Secrets Manager Client encapsulates business logic, best practices, and design patterns based on Secrets Manager API of Key Management Service (KMS). Secrets Manager Client allows you to integrate Secrets Manager with your business systems. Secrets Manager Client allows you to dynamically use the secrets managed in Secrets Manager. This way, you no longer need to hard code sensitive information.

Features

Secrets Manager Client provides the following features:

  • Allows you to integrate the capabilities of Secrets Manager into applications. You can use a single line of code to read secret information.
  • Allows you to cache and refresh secrets in applications.
  • Encapsulates the API error-based retry mechanism to intelligently handle server errors.
  • Provides a plug-in design mode for you to customize or extend features such as cache and retry.

Secrets Manager Client for Java

Install the client

KMS provides Secrets Manager Client for Java. For more information about the source code of the client, visit alibabacloud-secretsmanager-client-java.

You can install Secrets Manager Client for Java by adding the following Maven dependency:

<dependency>
    <groupId>com.aliyun</groupId>
    <artifactId>alibabacloud-secretsmanager-client</artifactId>
    <version>x.x.x</version>
</dependency>
Note For more information about the versions of Secrets Manager Client for Java, visit alibabacloud-secretsmanager-client release.

Sample code

  • Construct the client by using environment variables
    import com.aliyuncs.kms.secretsmanager.client.SecretCacheClient;
    import com.aliyuncs.kms.secretsmanager.client.SecretCacheClientBuilder;
    import com.aliyuncs.kms.secretsmanager.client.exception.CacheSecretException;
    import com.aliyuncs.kms.secretsmanager.client.model.SecretInfo;
    
    public class CacheClientEnvironmentSample {
    
        public static void main(String[] args) {
            try {
                SecretCacheClient client = SecretCacheClientBuilder.newClient();
                SecretInfo secretInfo = client.getSecretInfo("#secretName#");
                System.out.println(secretInfo);
            } catch (CacheSecretException e) {
                e.printStackTrace();
            }
        }
    }
  • Construct the client by configuring parameters such as the AccessKey ID, AccessKey secret, and region ID
    import com.aliyuncs.kms.secretsmanager.client.SecretCacheClient;
    import com.aliyuncs.kms.secretsmanager.client.SecretCacheClientBuilder;
    import com.aliyuncs.kms.secretsmanager.client.exception.CacheSecretException;
    import com.aliyuncs.kms.secretsmanager.client.model.SecretInfo;
    import com.aliyuncs.kms.secretsmanager.client.service.BaseSecretManagerClientBuilder;
    import com.aliyuncs.kms.secretsmanager.client.utils.CredentialsProviderUtils;
    
    public class CacheClientSimpleParametersSample {
    
        public static void main(String[] args) {
            try {
                SecretCacheClient client = SecretCacheClientBuilder.newCacheClientBuilder(
                        BaseSecretManagerClientBuilder.standard().withCredentialsProvider(CredentialsProviderUtils
                                .withAccessKey("#accessKeyId#", "#accessKeySecret#")).withRegion("#regionId#").build()).build();
                SecretInfo secretInfo = client.getSecretInfo("#secretName#");
                System.out.println(secretInfo);
            } catch (CacheSecretException e) {
                e.printStackTrace();
            }
        }
    }
  • Construct the client by configuring custom parameters
    import com.aliyuncs.kms.secretsmanager.client.SecretCacheClient;
    import com.aliyuncs.kms.secretsmanager.client.SecretCacheClientBuilder;
    import com.aliyuncs.kms.secretsmanager.client.cache.FileCacheSecretStoreStrategy;
    import com.aliyuncs.kms.secretsmanager.client.exception.CacheSecretException;
    import com.aliyuncs.kms.secretsmanager.client.model.SecretInfo;
    import com.aliyuncs.kms.secretsmanager.client.service.BaseSecretManagerClientBuilder;
    import com.aliyuncs.kms.secretsmanager.client.service.DefaultRefreshSecretStrategy;
    import com.aliyuncs.kms.secretsmanager.client.service.FullJitterBackoffStrategy;
    import com.aliyuncs.kms.secretsmanager.client.utils.CredentialsProviderUtils;
    
    public class CacheClientDetailParametersSample {
    
        public static void main(String[] args) {
            try {
                SecretCacheClient client = SecretCacheClientBuilder.newCacheClientBuilder(BaseSecretManagerClientBuilder.standard()
                        .withCredentialsProvider(CredentialsProviderUtils.withAccessKey("#accessKeyId#", "#accessKeySecret#"))
                        .withRegion("#regionId#")
                        .withBackoffStrategy(new FullJitterBackoffStrategy(3, 2000, 10000)).build())
                        .withCacheSecretStrategy(new FileCacheSecretStoreStrategy("#cacheSecretPath#", true, "#salt#"))
                        .withRefreshSecretStrategy(new DefaultRefreshSecretStrategy("#ttlName#"))
                        .withCacheStage("#stage#")
                        .withSecretTTL("#secretName#", 1 * 60 * 1000l)
                        .withSecretTTL("#secretName1#", 2 * 60 * 1000l).build();
                SecretInfo secretInfo = client.getSecretInfo("#secretName#");
                System.out.println(secretInfo);
            } catch (CacheSecretException e) {
                e.printStackTrace();
            }
        }
    }

Secrets Manager Client for Python

Install the client

KMS provides Secrets Manager Client for Python. For more information about the source code of the client, visit aliyun-secretsmanager-client-python.

You can run the following pip command to install Secrets Manager Client for Python in your project:

pip install aliyun-secret-manager-client
Note For more information about the versions of Secrets Manager Client for Python, visit aliyun-secretsmanager-client-python.

Sample code

  • Construct the client by using environment variables
    from alibaba_cloud_secretsmanager_client.secret_manager_cache_client_builder import SecretManagerCacheClientBuilder
    
    if __name__ == '__main__':
        secret_cache_client = SecretManagerCacheClientBuilder.new_client()
        secret_info = secret_cache_client.get_secret_info("#secretName#")
        print(secret_info.__dict__)
  • Construct the client by configuring parameters such as the AccessKey ID, AccessKey secret, and region ID
    from alibaba_cloud_secretsmanager_client.secret_manager_cache_client_builder import SecretManagerCacheClientBuilder
    from alibaba_cloud_secretsmanager_client.service.default_secret_manager_client_builder import DefaultSecretManagerClientBuilder
    
    if __name__ == '__main__':
        secret_cache_client = SecretManagerCacheClientBuilder.new_cache_client_builder(DefaultSecretManagerClientBuilder.standard() \
            .with_access_key("#accessKeyId#", "#accessKeySecret#") \
            .with_region("#regionId#").build()) \
        .build();
        secret_info = secret_cache_client.get_secret_info("#secretName#")
        print(secret_info.__dict__)
  • Construct the client by configuring custom parameters
    from alibaba_cloud_secretsmanager_client.secret_manager_cache_client_builder import SecretManagerCacheClientBuilder
    from alibaba_cloud_secretsmanager_client.cache.file_cache_secret_store_strategy import FileCacheSecretStoreStrategy
    from alibaba_cloud_secretsmanager_client.service.default_secret_manager_client_builder import DefaultSecretManagerClientBuilder
    from alibaba_cloud_secretsmanager_client.service.default_refresh_secret_strategy import DefaultRefreshSecretStrategy
    from alibaba_cloud_secretsmanager_client.service.full_jitter_back_off_strategy import FullJitterBackoffStrategy
    
    if __name__ == '__main__':
        secret_cache_client = SecretManagerCacheClientBuilder \
        .new_cache_client_builder(DefaultSecretManagerClientBuilder.standard().with_access_key("#accessKeyId#", "#accessKeySecret#") \
             .with_back_off_strategy(FullJitterBackoffStrategy(3, 2000, 10000)) \
             .with_region("#regionId#").build()) \
         .with_cache_secret_strategy(FileCacheSecretStoreStrategy("#cacheSecretPath#", True,"#salt#")) \
         .with_refresh_secret_strategy(DefaultRefreshSecretStrategy("#ttlName#")) \
         .with_cache_stage("#stage#") \
         .with_secret_ttl("#secretName#", 1 * 60 * 1000l) \
         .build()
        secret_info = secret_cache_client.get_secret_info("#secretName#")
        print(secret_info.__dict__)

Secrets Manager Client for Go

Install the client

KMS provides Secrets Manager Client for Go. For more information about the source code of the client, visit aliyun-secretsmanager-client-go.

You can run the following command to install Secrets Manager Client for Go in your project:

go get -u github.com/aliyun/alibabacloud-sdk-client-go
Note For more information about the versions of Secrets Manager Client for Go, visit aliyun-secretsmanager-client-go.

Sample code

  • Construct the client by using environment variables
    package main
    
    import (
        "fmt"
        "github.com/aliyun/aliyun-secretsmanager-client-go/sdk/service"
    )
    
    func main() {
        client, err := service.NewClient()
        if err != nil {
            // Handle exceptions
            panic(err)
        }
        secretInfo, err := client.GetSecretInfo("#secretName#")
        if err != nil {
            // Handle exceptions
            panic(err)
        }
        fmt.Printf("SecretValue:%s\n",secretInfo.SecretValue)
    }
  • Construct the client by configuring parameters such as the AccessKey ID, AccessKey secret, and region ID
    package main
    
    import (
        "fmt"
        "github.com/aliyun/aliyun-secretsmanager-client-go/sdk/service"
        "github.com/aliyun/aliyun-secretsmanager-client-go/sdk"
    )
    
    func main() {
        client, err := sdk.NewSecretCacheClientBuilder(service.NewDefaultSecretManagerClientBuilder().Standard().WithAccessKey("#accessKeyId#", "#accessKeySecret#").WithRegion("#regionId#").Build()).Build()
        if err != nil {
            // Handle exceptions
            panic(err)
        }
        secretInfo, err := client.GetSecretInfo("#secretName#")
        if err != nil {
            // Handle exceptions
            panic(err)
        }
        fmt.Printf("SecretValue:%s\n",secretInfo.SecretValue)
    }
  • Construct the client by configuring custom parameters
    package main
    
    import (
        "fmt"
        "github.com/aliyun/aliyun-secretsmanager-client-go/sdk/service"
        "github.com/aliyun/aliyun-secretsmanager-client-go/sdk"
    )
    
    func main() {
        client, err := sdk.NewSecretCacheClientBuilder(
            service.NewDefaultSecretManagerClientBuilder().Standard()
        .WithAccessKey(accessKeyId, accessKeySecret).WithRegion("#regionId#")
        .WithBackoffStrategy(&service.FullJitterBackoffStrategy{RetryMaxAttempts: 3, RetryInitialIntervalMills: 2000, Capacity: 10000}).Build())
        .WithCacheSecretStrategy(cache.NewFileCacheSecretStoreStrategy("#cacheSecretPath#", true, "#salt#"))
        .WithRefreshSecretStrategy(service.NewDefaultRefreshSecretStrategy("#jsonTTLPropertyName#"))
        .WithCacheStage("ACSCurrent")
        .WithSecretTTL(secretName, 1*60*1000).Build()
        if err != nil {
            // Handle exceptions
            panic(err)
        }
        secretInfo, err := client.GetSecretInfo("#secretName#")
        if err != nil {
            // Handle exceptions
            panic(err)
        }
        fmt.Printf("SecretValue:%s\n",secretInfo.SecretValue)
    }