secret_loader/README.md

<!---                   WARNING                    --->
<!---        THIS IS AN AUTO-GENERATED FILE        --->
<!---  MANUAL CHANGES CAN AND WILL BE OVERWRITTEN  --->

# Secret Loader System.

System for loading secrets from a variety of sources.

Usage:

```python
import secret_loader
secrets = secret_loader.SecretLoader(env_key_prefix = 'MYAPP')

db_username = secrets.load_or_fail('DATABASE_USERNAME')
db_password = secrets.load_or_fail('DATABASE_PASSWORD')
```

Secret loading order:

0. Hardcoded values. **This is purely for debugging, prototyping, and for
   configuring below options.**
1. Files pointed to by environment variables. Docker friendly.
2. Secrets folder. Also Docker friendly.
3. [Pass: the standard unix password
   manager](https://www.passwordstore.org/). Most suited for personal
   usage; very unsuited for server environments. Requires `pass` installed
   locally, and configuration of the `PASS_STORE_SUBFOLDER` through one of the above
   methods.
4. Vault instance if configured. Suited for production environments.

## TODO

- [ ] Avoid leakage to swap files.
    * Possibly Mlock? [Does not seem to work](https://stackoverflow.com/questions/29524020/prevent-ram-from-paging-to-swap-area-mlock)
    * Alternatively use [mmap](https://docs.python.org/3/library/mmap.html) and [memoryview](https://stackoverflow.com/questions/18655648/what-exactly-is-the-point-of-memoryview-in-python)?§
- [ ] Wrap secrets in intelligent strings:
    * Instead of returning None on unloaded, return UnknownSecret, that produce
      error when formatted.
    * `repr(secret)` should not include contents, but only the secret and how
      it was loaded.
    * Methods on `Secret` should be kept minimal.
- [ ] Vault:
  * [ ] Ensure vault code path works.
  * [ ] Document usage and requirements.

## License

Copyright 2024 Jon Michael Aanes.
All rights reserved.


# License

```
Copyright (c) 2024 Jon Michael Aanes

All rights reserved.
```
🤖 Repository layout updated to latest version This commit was automatically generated by a script: https://gitfub.space/Jmaa/python-omni 2024-07-08 17:10:04 +00:00			`<!--- WARNING --->`
			`<!--- THIS IS AN AUTO-GENERATED FILE --->`
			`<!--- MANUAL CHANGES CAN AND WILL BE OVERWRITTEN --->`
🤖 Repository layout updated to latest version This commit was automatically generated by a script: https://gitfub.space/Jmaa/python-omni 2024-07-08 16:26:17 +00:00
README and requirements 2024-07-08 16:10:55 +00:00			`# Secret Loader System.`
README 2024-06-12 20:16:35 +00:00
README and requirements 2024-07-08 16:10:55 +00:00			`System for loading secrets from a variety of sources.`

			`Usage:`

			```python
			`import secret_loader`
			`secrets = secret_loader.SecretLoader(env_key_prefix = 'MYAPP')`

			`db_username = secrets.load_or_fail('DATABASE_USERNAME')`
			`db_password = secrets.load_or_fail('DATABASE_PASSWORD')`
			```

			`Secret loading order:`

			`0. Hardcoded values. **This is purely for debugging, prototyping, and for`
			`configuring below options.**`
			`1. Files pointed to by environment variables. Docker friendly.`
			`2. Secrets folder. Also Docker friendly.`
			`3. [Pass: the standard unix password`
			`manager](https://www.passwordstore.org/). Most suited for personal`
			usage; very unsuited for server environments. Requires `pass` installed
			locally, and configuration of the `PASS_STORE_SUBFOLDER` through one of the above
			`methods.`
			`4. Vault instance if configured. Suited for production environments.`

			`## TODO`

			`- [ ] Avoid leakage to swap files.`
			`* Possibly Mlock? [Does not seem to work](https://stackoverflow.com/questions/29524020/prevent-ram-from-paging-to-swap-area-mlock)`
			`* Alternatively use [mmap](https://docs.python.org/3/library/mmap.html) and [memoryview](https://stackoverflow.com/questions/18655648/what-exactly-is-the-point-of-memoryview-in-python)?§`
			`- [ ] Wrap secrets in intelligent strings:`
			`* Instead of returning None on unloaded, return UnknownSecret, that produce`
			`error when formatted.`
			* `repr(secret)` should not include contents, but only the secret and how
			`it was loaded.`
			* Methods on `Secret` should be kept minimal.
			`- [ ] Vault:`
			`* [ ] Ensure vault code path works.`
			`* [ ] Document usage and requirements.`

			`## License`

			`Copyright 2024 Jon Michael Aanes.`
			`All rights reserved.`
🤖 Repository layout updated to latest version This commit was automatically generated by a script: https://gitfub.space/Jmaa/python-omni 2024-07-09 21:59:54 +00:00

			`# License`

			```
			`Copyright (c) 2024 Jon Michael Aanes`

			`All rights reserved.`
			```