If you install Secrets Manager Client, your applications can use the secrets that are managed in Secrets Manager. This way, you do not need to hard code secrets in application code. This topic describes how to install and use Secrets Manager Client.
Features
- Allows you to integrate the capabilities of Secrets Manager into applications. You can use a single line of code to read secret information.
- Allows you to cache and refresh secrets in applications.
- Encapsulates the API error-based retry mechanism to intelligently handle reported errors.
- Provides a plug-in design mode that allows you to customize features such as extended cache and error retry.
Sample code of Alibaba Cloud SDK for Java
For more information about how to install Secrets Manager Client and the source code of Secrets Manager Client, visit Open source code repository of Secrets Manager Client for Java.
- Install Secrets Manager Client by using Maven.
<dependency> <groupId>com.aliyun</groupId> <artifactId>alibabacloud-secretsmanager-client</artifactId> <version>x.x.x</version> </dependency>
Note Make sure that the version of Secrets Manager Client is 1.3.2 or later. - You can configure the parameters for Secrets Manager Client in the configuration file secretsmanager.properties. The configuration file secretsmanager.properties contains the parameters for Secrets Manager JDBC. The required configuration item is
cache_client_dkms_config_info
. The configuration itemcache_client_dkms_config_info
is a JSON array. You can configure multiple Key Management Service (KMS) instances to provide high availability and disaster recovery capabilities. The following table describes the elements in the array.Element Description regionId The region where the KMS instance resides. endpoint The virtual private cloud (VPC) address of the KMS instance. clientKeyFile The absolute or relative path to the client key file in the JSON format. passwordFromFilePath or passwordFromEnvVariable - passwordFromFilePath: The password of the client key file is obtained from a file. The value is a string. The string indicates the absolute or relative path to a file that contains the password of the client key file.
- passwordFromEnvVariable: The password of the client key file is obtained from an environment variable. The value is a string. The string indicates the name of an environment variable that contains the password of the client key file.
ignoreSslCerts Specifies whether to ignore the SSL certificate. Valid values: - true: yes
- false: no
caFilePath The absolute or relative path to the certificate authority (CA) certificate file of the KMS instance. - Method 1: Obtain the password of the client key file from a file. The following sample code shows the content of the configuration file secretsmanager.properties:
cache_client_dkms_config_info=[{"regionId":"<your dkms region>","endpoint":"<your dkms endpoint>","passwordFromFilePath":"< your password file path >","clientKeyFile":"<your client key file path>","ignoreSslCerts":false,"caFilePath":"<your CA certificate file path>"}]
- Method 2: Obtain the password of the client key file from an environment variable. The following sample code shows the content of the configuration file secretsmanager.properties:
cache_client_dkms_config_info=[{"regionId":"<your dkms region>","endpoint":"<your dkms endpoint>","passwordFromEnvVariable":"<your_password_env_variable>","clientKeyFile":"<your client key file path>","ignoreSslCerts":false,"caFilePath":"<your CA certificate file path>"}]
Note You must also specify the environment variable. The name of the environment variable is specified bypasswordFromEnvVariable
, and the value of the environment variable is the password of the client key file.
- Construct and use Secrets Manager Client.
import com.aliyuncs.kms.secretsmanager.client.SecretCacheClient; import com.aliyuncs.kms.secretsmanager.client.SecretCacheClientBuilder; import com.aliyuncs.kms.secretsmanager.client.exception.CacheSecretException; import com.aliyuncs.kms.secretsmanager.client.model.SecretInfo; public class CacheClientEnvironmentSample { public static void main(String[] args) { try { // Construct Secrets Manager Client. SecretCacheClient client = SecretCacheClientBuilder.newClient(); // Use Secrets Manager Client to obtain the secret information. SecretInfo secretInfo = client.getSecretInfo("#secretName#"); System.out.println(secretInfo); } catch (CacheSecretException e) { e.printStackTrace(); } } }
Sample code of Alibaba Cloud SDK for Python
For more information about how to install Secrets Manager Client and the source code of Secrets Manager Client, visit Open source code repository of Secrets Manager Client for Python.
- Run the pip command to install Secrets Manager Client.
pip install aliyun-secret-manager-client
- You can configure the parameters for Secrets Manager Client in the configuration file secretsmanager.properties. The configuration file secretsmanager.properties contains the parameters for Secrets Manager JDBC. The required configuration item is
cache_client_dkms_config_info
. The configuration itemcache_client_dkms_config_info
is a JSON array. You can configure multiple Key Management Service (KMS) instances to provide high availability and disaster recovery capabilities. The following table describes the elements in the array.Element Description regionId The region where the KMS instance resides. endpoint The virtual private cloud (VPC) address of the KMS instance. clientKeyFile The absolute or relative path to the client key file in the JSON format. passwordFromFilePath or passwordFromEnvVariable - passwordFromFilePath: The password of the client key file is obtained from a file. The value is a string. The string indicates the absolute or relative path to a file that contains the password of the client key file.
- passwordFromEnvVariable: The password of the client key file is obtained from an environment variable. The value is a string. The string indicates the name of an environment variable that contains the password of the client key file.
ignoreSslCerts Specifies whether to ignore the SSL certificate. Valid values: - true: yes
- false: no
caFilePath The absolute or relative path to the certificate authority (CA) certificate file of the KMS instance. - Method 1: Obtain the password of the client key file from a file. The following sample code shows the content of the configuration file secretsmanager.properties:
cache_client_dkms_config_info=[{"regionId":"<your dkms region>","endpoint":"<your dkms endpoint>","passwordFromFilePath":"< your password file path >","clientKeyFile":"<your client key file path>","ignoreSslCerts":false,"caFilePath":"<your CA certificate file path>"}]
- Method 2: Obtain the password of the client key file from an environment variable. The following sample code shows the content of the configuration file secretsmanager.properties:
cache_client_dkms_config_info=[{"regionId":"<your dkms region>","endpoint":"<your dkms endpoint>","passwordFromEnvVariable":"<your_password_env_variable>","clientKeyFile":"<your client key file path>","ignoreSslCerts":false,"caFilePath":"<your CA certificate file path>"}]
Note You must also specify the environment variable. The name of the environment variable is specified bypasswordFromEnvVariable
, and the value of the environment variable is the password of the client key file.
- Construct and use Secrets Manager Client.
from alibaba_cloud_secretsmanager_client.secret_manager_cache_client_builder import SecretManagerCacheClientBuilder if __name__ == '__main__': // Construct Secrets Manager Client. secret_cache_client = SecretManagerCacheClientBuilder.new_client() // Use Secrets Manager Client to obtain the secret information. secret_info = secret_cache_client.get_secret_info("#secretName#") print(secret_info.__dict__)
Sample code of Alibaba Cloud SDK for Go
For more information about how to install Secrets Manager Client and the source code of Secrets Manager Client, visit Open source code repository of Secrets Manager Client for Go.
- Run the
go get
command to use Secrets Manager Client in your project.go get -u github.com/aliyun/aliyun-secretsmanager-client-go
- You can configure the parameters for Secrets Manager Client in the configuration file secretsmanager.properties. The configuration file secretsmanager.properties contains the parameters for Secrets Manager JDBC. The required configuration item is
cache_client_dkms_config_info
. The configuration itemcache_client_dkms_config_info
is a JSON array. You can configure multiple Key Management Service (KMS) instances to provide high availability and disaster recovery capabilities. The following table describes the elements in the array.Element Description regionId The region where the KMS instance resides. endpoint The virtual private cloud (VPC) address of the KMS instance. clientKeyFile The absolute or relative path to the client key file in the JSON format. passwordFromFilePath or passwordFromEnvVariable - passwordFromFilePath: The password of the client key file is obtained from a file. The value is a string. The string indicates the absolute or relative path to a file that contains the password of the client key file.
- passwordFromEnvVariable: The password of the client key file is obtained from an environment variable. The value is a string. The string indicates the name of an environment variable that contains the password of the client key file.
ignoreSslCerts Specifies whether to ignore the SSL certificate. Valid values: - true: yes
- false: no
caFilePath The absolute or relative path to the certificate authority (CA) certificate file of the KMS instance. - Method 1: Obtain the password of the client key file from a file. The following sample code shows the content of the configuration file secretsmanager.properties:
cache_client_dkms_config_info=[{"regionId":"<your dkms region>","endpoint":"<your dkms endpoint>","passwordFromFilePath":"< your password file path >","clientKeyFile":"<your client key file path>","ignoreSslCerts":false,"caFilePath":"<your CA certificate file path>"}]
- Method 2: Obtain the password of the client key file from an environment variable. The following sample code shows the content of the configuration file secretsmanager.properties:
cache_client_dkms_config_info=[{"regionId":"<your dkms region>","endpoint":"<your dkms endpoint>","passwordFromEnvVariable":"<your_password_env_variable>","clientKeyFile":"<your client key file path>","ignoreSslCerts":false,"caFilePath":"<your CA certificate file path>"}]
Note You must also specify the environment variable. The name of the environment variable is specified bypasswordFromEnvVariable
, and the value of the environment variable is the password of the client key file.
- Construct and use Secrets Manager Client.
package main import ( "fmt" "github.com/aliyun/aliyun-secretsmanager-client-go/sdk" ) func main() { // Construct Secrets Manager Client. client, err := sdk.NewClient() if err != nil { // Handle exceptions panic(err) } // Use Secrets Manager Client to obtain the secret information. secretInfo, err := client.GetSecretInfo("#secretName#") if err != nil { // Handle exceptions panic(err) } fmt.Printf("SecretValue:%s\n",secretInfo.SecretValue) }