Jmaa/secret_loader
1
0
Fork 0
Code Actions Packages

There is little reason to differentiate between hardcoded values and configuration
Some checks failed
Test Python / Test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Jon Michael Aanes 2024-07-08 00:00:50 +02:00
parent a0522f344d
commit 37721ed215
Signed by: Jmaa
SSH Key Fingerprint: SHA256:Ab0GfHGCblESJx7JRE4fj4bFy/KRpeLhi41y4pF3sNA
2 changed files with 18 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
secret_loader/__init__.py
View File

@ -14,7 +14,8 @@ db_password = secrets.load_or_fail('DATABASE_PASSWORD')
Secret loading order: Secret loading order:
0. Hardcoded values. **This is purely for debugging and prototyping.** 0. Hardcoded values. **This is purely for debugging, prototyping, and for
configuring below options.**
1. Files pointed to by environment variables. Docker friendly. 1. Files pointed to by environment variables. Docker friendly.
2. Secrets folder. Also Docker friendly. 2. Secrets folder. Also Docker friendly.
3. [Pass: the standard unix password 3. [Pass: the standard unix password
@ -38,6 +39,8 @@ try:
except ImportError: except ImportError:
hvac = None hvac = None
ENV_KEY_PREFIX = 'ENV_KEY_PREFIX'
ENV_KEY_VAULT_URL = 'VAULT_URL' ENV_KEY_VAULT_URL = 'VAULT_URL'
ENV_KEY_VAULT_TOKEN = 'VAULT_TOKEN' ENV_KEY_VAULT_TOKEN = 'VAULT_TOKEN'
ENV_KEY_VAULT_MOUNT_POINT = 'VAULT_MOUNT_POINT' ENV_KEY_VAULT_MOUNT_POINT = 'VAULT_MOUNT_POINT'
@ -51,17 +54,20 @@ class SecretLoader:
See module documentation for usage. See module documentation for usage.
""" """
def __init__(self, env_key_prefix: str, hardcoded: dict[str, str] | None = None): def __init__(self, **hardcoded: str):
assert not env_key_prefix.endswith('_'), 'Prefix must not end with _ (this will be added automatically)' # Basic setup, containing only hardcoded.
self.env_key_prefix = env_key_prefix self.hardcoded: dict[str, str] = hardcoded
self.hardcoded: dict[str, str] = hardcoded if hardcoded is not None else {}
self.pass_folder = None self.pass_folder = None
self.vault_client = None self.vault_client = None
self.env_key_prefix = None
# Setup environment
self.env_key_prefix = self._load_or_none(ENV_KEY_PREFIX)
if self.env_key_prefix is not None:
assert not self.env_key_prefix.endswith('_'), 'Prefix must not end with _ (this will be added automatically)'
# Setup pass # Setup pass
if pass_folder := self._load_or_none(ENV_KEY_PASS_FOLDER): self.pass_folder = self._load_or_none(ENV_KEY_PASS_FOLDER)
self.pass_folder = pass_folder
del pass_folder
# Setup vault # Setup vault
if hvac: if hvac:
@ -103,7 +109,7 @@ class SecretLoader:
try: try:
with open(filepath) as f: with open(filepath) as f:
return f.read().strip() return f.read().strip()
except Exception: except FileNotFoundError:
return None return None
def _load_or_none_local_password_store(self, env_key: str) -> str | None: def _load_or_none_local_password_store(self, env_key: str) -> str | None:

5
test/test_init.py
View File

@ -2,9 +2,10 @@ import secret_loader
def test_init(): def test_init():
loader = secret_loader.SecretLoader('TEST', hardcoded={'KEY': 'VALUE'}) loader = secret_loader.SecretLoader(ENV_KEY_PREFIX = 'TEST', KEY = 'VALUE')
assert loader.load('ENV_KEY_PREFIX') == 'TEST'
assert loader.load('KEY') == 'VALUE' assert loader.load('KEY') == 'VALUE'
def test_lookup_unknown(): def test_lookup_unknown():
loader = secret_loader.SecretLoader('TEST', hardcoded={}) loader = secret_loader.SecretLoader()
assert loader.load('UNKNOWN') is None assert loader.load('UNKNOWN') is None