Secrets reference
The EdgeSecrets class is designed to facilitate secure storage and retrieval
of secrets for both users and organizations.
Secrets are JSON-serializable dictionary data values that are managed by Edge and securely stored using Vault. There are two types of secrets: User secrets and Organization secrets.
User secrets are private and only accessible to a user. No other users, including organization administrators, are allowed to access User secrets.
Organization secrets are maintained by organization administrators. They are readable by any user in the organization, but they are only writable by the organization administrator.
# Create a secret
>>> edge.secrets.create_user_secret('my-secret', {'secret': 'value'})
>>> print(edge.secrets.list_user_secrets())
['my-secret']
>>> print(edge.secrets.read_user_secret('my-secret'))
{'secret': 'value'}
Jupyter Notebooks in the Analysis app cache plaintext values. When working with the Secrets API, reading secrets directly to a variable is generally safe. However, writing secrets in plain text in your notebook could potentially expose the secret. If you are able to see the secret value in the Jupyter Notebook, then it is being handled insecurely.
Constructor
Constructing these yourself is not recommended. You should make an
EdgeSession and access the .secrets property, which
will return an EdgeSecrets object.
Methods
list_user_secrets
list_user_secrets -> list(str)
List secrets that belong to a user
Returns
list(str) Secret names.
read_user_secret
read_user_secret(secret_name) -> dict
Retrieve a user's stored secret.
Parameters
- secret_name (str)
The name of the secret.
Returns
dict Dictionary object that is the secret value.
Raises
- NotFound: If the secret does not exist.
create_user_secret
create_user_secret(secret_name, secret)
Creates a user secret
Parameters
secret_name (str)
The name of the secret. Secret names are alphanumeric, and can include the-(dash) and_(underscore) characters.secret (dict) The secret value to store. The value must be a Python dictionary that is JSON encodable.
Raises
- AlreadyExists: Raised if a secret with the given name already exists.
- BadEntry: Raised if the secret name is invalid.
update_user_secret
update_user_secret(secret_name, secret)
Changes a user secret's value.
Parameters
secret_name (str)
The name of the secret. Secret names are alphanumeric, and can include the-(dash) and_(underscore) characters.secret (dict) The secret value to store. The value must be a Python dictionary that is JSON encodable.
Raises
- NotFound: Raised if a secret with the given name does not exist.
- BadEntry: Raised if the secret name is invalid.
delete_user_secret
delete_user_secret(secret_name)
Delete a user secret.
Parameters
- secret_name (str)
The name of the secret to delete.
wrap_user_secret
wrap_user_secret(secret_name)
Wraps an existing user secret with a single-use wrapping token.
This token can be exchanged directly with Vault via an HTTP POST
request, with the X-Vault-Token header value set to the
wrapped token. For more information, consult the
Vault Documentation.
Parameters
- secret_name (str)
The name of the secret.
Returns
EdgeWrappedSecret An object with two properties.
- The
tokenproperty is the single use wrapping token. - The
unwrap_urlis the URL that can be sent aPOSTto redeem the token.
Raises
- NotFound: Raised if a secret with the given name does not exist.
- BadEntry: Raised if the secret name is invalid.
list_org_secrets
list_org_secrets -> list(str)
List secrets for the current organization.
Any user with access to the organization may list an organization's secrets.
Returns
list(str) Secret names.
read_org_secret
read_org_secret(secret_name) -> dict
Retrieve an organization's stored secret.
Any user with access to the organization may read an organization's secrets.
Parameters
- secret_name (str)
The name of the secret.
Returns
The dict object that is the secret value.
Raises
- NotFound: If the secret does not exist.
create_org_secret
create_org_secret(secret_name, secret)
Creates an organization secret.
Only organization administrators may create organization secrets.
Parameters
secret_name (str)
The name of the secret. Secret names are alphanumeric, and can include the-(dash) and_(underscore) characters.secret (dict) The secret value to store. The value must be a Python dictionary that is JSON encodable.
Raises
- AlreadyExists: Raised if a secret with the given name already exists.
- BadEntry: Raised if the secret name is invalid.
update_org_secret
update_org_secret(secret_name, secret)
Changes an organization secret's value.
Only organization administrators may update organization secrets.
Parameters
secret_name (str)
The name of the secret. Secret names are alphanumeric, and can include the-(dash) and_(underscore) characters.secret (dict) The secret value to store. The value must be a Python dictionary that is JSON encodable.
Raises
- NotFound: Raised if a secret with the given name does not exist.
- BadEntry: Raised if the secret name is invalid.
delete_org_secret
delete_org_secret(secret_name)
Delete an organization secret.
Only organization administrators may delete organization secrets.
Parameters
- secret_name (str)
The name of the secret to delete.
wrap_org_secret
wrap_org_secret(secret_name)
Wraps an existing organization secret with a single-use wrapping token.
This token can be exchanged directly with Vault via an HTTP POST
request, with the X-Vault-Token header value set to the
wrapped token. For more information, consult the
Vault Documentation.
Parameters
- secret_name (str)
The name of the secret.
Returns
EdgeWrappedSecret An object with two properties.
- The
tokenproperty is the single use wrapping token. - The
unwrap_urlis the URL that can be sent aPOSTto redeem the token.
Raises
- NotFound: Raised if a secret with the given name does not exist.
- BadEntry: Raised if the secret name is invalid.