Module clients.sandbox.h2o_secure_store.client
Classes
H2OSecureStoreClient
class H2OSecureStoreClient(connection_config: h2o_engine_manager.clients.connection_config.ConnectionConfig, verify_ssl: bool = True, ssl_ca_cert: Optional[str] = None)
H2OSecureStoreClient manages H2O Secure Store operations within a SandboxEngine.
Args
connection_config- AIEM connection configuration object.
verify_ssl- Set to False to disable SSL certificate verification.
ssl_ca_cert- Path to a CA cert bundle with certificates of trusted CAs.
Methods
reveal_secret_to_file
def reveal_secret_to_file(self, name: str, secret_version: str, path: str) ‑> h2o_engine_manager.clients.sandbox.h2o_secure_store.reveal_secret_to_file_response.RevealSecretToFileResponse
Reveal a secret value from H2O Secure Store and write it to a file.
Retrieves a secret version from the secure store and writes its value to the specified path in the sandbox filesystem. The caller must be authorized to reveal the specified secret version.
Files are created with secure 0600 permissions (owner read/write only) to protect sensitive data.
Args
name:str- SandboxEngine resource name. Format: "workspaces//sandboxEngines/"
secret_version:str- The resource name of the SecretVersion to reveal. Format: "workspaces//secrets//versions/*" The version segment can be a specific version ID or "latest" to retrieve the most recently created SecretVersion. Example: "workspaces/my-workspace/secrets/api-key/versions/latest"
path:str- The absolute path in the sandbox filesystem where the secret value should be written. Must start with a forward slash (e.g., "/home/sandbox/.credentials/token"). If the file exists, it will be overwritten. Parent directories will be created automatically if they don't exist.
Returns
RevealSecretToFileResponse- Response containing the actual secret version name (resolved if "latest" was used) and metadata about the written file.
Feedback
- Submit and view feedback for this page
- Send feedback about AI Engine Manager to cloud-feedback@h2o.ai