Alibaba Cloud Credentials

1.0.8 · active · verified Thu Apr 09

The alibabacloud-credentials library is the core module for managing authentication credentials within the Alibaba Cloud Python SDK. It provides various credential providers (AccessKey, STS, RAM, EcsRamRole, OAuth, CloudSSO) and handles credential loading from environment variables, configuration files, and metadata services. The current version is 1.0.8, and it maintains a regular release cadence with several patches and minor features per year.

Warnings

breaking The library now explicitly requires Python 3.7 or newer. Earlier versions (pre-1.0.6) might have worked with Python 3.6, but starting from v1.0.6, compatibility with Python versions older than 3.7 is no longer guaranteed and may lead to syntax errors (e.g., due to the walrus operator `:=`).
Fix: Upgrade your Python environment to 3.7 or newer. If you must use an older Python, pin your `alibabacloud-credentials` version to `<1.0.6`, but be aware you will miss important bug fixes.
gotcha Older versions (up to 1.0.5/1.0.6) contained bugs related to OAuth token refresh and saving, particularly when using `ChainableRamRoleArn` profiles or when a source profile was involved. This could lead to expired tokens not being refreshed or saved correctly, resulting in intermittent authentication failures.
Fix: Upgrade to `alibabacloud-credentials` version `1.0.7` or newer to benefit from fixes that increase OAuth token refresh lead time and correctly update OAuth tokens even with source profiles.
gotcha In versions prior to 1.0.2 (and pre-1.0rc3), attempts to load a non-existent `profile_name` in a configuration might not have raised an explicit error, potentially leading to silent failures or unexpected fallback behavior. From 1.0.2 onwards, attempting to use a non-existent profile name will correctly raise an error.
Fix: Upgrade to `alibabacloud-credentials` version `1.0.2` or newer. Always ensure that the `profile_name` specified in your `Config` or `ALIBABA_CLOUD_PROFILE` environment variable corresponds to an existing profile in your `.aliyun/config.json`.

Install

pip install alibabacloud-credentials Install stable version

Imports

Config

from alibabacloud_credentials.models import Config

Used to configure credential providers.

DefaultCredentialsProvider
```
from alibabacloud_credentials.client import DefaultCredentialsProvider
```
The primary class for automatic credential resolution from various sources (env, config file, instance metadata, etc.).
AccessKeyCredential
```
from alibabacloud_credentials.client import AccessKeyCredential
```
Used for explicitly providing Access Key ID and Secret.

Quickstart

This quickstart demonstrates how to use the `DefaultCredentialsProvider` to automatically resolve and retrieve Alibaba Cloud credentials. It first initializes a `Config` object (which can be pre-configured or left empty for automatic resolution) and then creates a `DefaultCredentialsProvider`. It attempts to fetch and print the Access Key ID, Access Key Secret, and Security Token. For actual use, ensure environment variables like `ALIBABA_CLOUD_ACCESS_KEY_ID` and `ALIBABA_CLOUD_ACCESS_KEY_SECRET` are set, or a valid `.aliyun/config.json` file is present.

import os
from alibabacloud_credentials.models import Config
from alibabacloud_credentials.client import DefaultCredentialsProvider

# Configure credentials - this provider will try to resolve credentials
# from environment variables, config files, instance metadata service, etc.
# You can explicitly set access_key_id, access_key_secret, security_token in Config
# if you don't want automatic resolution.
# For example:
# config = Config(
#     type='access_key',
#     access_key_id=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_ID', 'YOUR_AK_ID'),
#     access_key_secret=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_SECRET', 'YOUR_AK_SECRET')
# )

config = Config()
provider = DefaultCredentialsProvider(config)

try:
    access_key_id = provider.get_access_key_id()
    access_key_secret = provider.get_access_key_secret()
    security_token = provider.get_security_token()

    print(f"Access Key ID: {access_key_id}")
    print(f"Access Key Secret: {access_key_secret[:4]}...{access_key_secret[-4:]}")
    if security_token:
        print(f"Security Token: {security_token[:4]}...{security_token[-4:]}")

except Exception as e:
    print(f"Error getting credentials: {e}")
    print("Please ensure ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET environment variables are set,")
    print("or a valid Alibaba Cloud configuration file exists.")

view raw JSON →