_bundle_content.content
|
|
keybase64bytes = keybase64.encode("ascii")
|
|
keybytes = base64.b64decode(keybase64bytes)
|
|
key = keybytes.decode("ascii")
|
|
keydict = ast.literal_eval(key)
|
|
return keydict["password"]
|
|
|
|
|
|
def get_secret(ocid):
|
|
|
|
# Create client
|
|
secretcontents = get_secretcontents(ocid)
|
|
|
|
# Decode the secret from base64 and return it
|
|
certbase64 = secretcontents.data.secret_bundle_content.content
|
|
certbytes = base64.b64decode(certbase64)
|
|
cert = certbytes.decode("UTF-8")
|
|
return cert
|