parent
66f82967b0
commit
1b5f49aab0
|
@ -1,5 +1,6 @@
|
|||
import logging
|
||||
import os
|
||||
|
||||
from frozendict import frozendict
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
@ -14,9 +15,9 @@ ENV_KEY_VAULT_URL = 'VAULT_URL'
|
|||
ENV_KEY_VAULT_TOKEN = 'VAULT_TOKEN'
|
||||
ENV_KEY_VAULT_MOUNT_POINT = 'VAULT_MOUNT_POINT'
|
||||
|
||||
|
||||
class SecretLoader:
|
||||
"""
|
||||
Priority order:
|
||||
"""Priority order:
|
||||
|
||||
0. Hardcoded values. This is purely for prototyping.
|
||||
1. Files pointed to by environment variables.
|
||||
|
@ -24,19 +25,19 @@ class SecretLoader:
|
|||
3. Vault instance if configured. Most suited for production environments.
|
||||
"""
|
||||
|
||||
def __init__(self, env_key_prefix: str, hardcoded: dict[str,str] | None = None):
|
||||
def __init__(self, env_key_prefix: str, hardcoded: dict[str, str] | None = None):
|
||||
assert not env_key_prefix.endswith('_')
|
||||
self.env_key_prefix = env_key_prefix
|
||||
|
||||
self.hardcoded: dict[str,str] = hardcoded if hardcoded is not None else {}
|
||||
self.hardcoded: dict[str, str] = hardcoded if hardcoded is not None else {}
|
||||
|
||||
# Setup vault
|
||||
self.vault_client = None
|
||||
if hvac:
|
||||
self.vault_client = hvac.Client(
|
||||
url=self._load_or_none(ENV_KEY_VAULT_URL),
|
||||
token=self._load_or_none(ENV_KEY_VAULT_TOKEN),
|
||||
vault_mount_point=self._load_or_none(ENV_KEY_VAULT_MOUNT_POINT),
|
||||
url=self._load_or_none(ENV_KEY_VAULT_URL),
|
||||
token=self._load_or_none(ENV_KEY_VAULT_TOKEN),
|
||||
vault_mount_point=self._load_or_none(ENV_KEY_VAULT_MOUNT_POINT),
|
||||
)
|
||||
|
||||
def load_or_fail(self, env_key: str) -> str:
|
||||
|
@ -55,7 +56,11 @@ class SecretLoader:
|
|||
return value
|
||||
|
||||
def _load_or_none(self, env_key: str) -> str | None:
|
||||
return self.hardcoded.get(env_key) or self._load_or_none_path_or_file(env_key) or self._load_or_none_vault(env_key)
|
||||
return (
|
||||
self.hardcoded.get(env_key)
|
||||
or self._load_or_none_path_or_file(env_key)
|
||||
or self._load_or_none_vault(env_key)
|
||||
)
|
||||
|
||||
def _load_or_none_path_or_file(self, env_key: str) -> str | None:
|
||||
# 1. & 2.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
|
||||
import secret_loader
|
||||
|
||||
|
||||
def test_init():
|
||||
loader = secret_loader.SecretLoader('TEST', hardcoded = {'KEY': 'VALUE'})
|
||||
loader = secret_loader.SecretLoader('TEST', hardcoded={'KEY': 'VALUE'})
|
||||
assert loader.load('KEY') == 'VALUE'
|
||||
|
|
Loading…
Reference in New Issue
Block a user