You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

beyondtrust-bips-library

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

beyondtrust-bips-library

Password Safe API integration written in Python, Abstract complexity of managing secrets with the API.

1.32.0
pipPyPI
Maintainers
1

Password Safe API integration

License

Password Safe API integration written in Python, Abstract complexity of managing secrets with the API

Python version compatibility

This library is compatible with Python >= v3.11.

Install Package

# PyPI
pip install beyondtrust-bips-library

Arguments

Retrieve Secrets

  • api_url:
    • description: BeyondTrust Password Safe API URL.
    • type: string
    • required: True
  • api_key:
    • description: The API Key configured in BeyondInsight for your application. If not set, then client credentials must be provided.
    • type: string
    • required: False
  • client_id:
    • description: API OAuth Client ID.
    • type: string
    • required: True
  • client_secret:
    • description: API OAuth Client Secret.
    • type: string
    • required: True
  • secret_list:
    • description: List of secrets ["path/title","path/title"] or managed accounts ["ms/ma","ms/ma"] to be retrieved, separated by a comma.
    • type: list
    • required: True
  • certificate_path:
    • description: Password Safe API pfx Certificate Path. For use when authenticating using a Client Certificate.
    • type: string
    • required: False
  • certificate_password:
    • description: Password Safe API pfx Certificate Password. For use when authenticating using a Client Certificate.
    • type: string
    • required: False
  • verify_ca:
    • description: Indicates whether to verify the certificate authority on the Secrets Safe instance.
    • type: boolean
    • default: True
    • required: False

Methods

  • get_secrets(self, paths)
    • Invoked for Managed Account or Secrets Safe secrets.
    • Returns a list of secrets in the requested order.
  • get_secret(self, path)
    • Invoked for Managed Account or Secrets Safe secrets.
    • Returns the requested secret.

Example of usage

We strongly recommend you to use a virtual environment and install dependences from requirements.txt file.

Import secrets_safe_library

pip install -r ~/requirements.txt

By default urllib3 logs are not shown, If need to show them:

export URLLIB3_PROPAGATE=True

script example using library:

import  os
import  logging
from  secrets_safe_library  import  secrets_safe, authentication, utils, managed_account
import requests
from requests.adapters import HTTPAdapter
from urllib3.util.retry import Retry

env  =  os.environ
LOGGER_NAME  =  "custom_logger"

logging.basicConfig(format  =  '%(asctime)-5s  %(name)-15s  %(levelname)-8s  %(message)s',

level  =  logging.DEBUG)

# logger object is optional but is strongly recommended
logger  =  logging.getLogger(LOGGER_NAME)

TIMEOUT_CONNECTION_SECONDS = 30
TIMEOUT_REQUEST_SECONDS = 30

CERTIFICATE = env['CERTIFICATE']
CERTIFICATE_KEY = env['CERTIFICATE_KEY']

def  main():
    try:
        with requests.Session() as session:
            retry_strategy = Retry(
                total=3,
                backoff_factor=0.2,
                status_forcelist=[400, 408, 500, 502, 503, 504],
            )
            adapter = HTTPAdapter(max_retries=retry_strategy)
            session.mount("https://", adapter)
            session.mount("http://", adapter)
            
            certificate, certificate_key = utils.prepare_certificate_info(CERTIFICATE, CERTIFICATE_KEY)
            
            authentication_obj = authentication.Authentication(
                req=session,
                timeout_connection=TIMEOUT_CONNECTION_SECONDS,
                timeout_request=TIMEOUT_REQUEST_SECONDS,
                api_url="https://example.com:443/BeyondTrust/api/public/v3",
                client_id="<client_id>",
                client_secret="<client_secret>",
                certificate=certificate,
                certificate_key=certificate_key,
                verify_ca=True,
                logger=None
            )

            # sign app in password safe API
            get_api_access_response  =  authentication_obj.get_api_access()

            if  get_api_access_response.status_code ==  200:
                # instantiate secrets safe object
                secrets_safe_obj  =  secrets_safe.SecretsSafe(authentication_obj, logger)

                get_secrets_response  =  secrets_safe_obj.get_secrets(["oagrp/text,oagrp/credential"])
                utils.print_log(logger, f"=> Retrive secrets: {get_secrets_response}", logging.DEBUG)
            else:
                print(f"Please check credentials, error {get_api_access_response.text}")
            
            authentication_obj.sign_app_out()

    except  Exception  as  e:
        utils.print_log(logger, f"Error: {e}", logging.ERROR)

# calling main method
main()

Keywords

beyondtrust
devops
secrets
secretssafe
security

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published

Research

/

Security News

Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published

Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.

By Kush Pandya  -  Jul 23, 2025