For those interested in a secure repository for passwords and keys for applications running on SAP Business Technology Platform, the Credential store is the way to go. This blog describes very well how to set up the service, so I won’t repeat these steps here.
The aim of this post is to explain how to consume this service with Python 3. The blog mentioned above describes how to consume the service with Node.js. You can find in the official SAP API documention how to consume it with Java, Javascript, Swift, Curl, ABAP and SAPUI5. A GoLang sample is also available in this other documentation. Almost all languages but Python.
The context of this work is the management the HANA Cloud instance service (start and stop). For this task, one need to use the credentials of a Cloud foundry manager and we don’t want these written in plain text. Since updating a Cloud Foundry service with Python would be another topic, I will only expose here how to consume the Credential store.
The core python libraries are requests and python-jose, which have Apache 2-0 and MIT license respectively.
mycreds
(free plan), we add in the namespace test
the password Azerty
for id_conn
.import json
from cfenv import AppEnv
from jose import jwe
import requests
from requests.auth import HTTPBasicAuth
env = AppEnv()
creds = env.get_service(name="mycreds") #name of the Cred.Store service
creds
here is a dictionary with the parameters of the service. Then, we call the API of this service to get the password associated with id_conn
. headers = {'Accept': 'application/json',
'Content-Type': 'application/jose',
'DataServiceVersion': '2.0',
'If-None-Match': '',
'sapcp-credstore-namespace': 'test'} # name of the namespace
response = requests.get(creds.credentials.get('url')+"/password?name=id_conn",
headers=headers,
auth=HTTPBasicAuth(creds.credentials.get("username"),
creds.credentials.get("password"))
)
{
"alg": "RSA-OAEP-256",
"enc": "A256GCM",
"iat": 1631885785
}
private = creds.credentials.get("encryption",{}).get("client_private_key")
private_key = ("-----BEGIN PRIVATE KEY-----\n" +
private +
"\n-----END PRIVATE KEY-----")
private_key = private_key.encode()
cred = jwe.decrypt(response.content, private_key)
cred = json.loads(cred.decode())
pwd= cred.get("value")
cred.get("modifiedAt")
which indicates the last modification.# -*- coding: utf-8 -*-
import os
from flask import Flask
### Add the previous lines here ####
@app.route("/")
def locale():
return pwd
if __name__ == "__main__":
app.run(host='0.0.0.0', port=port)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Kudos |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
User | Count |
---|---|
10 | |
10 | |
9 | |
7 | |
4 | |
4 | |
3 | |
3 | |
2 | |
2 |