This commit is contained in:
parent
463f92167e
commit
4e74424955
SSH Key Fingerprint:
SHA256:Ab0GfHGCblESJx7JRE4fj4bFy/KRpeLhi41y4pF3sNA
|
|
@ -1,3 +1,29 @@
|
|||
"""# Secret Loader System.
|
||||
|
||||
System for loading secrets from a variety of sources.
|
||||
|
||||
Usage:
|
||||
|
||||
```python
|
||||
import secret_loader
|
||||
secrets = secret_loader.SecretLoader(env_key_prefix = 'MYAPP')
|
||||
|
||||
db_username = secrets.load_or_fail('DATABASE_USERNAME')
|
||||
db_password = secrets.load_or_fail('DATABASE_PASSWORD')
|
||||
```
|
||||
|
||||
Secret loading order:
|
||||
|
||||
0. Hardcoded values. **This is purely for debugging and prototyping.**
|
||||
1. Files pointed to by environment variables. Docker friendly.
|
||||
2. Secrets folder. Also Docker friendly.
|
||||
3. [Pass: the standard unix password
|
||||
manager](https://www.passwordstore.org/). Most suited for personal
|
||||
usage; very unsuited for server environments. Requires `pass` installed
|
||||
locally, and configuration of the `PASS_FOLDER` through one of the above
|
||||
methods.
|
||||
4. Vault instance if configured. Suited for production environments.
|
||||
"""
|
||||
import logging
|
||||
import os
|
||||
import subprocess
|
||||
|
|
@ -19,23 +45,14 @@ ENV_KEY_VAULT_MOUNT_POINT = 'VAULT_MOUNT_POINT'
|
|||
ENV_KEY_PASS_FOLDER = 'PASS_FOLDER'
|
||||
|
||||
class SecretLoader:
|
||||
"""System for loading secrets from a variety of sources.
|
||||
"""
|
||||
Main entry point for loading secrets.
|
||||
|
||||
Priority order:
|
||||
|
||||
0. Hardcoded values. **This is purely for debugging and prototyping.**
|
||||
1. Files pointed to by environment variables. Docker friendly.
|
||||
2. Secrets folder. Also Docker friendly.
|
||||
3. [Pass: the standard unix password
|
||||
manager](https://www.passwordstore.org/). Most suited for personal
|
||||
usage; very unsuited for server environments. Requires `pass` installed
|
||||
locally, and configuration of the `PASS_FOLDER` through one of the above
|
||||
methods.
|
||||
4. Vault instance if configured. Suited for production environments.
|
||||
See module documentation for usage.
|
||||
"""
|
||||
|
||||
def __init__(self, env_key_prefix: str, hardcoded: dict[str, str] | None = None):
|
||||
assert not env_key_prefix.endswith('_')
|
||||
assert not env_key_prefix.endswith('_'), 'Prefix must not end with _ (this will be added automatically)'
|
||||
self.env_key_prefix = env_key_prefix
|
||||
self.hardcoded: dict[str, str] = hardcoded if hardcoded is not None else {}
|
||||
self.pass_folder = None
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user