secret-loader (0.1.15)
Installation
pip install --index-url About this package
System for loading secrets from a variety of sources.
Secret Loader System.
System for loading secrets from a variety of sources.
Usage:
import secret_loader
secrets = secret_loader.SecretLoader(env_key_prefix='MYAPP')
db_username = secrets.load_or_fail('DATABASE_USERNAME')
db_password = secrets.load_or_fail('DATABASE_PASSWORD')
Secret loading order:
- Hardcoded values. This is purely for debugging, prototyping, and for configuring below options.
- Files pointed to by environment variables. Docker friendly.
- Secrets folder. Also Docker friendly.
- Pass: the standard unix password
manager. Most suited for personal
usage; very unsuited for server environments. Requires
passinstalled locally, and configuration of thePASS_STORE_SUBFOLDERthrough one of the above methods. - Vault instance if configured. Suited for production environments. NOTE:
This is barely supported. Requires
hvacpython package.
Future extensions
- Key casing should be more consistent
- Case-insensitive for hardcoded and
load. - Upper case for environment variables.
- Lower case for files and others.
- Case-insensitive for hardcoded and
- New special configuration value for switching the
secretsdirectory. - Wrap secrets in intelligent strings:
- Instead of returning
Noneon unloaded, returnUnknownSecret, that produce error when formatted. repr(secret)should not include contents, but only the secret and how it was loaded.- Methods on
Secretshould be kept minimal.
- Instead of returning
- Avoid leakage to swap files.
- Possibly Mlock? Does not seem to work
- Alternatively use mmap and memoryview?§
- Vault:
- Ensure vault code path works.
- Document usage and requirements.
Requirements
Requires Python: >=3.9
Details
Assets (2)
Versions (16)
View all
secret_loader-0.1.15.tar.gz
5.4 KiB