Google Cloud Certificate Manager

1.13.0 · active · verified Wed Apr 15

The `google-cloud-certificate-manager` library is the official Python client for the Google Cloud Certificate Manager API. It allows developers to programmatically acquire and manage TLS (SSL) certificates for use with Cloud Load Balancing. Currently at version 1.13.0, it is part of the larger `google-cloud-python` monorepo, which undergoes frequent updates, ensuring ongoing feature development and maintenance.

Warnings

breaking This library requires Python 3.9 or newer. Running on older Python versions (e.g., 3.8 or below) will result in installation failures or runtime errors.
Fix: Upgrade your Python environment to 3.9 or higher.
gotcha Authentication must be set up correctly for the client to interact with Google Cloud services. Without proper authentication (e.g., Application Default Credentials, service account key, or `GOOGLE_APPLICATION_CREDENTIALS` environment variable), `google.auth.exceptions.DefaultCredentialsError` or similar authentication errors will occur.
Fix: Refer to Google Cloud's authentication documentation for Python client libraries to configure Application Default Credentials or explicitly provide credentials to the client.
gotcha The Certificate Manager API must be explicitly enabled in your Google Cloud project for the client library calls to succeed. If the API is not enabled, you will receive `PERMISSION_DENIED` errors.
Fix: Navigate to the Google Cloud Console, search for 'Certificate Manager API', and ensure it is enabled for your project.
gotcha When using `CertificateManagerClient` as a context manager (`with certificate_manager_v1.CertificateManagerClient() as client:`), be aware that exiting the `with` block will close the underlying transport. This can cause issues if the transport object is shared with other client instances.
Fix: Only use the client as a context manager if the transport is not shared. For long-running applications or shared transports, initialize the client outside a `with` statement and explicitly close the client's transport when no longer needed using `client.close()`.

Install

pip install google-cloud-certificate-manager Install stable version

Imports

CertificateManagerClient
wrong:
```
from google.cloud.certificate_manager import CertificateManagerClient
```
correct:
```
from google.cloud import certificate_manager_v1
```
The client class is typically exposed under a versioned submodule (e.g., `_v1`) to allow for API versioning.

Quickstart

This quickstart demonstrates how to initialize the `CertificateManagerClient` and list existing certificates within a specified Google Cloud project and location. Ensure your `GOOGLE_CLOUD_PROJECT` environment variable is set or replace 'your-project-id' with your actual project ID. Authentication is handled automatically via Application Default Credentials (ADC) if configured.

import os
from google.cloud import certificate_manager_v1

# Set your Google Cloud Project ID
project_id = os.environ.get('GOOGLE_CLOUD_PROJECT', 'your-project-id')
location = 'global' # Certificate Manager resources are often global

def list_certificates():
    client = certificate_manager_v1.CertificateManagerClient()
    parent = client.common_location_path(project_id, location)

    print(f"Listing certificates in project {project_id} in location {location}:")
    try:
        for certificate in client.list_certificates(parent=parent):
            print(f"- Certificate: {certificate.name} (DNS names: {', '.join(certificate.managed.dns_authorizations or ['N/A'])})")
    except Exception as e:
        print(f"Error listing certificates: {e}")

if __name__ == "__main__":
    list_certificates()

view raw JSON →