{
 "cells": [
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "# Credential Manager\n",
    "\n",
    "Urgap provides a standardized interface to interact with different secret stores and present the credentials in a standardized fashion.\n",
    "\n",
    "As of writing this tutorial, Azure Key Vault, Google Cloud Secret Store and classic ENV are surported as secrect stores. \n",
    "\n",
    "Since we have abstracted the interaction with the secret store in an interface (see. urgap.ucredentials.io), other secret stores can be added with ease."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2026-01-22T10:15:48.538196Z",
     "start_time": "2026-01-22T10:15:45.893896Z"
    }
   },
   "outputs": [],
   "source": [
    "import urgap"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "Within the urgap home diretory, there is a file called credentials_lookup.json"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2026-01-22T10:15:53.308032Z",
     "start_time": "2026-01-22T10:15:53.305209Z"
    }
   },
   "outputs": [],
   "source": [
    "import json\n",
    "from pathlib import Path\n",
    "\n",
    "uc = json.load(open(Path(urgap.home / \"credentials_lookup.json\")))"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {},
   "outputs": [],
   "source": [
    "uc"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "This file is used to point the urgap credential manager to the right secret store to extract the credentials. Take for example this entry in the `uc[\"credentials\"]`\n",
    "```\n",
    "{\n",
    "    'description': 'gcs using libcloud does not need host yet schema+host is used for internal lookups',\n",
    "    'scheme': 'gcs-libcloud',\n",
    "    'host': 'gsk-rd-ngs-sbx',\n",
    "    'user': 'U_GCS_USER',\n",
    "    'password': 'U_GCS_PASSWORD',\n",
    "    'secure': True,\n",
    "    'secret_store': 'env',\n",
    "    'cloud_host_pid': 'gsk-rd-ngs-sbx'\n",
    "}\n",
    "```"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "if a uri or connection string has the schema `gcs-libcloud` and points to the host `gsk-rd-ngs-sbx`, then the secret manager will look into the secret_store `env` and extract the user/login from the variable under `U_GCS_USER`, the password from the variable under `U_GCS_PASSWORD`.\n",
    "\n",
    "urgap will initialze a credential manager under\n",
    "`urgap.instances.ucredential_manager` during init.\n",
    "\n",
    "We can extract the credentials using the methods `.extract_credentials`, `.get_password` or `.get_user`.\n",
    "\n",
    "We can also supply more credentials dynamically using `.add_credentials` methods. For example:"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2026-01-22T10:16:28.145006Z",
     "start_time": "2026-01-22T10:16:28.119927Z"
    }
   },
   "outputs": [],
   "source": [
    "um = urgap.UCredentialManager()\n",
    "um.add_credentials(\n",
    "    [\n",
    "        {\n",
    "            \"base_url\": \"dog://town\",\n",
    "            \"description\": \"Demo1\",\n",
    "            \"scheme\": \"dog\",\n",
    "            \"host\": \"town\",\n",
    "            \"user\": \"U_DOG_USER\",\n",
    "            \"password\": \"U_DOG_PASSWORD\",\n",
    "            \"secure\": True,\n",
    "            \"secret_store\": \"env\",\n",
    "            \"cloud_host_pid\": \"gsk-rd-ngs-sbx\",\n",
    "        }\n",
    "    ]\n",
    ")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "Let set those env variables now."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2026-01-22T10:16:04.828837Z",
     "start_time": "2026-01-22T10:16:04.826948Z"
    }
   },
   "outputs": [],
   "source": [
    "import os\n",
    "\n",
    "os.environ[\"U_DOG_USER\"] = \"d0g-name\"\n",
    "os.environ[\"U_DOG_PASSWORD\"] = \"d0g-password\""
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2026-01-22T10:16:06.506845Z",
     "start_time": "2026-01-22T10:16:06.502296Z"
    }
   },
   "outputs": [],
   "source": [
    "um.get_password(\"dog://town\")"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2026-01-22T10:16:08.638328Z",
     "start_time": "2026-01-22T10:16:08.635726Z"
    }
   },
   "outputs": [],
   "source": [
    "um.extract_credentials(\"dog://town\")"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {},
   "outputs": [],
   "source": [
    "urgap.ucredentials.io.gcp.IOGCPCreds(\n",
    "    secret_id=\"sasa\", version_id=\"L@!#!\", project_id=\"ASda\"\n",
    ")"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {},
   "outputs": [],
   "source": []
  }
 ],
 "metadata": {
  "kernelspec": {
   "display_name": "u2_p310",
   "language": "python",
   "name": "python3"
  },
  "language_info": {
   "codemirror_mode": {
    "name": "ipython",
    "version": 3
   },
   "file_extension": ".py",
   "mimetype": "text/x-python",
   "name": "python",
   "nbconvert_exporter": "python",
   "pygments_lexer": "ipython3",
   "version": "3.10.11"
  }
 },
 "nbformat": 4,
 "nbformat_minor": 2
}