diff --git a/secret_loader/__init__.py b/secret_loader/__init__.py index ba97cbf..dc459de 100644 --- a/secret_loader/__init__.py +++ b/secret_loader/__init__.py @@ -1,5 +1,6 @@ import logging import os + from frozendict import frozendict logger = logging.getLogger(__name__) @@ -14,9 +15,9 @@ ENV_KEY_VAULT_URL = 'VAULT_URL' ENV_KEY_VAULT_TOKEN = 'VAULT_TOKEN' ENV_KEY_VAULT_MOUNT_POINT = 'VAULT_MOUNT_POINT' + class SecretLoader: - """ - Priority order: + """Priority order: 0. Hardcoded values. This is purely for prototyping. 1. Files pointed to by environment variables. @@ -24,19 +25,19 @@ class SecretLoader: 3. Vault instance if configured. Most suited for production environments. """ - def __init__(self, env_key_prefix: str, hardcoded: dict[str,str] | None = None): + def __init__(self, env_key_prefix: str, hardcoded: dict[str, str] | None = None): assert not env_key_prefix.endswith('_') self.env_key_prefix = env_key_prefix - self.hardcoded: dict[str,str] = hardcoded if hardcoded is not None else {} + self.hardcoded: dict[str, str] = hardcoded if hardcoded is not None else {} # Setup vault self.vault_client = None if hvac: self.vault_client = hvac.Client( - url=self._load_or_none(ENV_KEY_VAULT_URL), - token=self._load_or_none(ENV_KEY_VAULT_TOKEN), - vault_mount_point=self._load_or_none(ENV_KEY_VAULT_MOUNT_POINT), + url=self._load_or_none(ENV_KEY_VAULT_URL), + token=self._load_or_none(ENV_KEY_VAULT_TOKEN), + vault_mount_point=self._load_or_none(ENV_KEY_VAULT_MOUNT_POINT), ) def load_or_fail(self, env_key: str) -> str: @@ -55,7 +56,11 @@ class SecretLoader: return value def _load_or_none(self, env_key: str) -> str | None: - return self.hardcoded.get(env_key) or self._load_or_none_path_or_file(env_key) or self._load_or_none_vault(env_key) + return ( + self.hardcoded.get(env_key) + or self._load_or_none_path_or_file(env_key) + or self._load_or_none_vault(env_key) + ) def _load_or_none_path_or_file(self, env_key: str) -> str | None: # 1. & 2. diff --git a/test/test_init.py b/test/test_init.py index d76e1ed..f3cc1ad 100644 --- a/test/test_init.py +++ b/test/test_init.py @@ -1,6 +1,6 @@ - import secret_loader + def test_init(): - loader = secret_loader.SecretLoader('TEST', hardcoded = {'KEY': 'VALUE'}) + loader = secret_loader.SecretLoader('TEST', hardcoded={'KEY': 'VALUE'}) assert loader.load('KEY') == 'VALUE'