secret-loader (0.1.30)
Installation
pip install --index-url secret-loader
About this package
System for loading secrets from a variety of sources.
Secret Loader System.
System for loading secrets from a variety of sources.
Usage:
import secret_loader
secrets = secret_loader.SecretLoader(env_key_prefix='MYAPP')
db_username = secrets.load_or_fail('DATABASE_USERNAME')
db_password = secrets.load_or_fail('DATABASE_PASSWORD')
Secret loading order:
- Hardcoded values. This is purely for debugging, prototyping, and for configuring below options.
- Files pointed to by environment variables. Docker friendly.
- Secrets folder. Also Docker friendly. Defaults to
secrets
, but can be configured through theSECRETS_DIRECTORY
key (NOTE: passed directly, rather than through a file.) - Pass: the standard unix password
manager. Most suited for personal
usage; very unsuited for server environments. Requires
pass
installed locally, and configuration of thePASS_STORE_SUBFOLDER
through one of the above methods.
Future extensions
- Key casing should be more consistent
- Case-insensitive for hardcoded and
load
. - Upper case for environment variables.
- Lower case for files and others.
- Case-insensitive for hardcoded and
- New special configuration value for switching the
secrets
directory. - Wrap secrets in intelligent strings:
- Instead of returning
None
on unloaded, returnUnknownSecret
, that produce error when formatted. repr(secret)
should not include contents, but only the secret and how it was loaded.- Methods on
Secret
should be kept minimal.
- Instead of returning
- Avoid leakage to swap files.
- Possibly Mlock? Does not seem to work
- Alternatively use mmap and memoryview?§
- Vault:
- Ensure vault code path works.
- Document usage and requirements.
- Get inspiration from https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
Requirements
Requires Python: >=3.9
Details
Assets (2)
Versions (28)
View all
secret_loader-0.1.30.tar.gz
6.1 KiB