Using Python SDK

3 min

the kron pam python sdk provides a secure, programmatic interface for retrieving and managing privileged credentials directly from the kron pam vault it allows developers to dynamically access account passwords, ensuring that no static credentials are stored within code or configuration files the sdk communicates through the kron pam secrets manager agent , providing encrypted and auditable credential delivery to applications and scripts it can be used in both linux and windows environments example implementation below is a sample python script demonstrating how to retrieve credentials securely using the kron pam from password manager import passwordmanager import logging def main() account name = "sshtest" account path = "/linux ssh" app token = "5d8f14aa efc4 48ea a95d 285115fdad86" agent host = "agentipaddress\ agentportaddress" vault url = "https //kronpamipaddress" \# initialize the password manager manager = passwordmanager(agent host) manager httpaddress(vault url) try \# retrieve credentials response = manager getpassword( paccountname=account name, paccounttoken=app token, paccountpath=account path, pcomment="demo", ppasswdexpirationtime="30", ppasswordchangerequired="false", responsetype="text/plain", showusername="false", prettify="true", tenantid=tenant id ) print("\n=== password retrieved ===") print(f"account path {account path}") print(f"status {response status}") print(f"password {response value}") except exception as ex print("\n\[error] unable to fetch password ", str(ex)) if name == " main " logging basicconfig() print("starting password fetch process \n") main() sample output starting password fetch process \=== password retrieved === account path /linux ssh status success password 9hg2klm3t function reference the getpassword() method retrieves the active password for a specified account from the kron pam vault it communicates securely through the configured kron pam secrets manager agent and/or kron pam vault, and then returns either a text or json response method definition getpassword( paccountname, paccounttoken, paccountpath, pcomment=none, ppasswdexpirationtime=none, ppasswordchangerequired=false, responsetype="text/plain", showusername=false, prettify=false, tenantid=none ) parameter description parameter description paccountname account name registered in kron pam vault paccountpath account path within the vault (e g , /databases/sharedaccouts, /windows) paccounttoken kron pam aapm token assigned for account pcomment optional descriptive comment for the fetching password ppasswdexpirationtime duration before password expiration (in minutes) ppasswordchangerequired whether to force a new password rotation upon retrieval responsetype format of the response (json or text) showusername include username in response (true/false) prettify enables formatted response output tenantid specifies the tenant or logical domain when working in multi tenant environments ensures credentials are retrieved from the correct scope initialization explained before calling getpassword() , two key setup steps are required passwordmanager(agent host) creates an sdk instance and establishes communication with the kron pam secrets manager agent manager httpaddress(vault url) defines the https address of the kron pam vault for credential retrieval