This guide covers how to manage secrets using the Julep Python SDK. Secrets allow you to securely store and use sensitive information like API keys, passwords, and access tokens in your Julep applications.
Note: For security, when listing secrets, the .value field will always show “ENCRYPTED”. The actual secret value is only returned when specifically requesting a single secret by name.
You can update specific fields without changing others:
Copy
# Update only the descriptionupdated_secret = client.secrets.update( name="stripe_api_key", description="New description for Stripe API key")# Update only the metadataupdated_secret = client.secrets.update( name="stripe_api_key", metadata={"last_rotated": "2025-05-10"})
from julep.exceptions import ( SecretNotFoundError, SecretAlreadyExistsError, ValidationError)try: secret = client.secrets.get(name="non_existent_secret")except SecretNotFoundError: print("Secret not found")try: # Attempt to create a secret with an invalid name secret = client.secrets.create(name="invalid name", value="test")except ValidationError as e: print(f"Validation error: {e}")try: # Attempt to create a duplicate secret secret = client.secrets.create(name="existing_secret", value="test")except SecretAlreadyExistsError: print("Secret already exists")
import uuidfrom datetime import datetimedef rotate_secret(client, secret_name, new_value): """ Safely rotate a secret by creating a new one and verifying it works before deleting the old one. """ # Create a temporary secret with a random suffix temp_name = f"{secret_name}_rotation_{uuid.uuid4().hex[:8]}" # Create the new secret client.secrets.create( name=temp_name, value=new_value, description=f"Temporary rotation for {secret_name}", metadata={"rotation_date": datetime.now().isoformat()} ) # Here you would test that the new secret works # ... # If tests pass, update metadata on the old secret old_secret = client.secrets.get(name=secret_name) old_metadata = old_secret.metadata or {} old_metadata.update({ "archived": "true", "replaced_by": temp_name, "archived_date": datetime.now().isoformat() }) client.secrets.update( name=secret_name, metadata=old_metadata ) # Rename the temporary secret to the standard name client.secrets.delete(name=secret_name) client.secrets.update( name=temp_name, new_name=secret_name, description=old_secret.description, metadata={"last_rotated": datetime.now().isoformat()} ) return client.secrets.get(name=secret_name)# Example usagenew_key = "sk_test_new_value_after_rotation"rotated_secret = rotate_secret(client, "stripe_api_key", new_key)print(f"Rotated secret: {rotated_secret.name}")