MySQL#
To connect to a MySQL Database, you need the following:
hostname
password
port, the default is 3306
user name
The MySQLDBSecretKeeper
class saves the MySQL database credentials to the OCI Vault service.
See API Documentation for more details
Save Credentials#
MySQLDBSecretKeeper
#
The MySQLDBSecretKeeper
constructor has the following parameters:
compartment_id
(str): OCID of the compartment where the vault is located. Defaults to the compartment of the notebook session when used in a Data Science notebook session.database
(str, optional)): The database name if available.host
(str): The hostname of the database.key_id
(str): OCID of the master key used for encrypting the secret.password
(str): The password of the database.port
(str, optional). Default 3306): Port number of the database service.user_name
(str): The user name to be stored.vault_id
(str): OCID of the vault.
Save#
The MySQLDBSecretKeeper.save
API serializes and stores the credentials to the vault using the following parameters:
defined_tags
(dict, optional): Save the tags under predefined tags in the OCI Console.description
(str): Description of the secret when saved in the vault.freeform_tags
(dict, optional): Freeform tags to be used for saving the secret in the OCI Console.name
(str): Name of the secret when saved in the vault.
The secret has the following information:
database
host
password
port
user_name
Examples#
Save Credentials#
import ads
from ads.secrets.mysqldb import MySQLDBSecretKeeper
vault_id = "ocid1.vault..<unique_ID>"
key_id = "ocid1.key..<unique_ID>"
ads.set_auth("resource_principal") # If using resource principal for authentication
connection_parameters={
"user_name":"<your user name>",
"password":"<your password>",
"database":"database",
"host":"<db host>",
"port":"<db port>",
}
mysqldb_keeper = MySQLDBSecretKeeper(vault_id=vault_id,
key_id=key_id,
**connection_parameters)
mysqldb_keeper.save("mysqldb_employee", "My DB credentials", freeform_tags={"schema":"emp"})
print(mysqldb_keeper.secret_id) # Prints the secret_id of the stored credentials
'ocid1.vaultsecret..<unique_ID>'
You can save the vault details in a file for later reference, or use it in your code using export_vault_details
API calls. The API currently enables you to export the information as a YAML file or a JSON file.
mysqldb_keeper.export_vault_details("my_db_vault_info.json", format="json")
Save as a YAML File#
mysqldb_keeper.export_vault_details("my_db_vault_info.yaml", format="yaml")
Load Credentials#
Load#
The MySQLDBSecretKeeper.load_secret()
API deserializes and loads the credentials from the vault. You could use this API in one of the following ways:
Using a with
Statement#
with MySQLDBSecretKeeper.load_secret('ocid1.vaultsecret..<unique_ID>') as mysqldb_secret:
print(mysqldb_secret['user_name']
Without Using a with
Statement#
mysqldb_secretobj = MySQLDBSecretKeeper.load_secret('ocid1.vaultsecret..<unique_ID>')
mysqldb_secret = mysqldb_secretobj.to_dict()
print(mysqldb_secret['user_name'])
The .load_secret()
method has the following parameters:
auth
: Provide overridingauth
information if theauth
information is different from theads.set_auth
setting.export_env
: The default isFalse
. If set toTrue
, the credentials are exported as environment variabled when used with thewith
operator.export_prefix
: The default name for environment variable is user_name, password, database. and wallet_location. You can add a prefix to avoid name collision.format
: (Optional) Ifsource
is a file, then this value must bejson
oryaml
depending on the file format.source
: Either the file that was exported fromexport_vault_details
, or the OCID of the secret.
Examples#
Using a with
Statement#
import ads
ads.set_auth('resource_principal') # If using resource principal authentication
from ads.secrets.mysqldb import MySQLDBSecretKeeper
with MySQLDBSecretKeeper.load_secret(
"ocid1.vaultsecret..<unique_ID>"
) as mysqldb_creds2:
print (mysqldb_creds2["user_name"]) # Prints the user name
print (mysqldb_creds2["user_name"]) # Prints nothing. The credentials are cleared from the dictionary outside the ``with`` block
Export the Environment Variables Using a with
Statement#
To expose credentials as an environment variable, set export_env=True
. The following keys are exported:
Secret attribute |
Environment Variable Name |
---|---|
user_name |
user_name |
password |
password |
host |
host |
port |
port |
database |
database |
import os
import ads
ads.set_auth('resource_principal') # If using resource principal authentication
from ads.secrets.mysqldb import MySQLDBSecretKeeper
with MySQLDBSecretKeeper.load_secret(
"ocid1.vaultsecret..<unique_ID>",
export_env=True
):
print(os.environ.get("user_name")) # Prints the user name
print(os.environ.get("user_name")) # Prints nothing. The credentials are cleared from the dictionary outside the ``with`` block
You can avoid name collisions by setting a prefix string using export_prefix
along with export_env=True
. For example, if you set prefix as myprocess
, then the exported keys are:
Secret attribute |
Environment Variable Name |
---|---|
user_name |
myprocess.user_name |
password |
myprocess.password |
host |
myprocess.host |
port |
myprocess.port |
database |
myprocess.database |
import os
import ads
ads.set_auth('resource_principal') # If using resource principal authentication
from ads.secrets.mysqldb import MySQLDBSecretKeeper
with MySQLDBSecretKeeper.load_secret(
"ocid1.vaultsecret..<unique_ID>",
export_env=True,
export_prefix="myprocess"
):
print(os.environ.get("myprocess.user_name")) # Prints the user name
print(os.environ.get("myprocess.user_name")) # Prints nothing. The credentials are cleared from the dictionary outside the ``with`` block