{"id":4468,"library":"cerberus-python-client","title":"Cerberus Python Client","description":"Cerberus Python Client is a library for programmatically interacting with Cerberus, Nike's secret management system. It facilitates secure communication via HTTPS, supporting AWS and Cerberus-specific authentication methods. As of version 2.5.4, it primarily supports read-only operations, with write functionality not yet implemented by the maintainers. While the library is stable, its official GitHub repository was archived in January 2024, indicating that active development has ceased.","status":"maintenance","version":"2.5.4","language":"en","source_language":"en","source_url":"https://github.com/Nike-Inc/cerberus-python-client","tags":["aws","secrets-management","nike","security","client"],"install":[{"cmd":"pip install cerberus-python-client","lang":"bash","label":"Install latest version"}],"dependencies":[{"reason":"Used for making HTTP requests to the Cerberus API.","package":"requests","optional":false},{"reason":"Required for AWS IAM Role and STS assumed role authentication.","package":"boto3","optional":false}],"imports":[{"symbol":"CerberusClient","correct":"from cerberus.client import CerberusClient"}],"quickstart":{"code":"import os\nfrom cerberus.client import CerberusClient\n\nCERBERUS_URL = os.environ.get('CERBERUS_URL', 'https://cerberus.example.com')\n# For local development, you might set these via environment variables or pass directly\nCERBERUS_USERNAME = os.environ.get('CERBERUS_USERNAME', '')\nCERBERUS_PASSWORD = os.environ.get('CERBERUS_PASSWORD', '')\n\ntry:\n # Example 1: IAM Role Authentication (typical for EC2, ECS, Lambda)\n # Requires appropriate IAM role attached to the execution environment\n client_iam = CerberusClient(CERBERUS_URL)\n print(f\"IAM Client initialized: {client_iam.cerberus_url}\")\n\n # Example 2: User Authentication (for local development or specific use cases)\n if CERBERUS_USERNAME and CERBERUS_PASSWORD:\n client_user = CerberusClient(CERBERUS_URL, CERBERUS_USERNAME, CERBERUS_PASSWORD)\n print(f\"User Client initialized: {client_user.cerberus_url}\")\n\n # Example: Reading a secret (replace with your actual secret path)\n secret_path = 'app/my-application/my-secret-key'\n try:\n secret_data = client_iam.get_secret(secret_path)\n print(f\"Retrieved secret from {secret_path}: {secret_data}\")\n except Exception as e:\n print(f\"Error retrieving secret {secret_path}: {e}\")\n\n # Example: Reading a file (replace with your actual file path)\n file_path = 'app/my-application/path/to/my-file.txt'\n try:\n file_content = client_iam.get_file(file_path)\n print(f\"Retrieved file from {file_path}, content type: {type(file_content)}\")\n # If it's text, you can decode:\n # print(f\"File content: {file_content.decode('utf-8')}\")\n except Exception as e:\n print(f\"Error retrieving file {file_path}: {e}\")\n\nexcept Exception as e:\n print(f\"Failed to initialize CerberusClient: {e}\")\n print(\"Ensure CERBERUS_URL and appropriate authentication (IAM role or credentials) are configured.\")\n","lang":"python","description":"This quickstart demonstrates how to initialize the `CerberusClient` using IAM Role or User authentication and then retrieve secrets and files. For IAM Role authentication, ensure the execution environment has the necessary AWS IAM permissions. For User authentication, set `CERBERUS_USERNAME` and `CERBERUS_PASSWORD` environment variables."},"warnings":[{"fix":"Be aware that the library is no longer actively maintained. For critical projects, consider the implications of using an unmaintained library or explore alternative secret management solutions.","message":"The official GitHub repository for `cerberus-python-client` (Nike-Inc/cerberus-python-client) was archived by its owner on January 12, 2024, and is now read-only. This indicates that active development and maintenance have ceased. While existing versions remain available on PyPI, no new features, bug fixes, or official support are expected.","severity":"breaking","affected_versions":"All versions (future impact)"},{"fix":"Always use `pip install cerberus-python-client` for the client library and `from cerberus.client import CerberusClient`. For the data validation library, use `pip install Cerberus` and `from cerberus import Validator`.","message":"This library (`cerberus-python-client`) is distinct from the general-purpose Python data validation library `Cerberus`. They share a similar name but serve entirely different purposes. Importing or referring to the wrong library can lead to unexpected errors.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Always open files for upload using `with open('your_file.txt', 'rb') as f: ...`","message":"When uploading files to Cerberus, ensure that the file is opened in binary mode (`'rb'`). Failure to do so can result in incorrect size calculations and corrupted uploads.","severity":"gotcha","affected_versions":"All versions"},{"fix":"For Lambda functions, consider using AWS Secrets Manager or Parameter Store for better integration, scale, and performance.","message":"Cerberus is generally not recommended for storing secrets directly accessed by AWS Lambda functions, due to potential issues with scale (thousands of requests per second) and additional latency introduced by authentication and secret retrieval.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Upgrade to `cerberus-python-client` version 2.5.2 or newer to automatically handle trailing slashes in the Cerberus URL. If using an older version, manually ensure the URL does not end with a trailing slash.","message":"Prior to version 2.5.2, users might encounter issues if the `cerberus_url` passed to `CerberusClient` had an inconsistent trailing slash. Version 2.5.2 introduced a fix to remove the trailing slash during initialization, making the client more robust to user input.","severity":"gotcha","affected_versions":"< 2.5.2"}],"env_vars":null,"last_verified":"2026-04-12T00:00:00.000Z","next_check":"2026-07-11T00:00:00.000Z"}