{"id":7635,"library":"python-tss-sdk","title":"Delinea Secret Server Python SDK","description":"The Delinea Secret Server Python SDK (version 2.0.1) provides Python classes to interact with Delinea Secret Server and Delinea Platform via their REST APIs. It supports various authentication methods and facilitates programmatic access to secrets. The library is actively maintained with regular releases and requires Python 3.8 or higher.","status":"active","version":"2.0.1","language":"en","source_language":"en","source_url":"https://github.com/DelineaXPM/python-tss-sdk","tags":["delinea","secret-server","thycotic","secrets-management","security","sdk","enterprise"],"install":[{"cmd":"pip install python-tss-sdk","lang":"bash","label":"Install latest version"}],"dependencies":[],"imports":[{"note":"The top-level namespace changed from 'thycotic' to 'delinea' in version 1.2.0 due to rebranding.","wrong":"from thycotic.secrets.server import SecretServer","symbol":"SecretServer","correct":"from delinea.secrets.server import SecretServer"},{"symbol":"SecretServerCloud","correct":"from delinea.secrets.server import SecretServerCloud"},{"symbol":"PasswordGrantAuthorizer","correct":"from delinea.secrets.server import PasswordGrantAuthorizer"},{"symbol":"SecretServerError","correct":"from delinea.secrets.server import SecretServerError"}],"quickstart":{"code":"import os\nfrom delinea.secrets.server import (\n    SecretServerCloud,\n    PasswordGrantAuthorizer,\n    SecretServerError\n)\n\n# Ensure these environment variables are set:\n# TSS_TENANT (e.g., 'mytenant')\n# TSS_USERNAME\n# TSS_PASSWORD\n\ntry:\n    tenant = os.environ.get('TSS_TENANT', '')\n    username = os.environ.get('TSS_USERNAME', '')\n    password = os.environ.get('TSS_PASSWORD', '')\n\n    if not all([tenant, username, password]):\n        raise ValueError(\"TSS_TENANT, TSS_USERNAME, and TSS_PASSWORD environment variables must be set.\")\n\n    # For Secret Server Cloud, 'tenant' parameter simplifies URL construction\n    authorizer = PasswordGrantAuthorizer(\n        base_url=f\"https://{tenant}.secretservercloud.com\",\n        username=username,\n        password=password\n    )\n\n    secret_server_cloud = SecretServerCloud(tenant=tenant, authorizer=authorizer)\n\n    # Example: Fetch a secret by ID\n    secret_id = 123 # Replace with a valid secret ID from your Secret Server\n    secret = secret_server_cloud.get_secret(secret_id)\n    print(f\"Successfully fetched secret with ID {secret_id}:\")\n    print(f\"Secret Name: {secret.name}\")\n    # Access secret fields, e.g., secret.data['username'] or secret.data['password']\n\nexcept SecretServerError as e:\n    print(f\"Secret Server Error: {e.message}\")\n    print(\"Please check your credentials, tenant URL, and permissions.\")\nexcept ValueError as e:\n    print(f\"Configuration Error: {e}\")\nexcept Exception as e:\n    print(f\"An unexpected error occurred: {e}\")","lang":"python","description":"This quickstart demonstrates how to authenticate with Delinea Secret Server Cloud using a username and password and then retrieve a secret by its ID. It relies on environment variables for sensitive credentials."},"warnings":[{"fix":"Update all import statements from `thycotic.secrets.server` to `delinea.secrets.server`.","message":"The package's top-level import namespace changed from `thycotic` to `delinea` in version 1.2.0 due to the company's rebranding to Delinea. Code using `from thycotic.secrets.server import ...` will break.","severity":"breaking","affected_versions":"<=1.x"},{"fix":"Review and limit application account permissions within Delinea Secret Server to the principle of least privilege.","message":"When using application accounts for authentication, ensure they are assigned only the minimum required roles and permissions, not the 'Administrator Role' or all role permissions, to maintain security best practices.","severity":"gotcha","affected_versions":"All"},{"fix":"Ensure a trusted SSL certificate is used. If using self-signed certificates in development, consider configuring the `REQUESTS_CA_BUNDLE` environment variable or explicitly disabling SSL verification (not recommended for production).","message":"Self-signed SSL certificates or untrusted certificates can cause 'SSL Connectivity or Certificate Issues?'. The Python `requests` library (used by the SDK) may fail to verify the certificate.","severity":"gotcha","affected_versions":"All"},{"fix":"Verify that 'Enable Webservices' is set to 'Yes' in Secret Server's Administration > Configuration. Ensure the `base_url` provided to the authorizer is the root URL of your Secret Server instance (e.g., `https://yourserver/SecretServer`, not `https://yourserver/SecretServer/Login.aspx`).","message":"Connectivity issues or 'Login Failed' errors can occur if webservices are not enabled on your Secret Server instance, or if an incorrect base URL (e.g., including `/Login.aspx`) is used.","severity":"gotcha","affected_versions":"All"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Change import statements from `from thycotic.secrets.server import ...` to `from delinea.secrets.server import ...`.","cause":"Attempting to import classes using the old `thycotic` namespace after upgrading the SDK to version 1.2.0 or higher.","error":"ImportError: No module named 'thycotic'"},{"fix":"Verify the permissions assigned to the user or application account in Delinea Secret Server. Ensure the account has 'Read' permissions on the specific secret or folder.","cause":"The authenticated user or application account lacks the necessary permissions to access the requested secret or perform the action.","error":"Secret Server Error: Access Denied"},{"fix":"Either install a trusted certificate on the Secret Server or configure the client environment to trust the certificate (e.g., by setting `REQUESTS_CA_BUNDLE` to a .pem file containing the certificate chain).","cause":"The Python `requests` library cannot verify the SSL certificate presented by the Secret Server instance, often due to self-signed or untrusted certificates.","error":"requests.exceptions.SSLError: HTTPSConnectionPool(...) Max retries exceeded with url: /oauth2/token (Caused by SSLError(CertificateError(\"hostname 'yourserver.com' doesn't match ...\")))"},{"fix":"Double-check your `TSS_USERNAME`, `TSS_PASSWORD`, `TSS_TENANT` (or `base_url`) environment variables. Confirm that 'Enable Webservices' is set to 'Yes' in your Secret Server configuration.","cause":"Often caused by incorrect authentication credentials (username, password, or tenant/base URL), or webservices not being enabled on the Secret Server instance.","error":"Secret Server Error: The remote server returned an error: (400) Bad Request"}]}