1
0

Moved documentation
Some checks failed
Test Python / Test (push) Failing after 22s

This commit is contained in:
Jon Michael Aanes 2024-07-07 23:48:08 +02:00
parent 463f92167e
commit 4e74424955
Signed by: Jmaa
SSH Key Fingerprint: SHA256:Ab0GfHGCblESJx7JRE4fj4bFy/KRpeLhi41y4pF3sNA

View File

@ -1,3 +1,29 @@
"""# Secret Loader System.
System for loading secrets from a variety of sources.
Usage:
```python
import secret_loader
secrets = secret_loader.SecretLoader(env_key_prefix = 'MYAPP')
db_username = secrets.load_or_fail('DATABASE_USERNAME')
db_password = secrets.load_or_fail('DATABASE_PASSWORD')
```
Secret loading order:
0. Hardcoded values. **This is purely for debugging and prototyping.**
1. Files pointed to by environment variables. Docker friendly.
2. Secrets folder. Also Docker friendly.
3. [Pass: the standard unix password
manager](https://www.passwordstore.org/). Most suited for personal
usage; very unsuited for server environments. Requires `pass` installed
locally, and configuration of the `PASS_FOLDER` through one of the above
methods.
4. Vault instance if configured. Suited for production environments.
"""
import logging
import os
import subprocess
@ -19,23 +45,14 @@ ENV_KEY_VAULT_MOUNT_POINT = 'VAULT_MOUNT_POINT'
ENV_KEY_PASS_FOLDER = 'PASS_FOLDER'
class SecretLoader:
"""System for loading secrets from a variety of sources.
"""
Main entry point for loading secrets.
Priority order:
0. Hardcoded values. **This is purely for debugging and prototyping.**
1. Files pointed to by environment variables. Docker friendly.
2. Secrets folder. Also Docker friendly.
3. [Pass: the standard unix password
manager](https://www.passwordstore.org/). Most suited for personal
usage; very unsuited for server environments. Requires `pass` installed
locally, and configuration of the `PASS_FOLDER` through one of the above
methods.
4. Vault instance if configured. Suited for production environments.
See module documentation for usage.
"""
def __init__(self, env_key_prefix: str, hardcoded: dict[str, str] | None = None):
assert not env_key_prefix.endswith('_')
assert not env_key_prefix.endswith('_'), 'Prefix must not end with _ (this will be added automatically)'
self.env_key_prefix = env_key_prefix
self.hardcoded: dict[str, str] = hardcoded if hardcoded is not None else {}
self.pass_folder = None