From 4e7442495536c3f123c44e61dee302593c98173c Mon Sep 17 00:00:00 2001 From: Jon Michael Aanes Date: Sun, 7 Jul 2024 23:48:08 +0200 Subject: [PATCH] Moved documentation --- secret_loader/__init__.py | 43 +++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 13 deletions(-) diff --git a/secret_loader/__init__.py b/secret_loader/__init__.py index 024e03a..a9f91db 100644 --- a/secret_loader/__init__.py +++ b/secret_loader/__init__.py @@ -1,3 +1,29 @@ +"""# Secret Loader System. + +System for loading secrets from a variety of sources. + +Usage: + +```python +import secret_loader +secrets = secret_loader.SecretLoader(env_key_prefix = 'MYAPP') + +db_username = secrets.load_or_fail('DATABASE_USERNAME') +db_password = secrets.load_or_fail('DATABASE_PASSWORD') +``` + +Secret loading order: + +0. Hardcoded values. **This is purely for debugging and prototyping.** +1. Files pointed to by environment variables. Docker friendly. +2. Secrets folder. Also Docker friendly. +3. [Pass: the standard unix password + manager](https://www.passwordstore.org/). Most suited for personal + usage; very unsuited for server environments. Requires `pass` installed + locally, and configuration of the `PASS_FOLDER` through one of the above + methods. +4. Vault instance if configured. Suited for production environments. +""" import logging import os import subprocess @@ -19,23 +45,14 @@ ENV_KEY_VAULT_MOUNT_POINT = 'VAULT_MOUNT_POINT' ENV_KEY_PASS_FOLDER = 'PASS_FOLDER' class SecretLoader: - """System for loading secrets from a variety of sources. + """ + Main entry point for loading secrets. - Priority order: - - 0. Hardcoded values. **This is purely for debugging and prototyping.** - 1. Files pointed to by environment variables. Docker friendly. - 2. Secrets folder. Also Docker friendly. - 3. [Pass: the standard unix password - manager](https://www.passwordstore.org/). Most suited for personal - usage; very unsuited for server environments. Requires `pass` installed - locally, and configuration of the `PASS_FOLDER` through one of the above - methods. - 4. Vault instance if configured. Suited for production environments. + See module documentation for usage. """ def __init__(self, env_key_prefix: str, hardcoded: dict[str, str] | None = None): - assert not env_key_prefix.endswith('_') + assert not env_key_prefix.endswith('_'), 'Prefix must not end with _ (this will be added automatically)' self.env_key_prefix = env_key_prefix self.hardcoded: dict[str, str] = hardcoded if hardcoded is not None else {} self.pass_folder = None