from google.cloud import secretmanager_v1 as secretmanager import google.auth import re def access_secret_version(secret_id, version_id="latest"): """ Get secret from the secret manager Args: secret_id: secret name version_id: latest(default) Returns: Secret value """ project_id: str _, project_id = google.auth.default() # Create the Secret Manager client. client = secretmanager.SecretManagerServiceClient() if validate_secret(secret_id): # Build the resource name of the secret version. name = f"projects/{project_id}/secrets/{secret_id}/versions/{version_id}" else: raise Exception("Invalid secret name. Secret name should not contain any other special symbol except - or _") # Access the secret version. response = client.access_secret_version(name=name) # Return the decoded payload. return response.payload.data.decode('UTF-8') def validate_secret(secret_id): valid_secret = True regexp = re.compile('[^0-9a-zA-Z_-]+') if regexp.search(secret_id): valid_secret = False return valid_secret