Using Python SDK

3 min

the kron pam python sdk provides a secure, programmatic interface for retrieving and managing privileged credentials directly from the kron pam vault it allows developers to dynamically access account passwords, ensuring that no static credentials are stored within code or configuration files the sdk communicates through the kron pam secrets manager agent , providing encrypted and auditable credential delivery to applications and scripts it can be used in both linux and windows environments example implementation below is a sample python script demonstrating how to retrieve credentials securely using the kron pam from future import print function import logging import time from aapm python sdk import passwordmanager def run() for i in range(1) pamurl = "https //test krontech com" agenthost = "10 20 30 40" agentport = 6396 agentaddess = f"{agenthost} {agentport}" manager = passwordmanager(agentaddess) manager httpaddress(pamurl) manager enable debug(true) \# manager ignore agent certificate() manager ignore interceptor certificate() manager disable agent certificate() response = manager getpassword( 'statictestaccount', '6d8beac9 843c 41d1 8131 0cfc09fc4899', '/testlinuxservers', responsetype="text", showusername="true", ) print(f"\[{i+1}] rpc client received \[{response value}] \[{response status}]") if name == ' main ' logging basicconfig() print("request started ") run() sample output starting password fetch process \=== password retrieved === account path /testlinuxservers status success password 9hg2klm3t function reference the getpassword() method retrieves the active password for a specified account from the kron pam vault it communicates securely through the configured kron pam secrets manager agent and/or kron pam vault, and then returns either a text or json response method definition getpassword( paccountname, paccounttoken, paccountpath, pcomment=none, ppasswdexpirationtime=none, ppasswordchangerequired=false, responsetype="text/plain", showusername=false, prettify=false, tenantid=none ) parameter description parameter description paccountname account name registered in kron pam vault paccountpath account path within the vault (e g , /databases/sharedaccouts, /windows) paccounttoken kron pam aapm token assigned for account pcomment optional descriptive comment for the fetching password ppasswdexpirationtime duration before password expiration (in minutes) ppasswordchangerequired whether to force a new password rotation upon retrieval responsetype format of the response (json or text) showusername include username in response (true/false) prettify enables formatted response output tenantid specifies the tenant or logical domain when working in multi tenant environments ensures credentials are retrieved from the correct scope enable debug(true) enables debug logs for python sdk usage apiversion ensures that the aapm agent returns a response in the same format as kron pam for static credential types (default value v2) ignore agent certificate ignores connection errors when using a self signed certificate for the aapm agent ignore interceptor certificate ignores connection errors when using a self signed certificate defined on kron pam disable agent certificate parameter required for using the aapm agent without a certificate (not recommended) disable interceptor certificate parameter required for using kron pam without a certificate (not recommended) initialization explained before calling getpassword() , two key setup steps are required passwordmanager(agent host) creates an sdk instance and establishes communication with the kron pam secrets manager agent manager httpaddress(vault url) defines the https address of the kron pam vault for credential retrieval