This SDK provides consistent interfaces for interacting with foundational services such as object storage, destination management, audit logging, telemetry, and secure credential handling.
The Python SDK offers a clean, type-safe API following Python best practices while maintaining compatibility with the SAP Application Foundation ecosystem.
- AuditLog User Guide - Compliance audit logging for SAP Audit Log Service
- Destination User Guide - SAP BTP Destination Service integration with proxy support
- ObjectStore User Guide - S3-compatible object storage
- Secret Resolver User Guide - Secure credential management from mounted volumes and environment variables
- Telemetry User Guide - OpenTelemetry tracing and GenAI auto-instrumentation
TODO: To be defined
from sap_cloud_sdk.objectstore import create_client
# Create an ObjectStore client (auto-detects local vs cloud)
client = create_client("my-instance")
# Upload a file
client.put_object_from_bytes(
name="example.txt",
data=b"Hello, World!",
content_type="text/plain"
)- π€ AI Core Integration
- π Audit Log Service
- π Destination Service
- ποΈ ObjectStore Service
- π Secret Resolver
- π Telemetry & Observability
- Python: 3.11 or higher
The SDK automatically resolves configuration from multiple sources with the following priority:
- Kubernetes-mounted secrets:
/etc/secrets/<module>/<instance>/<field> - Environment variables:
<MODULE>_<INSTANCE>_<FIELD>- For instance names, hyphens (
"-") are replaced with underscores ("_") for compatibility with system environment variables.
- For instance names, hyphens (
# Environment variables for ObjectStore with instance name "credentials"
export OBJECTSTORE_CREDENTIALS_ACCESS_KEY_ID="your-access-key"
export OBJECTSTORE_CREDENTIALS_SECRET_ACCESS_KEY="your-secret-key"
export OBJECTSTORE_CREDENTIALS_BUCKET="your-bucket-name"
export OBJECTSTORE_CREDENTIALS_HOST="s3.amazonaws.com"/etc/secrets/objectstore/credentials/
βββ access_key_id
βββ secret_access_key
βββ bucket
βββ host
For production environments (SAP BTP Managed Runtime), no configuration is needed as OTEL_EXPORTER_OTLP_ENDPOINT is automatically injected.
For local development:
export OTEL_EXPORTER_OTLP_ENDPOINT="https://otel-collector.example.com"from sap_cloud_sdk.core.auditlog import (create_client, SecurityEvent)
# Create client )
client = create_client()
# Security event - authentication attempt
security_event = SecurityEvent(
data="User login attempt",
user="john.doe",
tenant=Tenant.PROVIDER,
identity_provider="SAP ID",
ip="192.168.1.100",
attributes=[
SecurityEventAttribute("login_method", "password"),
SecurityEventAttribute("session_id", "abc123")
]
)
client.log(security_event)Securely load configuration and credentials from Kubernetes mounted volumes or environment variables:
from dataclasses import dataclass, field
from sap_cloud_sdk.core.secret_resolver import read_from_mount_and_fallback_to_env_var
# Load configuration
config = DatabaseConfig()
read_from_mount_and_fallback_to_env_var(
base_volume_mount="/etc/secrets",
base_var_name="MYAPP",
module="database",
instance="primary",
target=config
)Comprehensive telemetry and observability for AI applications with automatic instrumentation:
from sap_cloud_sdk.core.telemetry import (
auto_instrument, context_overlay, GenAIOperation,
chat_span, execute_tool_span, invoke_agent_span,
record_metrics, set_tenant_id, add_span_attribute
)
# Enable auto-instrumentation before importing AI libraries
auto_instrument()
from litellm import completion
import openai
# Set tenant for multi-tenant applications
set_tenant_id("tenant-123")
# Basic GenAI operation tracking
with context_overlay(GenAIOperation.CHAT, attributes={"user.id": "123"}):
response = completion(model="gpt-4", messages=[{"role": "user", "content": "Hello"}])
# Manual metrics and spans
@record_metrics(module="myapp", operation="data_processing")
def process_data(data):
add_span_attribute("data.size", len(data))
# Processing logic
return processed_data