{"id":1316,"library":"alibabacloud-credentials","title":"Alibaba Cloud Credentials","description":"The alibabacloud-credentials library is the core module for managing authentication credentials within the Alibaba Cloud Python SDK. It provides various credential providers (AccessKey, STS, RAM, EcsRamRole, OAuth, CloudSSO) and handles credential loading from environment variables, configuration files, and metadata services. The current version is 1.0.8, and it maintains a regular release cadence with several patches and minor features per year.","status":"active","version":"1.0.8","language":"en","source_language":"en","source_url":"https://github.com/aliyun/credentials-python","tags":["alibaba cloud","credentials","authentication","sdk","cloud"],"install":[{"cmd":"pip install alibabacloud-credentials","lang":"bash","label":"Install stable version"}],"dependencies":[],"imports":[{"note":"Used to configure credential providers.","symbol":"Config","correct":"from alibabacloud_credentials.models import Config"},{"note":"The primary class for automatic credential resolution from various sources (env, config file, instance metadata, etc.).","symbol":"DefaultCredentialsProvider","correct":"from alibabacloud_credentials.client import DefaultCredentialsProvider"},{"note":"Used for explicitly providing Access Key ID and Secret.","symbol":"AccessKeyCredential","correct":"from alibabacloud_credentials.client import AccessKeyCredential"}],"quickstart":{"code":"import os\nfrom alibabacloud_credentials.models import Config\nfrom alibabacloud_credentials.client import DefaultCredentialsProvider\n\n# Configure credentials - this provider will try to resolve credentials\n# from environment variables, config files, instance metadata service, etc.\n# You can explicitly set access_key_id, access_key_secret, security_token in Config\n# if you don't want automatic resolution.\n# For example:\n# config = Config(\n#     type='access_key',\n#     access_key_id=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_ID', 'YOUR_AK_ID'),\n#     access_key_secret=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_SECRET', 'YOUR_AK_SECRET')\n# )\n\nconfig = Config()\nprovider = DefaultCredentialsProvider(config)\n\ntry:\n    access_key_id = provider.get_access_key_id()\n    access_key_secret = provider.get_access_key_secret()\n    security_token = provider.get_security_token()\n\n    print(f\"Access Key ID: {access_key_id}\")\n    print(f\"Access Key Secret: {access_key_secret[:4]}...{access_key_secret[-4:]}\")\n    if security_token:\n        print(f\"Security Token: {security_token[:4]}...{security_token[-4:]}\")\n\nexcept Exception as e:\n    print(f\"Error getting credentials: {e}\")\n    print(\"Please ensure ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET environment variables are set,\")\n    print(\"or a valid Alibaba Cloud configuration file exists.\")","lang":"python","description":"This quickstart demonstrates how to use the `DefaultCredentialsProvider` to automatically resolve and retrieve Alibaba Cloud credentials. It first initializes a `Config` object (which can be pre-configured or left empty for automatic resolution) and then creates a `DefaultCredentialsProvider`. It attempts to fetch and print the Access Key ID, Access Key Secret, and Security Token. For actual use, ensure environment variables like `ALIBABA_CLOUD_ACCESS_KEY_ID` and `ALIBABA_CLOUD_ACCESS_KEY_SECRET` are set, or a valid `.aliyun/config.json` file is present."},"warnings":[{"fix":"Upgrade your Python environment to 3.7 or newer. If you must use an older Python, pin your `alibabacloud-credentials` version to `<1.0.6`, but be aware you will miss important bug fixes.","message":"The library now explicitly requires Python 3.7 or newer. Earlier versions (pre-1.0.6) might have worked with Python 3.6, but starting from v1.0.6, compatibility with Python versions older than 3.7 is no longer guaranteed and may lead to syntax errors (e.g., due to the walrus operator `:=`).","severity":"breaking","affected_versions":"<1.0.6"},{"fix":"Upgrade to `alibabacloud-credentials` version `1.0.7` or newer to benefit from fixes that increase OAuth token refresh lead time and correctly update OAuth tokens even with source profiles.","message":"Older versions (up to 1.0.5/1.0.6) contained bugs related to OAuth token refresh and saving, particularly when using `ChainableRamRoleArn` profiles or when a source profile was involved. This could lead to expired tokens not being refreshed or saved correctly, resulting in intermittent authentication failures.","severity":"gotcha","affected_versions":">=1.0.0, <1.0.7"},{"fix":"Upgrade to `alibabacloud-credentials` version `1.0.2` or newer. Always ensure that the `profile_name` specified in your `Config` or `ALIBABA_CLOUD_PROFILE` environment variable corresponds to an existing profile in your `.aliyun/config.json`.","message":"In versions prior to 1.0.2 (and pre-1.0rc3), attempts to load a non-existent `profile_name` in a configuration might not have raised an explicit error, potentially leading to silent failures or unexpected fallback behavior. From 1.0.2 onwards, attempting to use a non-existent profile name will correctly raise an error.","severity":"gotcha","affected_versions":"<1.0.2"}],"env_vars":null,"last_verified":"2026-04-09T00:00:00.000Z","next_check":"2026-07-08T00:00:00.000Z"}