1
0
secret_loader/setup.py

105 lines
3.3 KiB
Python
Raw Normal View History

# WARNING
#
# THIS IS AN AUTOGENERATED FILE.
#
# MANUAL CHANGES CAN AND WILL BE OVERWRITTEN.
import re
from setuptools import setup
PACKAGE_NAME = 'secret_loader'
PACKAGE_DESCRIPTION = """
# Secret Loader System.
System for loading secrets from a variety of sources.
Usage:
```python
import secret_loader
secrets = secret_loader.SecretLoader(env_key_prefix='MYAPP')
db_username = secrets.load_or_fail('DATABASE_USERNAME')
db_password = secrets.load_or_fail('DATABASE_PASSWORD')
```
Secret loading order:
0. Hardcoded values. **This is purely for debugging, prototyping, and for
configuring below options.**
1. Files pointed to by environment variables. Docker friendly.
2. Secrets folder. Also Docker friendly. Defaults to `secrets`, but can be
configured through the `SECRETS_DIRECTORY` key (NOTE: passed directly,
rather than through a file.)
3. [Pass: the standard unix password
manager](https://www.passwordstore.org/). Most suited for personal
usage; very unsuited for server environments. Requires `pass` installed
locally, and configuration of the `PASS_STORE_SUBFOLDER` through one of the above
methods.
4. Vault instance if configured. Suited for production environments. **NOTE:
This is barely supported.** Requires `hvac` python package.
## Future extensions
- [ ] Key casing should be more consistent
* Case-insensitive for hardcoded and `load`.
* Upper case for environment variables.
* Lower case for files and others.
- [ ] New special configuration value for switching the `secrets` directory.
- [ ] Wrap secrets in intelligent strings:
* [ ] Instead of returning `None` on unloaded, return `UnknownSecret`, that produce error when formatted.
* [ ] `repr(secret)` should not include contents, but only the secret and how it was loaded.
* [ ] Methods on `Secret` should be kept minimal.
- [ ] Avoid leakage to swap files.
* Possibly Mlock? [Does not seem to work](https://stackoverflow.com/questions/29524020/prevent-ram-from-paging-to-swap-area-mlock)
* Alternatively use [mmap](https://docs.python.org/3/library/mmap.html) and [memoryview](https://stackoverflow.com/questions/18655648/what-exactly-is-the-point-of-memoryview-in-python)?§
- [ ] Vault:
* [ ] Ensure vault code path works.
* [ ] Document usage and requirements.
- [ ] Get inspiration from <https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html>
""".strip()
PACKAGE_DESCRIPTION_SHORT = """
System for loading secrets from a variety of sources.""".strip()
def parse_version_file(text: str) -> str:
match = re.match(r'^__version__\s*=\s*(["\'])([\d\.]+)\1$', text)
if match is None:
msg = 'Malformed _version.py file!'
raise Exception(msg)
return match.group(2)
with open(PACKAGE_NAME + '/_version.py') as f:
version = parse_version_file(f.read())
REQUIREMENTS_MAIN = [
'frozendict',
]
REQUIREMENTS_TEST = [
'pytest',
]
setup(
name=PACKAGE_NAME,
version=version,
description=PACKAGE_DESCRIPTION_SHORT,
long_description=PACKAGE_DESCRIPTION,
long_description_content_type='text/markdown',
author='Jon Michael Aanes',
author_email='jonjmaa@gmail.com',
url='https://gitfub.space/Jmaa/' + PACKAGE_NAME,
packages=[PACKAGE_NAME],
install_requires=REQUIREMENTS_MAIN,
extras_require={
'test': REQUIREMENTS_TEST,
},
python_requires='>=3.9',
)