Jmaa/secret_loader
1
0
Fork 0
Code Actions Packages

Ruff
Some checks failed
Test Python / Test (push) Failing after 20s
Details

Browse Source
This commit is contained in:
Jon Michael Aanes 2024-06-12 23:36:32 +02:00
parent 66f82967b0
commit 1b5f49aab0
Signed by: Jmaa
SSH Key Fingerprint: SHA256:Ab0GfHGCblESJx7JRE4fj4bFy/KRpeLhi41y4pF3sNA
2 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
secret_loader/__init__.py
View File

@ -1,5 +1,6 @@
import logging import logging
import os import os
from frozendict import frozendict from frozendict import frozendict
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -14,9 +15,9 @@ ENV_KEY_VAULT_URL = 'VAULT_URL'
ENV_KEY_VAULT_TOKEN = 'VAULT_TOKEN' ENV_KEY_VAULT_TOKEN = 'VAULT_TOKEN'
ENV_KEY_VAULT_MOUNT_POINT = 'VAULT_MOUNT_POINT' ENV_KEY_VAULT_MOUNT_POINT = 'VAULT_MOUNT_POINT'
class SecretLoader: class SecretLoader:
""" """Priority order:
Priority order:
0. Hardcoded values. This is purely for prototyping. 0. Hardcoded values. This is purely for prototyping.
1. Files pointed to by environment variables. 1. Files pointed to by environment variables.
@ -24,19 +25,19 @@ class SecretLoader:
3. Vault instance if configured. Most suited for production environments. 3. Vault instance if configured. Most suited for production environments.
""" """
def __init__(self, env_key_prefix: str, hardcoded: dict[str,str] | None = None): def __init__(self, env_key_prefix: str, hardcoded: dict[str, str] | None = None):
assert not env_key_prefix.endswith('_') assert not env_key_prefix.endswith('_')
self.env_key_prefix = env_key_prefix self.env_key_prefix = env_key_prefix
self.hardcoded: dict[str,str] = hardcoded if hardcoded is not None else {} self.hardcoded: dict[str, str] = hardcoded if hardcoded is not None else {}
# Setup vault # Setup vault
self.vault_client = None self.vault_client = None
if hvac: if hvac:
self.vault_client = hvac.Client( self.vault_client = hvac.Client(
url=self._load_or_none(ENV_KEY_VAULT_URL), url=self._load_or_none(ENV_KEY_VAULT_URL),
token=self._load_or_none(ENV_KEY_VAULT_TOKEN), token=self._load_or_none(ENV_KEY_VAULT_TOKEN),
vault_mount_point=self._load_or_none(ENV_KEY_VAULT_MOUNT_POINT), vault_mount_point=self._load_or_none(ENV_KEY_VAULT_MOUNT_POINT),
) )
def load_or_fail(self, env_key: str) -> str: def load_or_fail(self, env_key: str) -> str:
@ -55,7 +56,11 @@ class SecretLoader:
return value return value
def _load_or_none(self, env_key: str) -> str | None: def _load_or_none(self, env_key: str) -> str | None:
return self.hardcoded.get(env_key) or self._load_or_none_path_or_file(env_key) or self._load_or_none_vault(env_key) return (
self.hardcoded.get(env_key)
or self._load_or_none_path_or_file(env_key)
or self._load_or_none_vault(env_key)
)
def _load_or_none_path_or_file(self, env_key: str) -> str | None: def _load_or_none_path_or_file(self, env_key: str) -> str | None:
# 1. & 2. # 1. & 2.

4
test/test_init.py
View File

@ -1,6 +1,6 @@
import secret_loader import secret_loader
def test_init(): def test_init():
loader = secret_loader.SecretLoader('TEST', hardcoded = {'KEY': 'VALUE'}) loader = secret_loader.SecretLoader('TEST', hardcoded={'KEY': 'VALUE'})
assert loader.load('KEY') == 'VALUE' assert loader.load('KEY') == 'VALUE'