1
0
This commit is contained in:
Jon Michael Aanes 2024-07-23 00:45:59 +02:00
parent 03d5f5fa04
commit 86c6d1f02a
Signed by: Jmaa
SSH Key Fingerprint: SHA256:Ab0GfHGCblESJx7JRE4fj4bFy/KRpeLhi41y4pF3sNA
2 changed files with 27 additions and 10 deletions

View File

@ -6,7 +6,8 @@ Usage:
```python ```python
import secret_loader import secret_loader
secrets = secret_loader.SecretLoader(env_key_prefix = 'MYAPP')
secrets = secret_loader.SecretLoader(env_key_prefix='MYAPP')
db_username = secrets.load_or_fail('DATABASE_USERNAME') db_username = secrets.load_or_fail('DATABASE_USERNAME')
db_password = secrets.load_or_fail('DATABASE_PASSWORD') db_password = secrets.load_or_fail('DATABASE_PASSWORD')
@ -90,6 +91,7 @@ See more ways to supply the secret here:
https://gitfub.space/Jmaa/secret_loader https://gitfub.space/Jmaa/secret_loader
""" """
class SecretLoader: class SecretLoader:
"""Main entry point for loading secrets. """Main entry point for loading secrets.
@ -110,8 +112,12 @@ class SecretLoader:
# Setup environment # Setup environment
self.env_key_prefix = self._load_or_none(ENV_KEY_PREFIX) self.env_key_prefix = self._load_or_none(ENV_KEY_PREFIX)
if self.env_key_prefix is not None: if self.env_key_prefix is not None:
assert self.env_key_prefix == self.env_key_prefix.upper(), 'Prefix must be uppercase' assert (
assert not self.env_key_prefix.endswith('_'), 'Prefix must not end with _ (this will be added automatically)' self.env_key_prefix == self.env_key_prefix.upper()
), 'Prefix must be uppercase'
assert not self.env_key_prefix.endswith(
'_',
), 'Prefix must not end with _ (this will be added automatically)'
# Setup pass # Setup pass
self.pass_folder = self._load_or_none(ENV_KEY_PASS_FOLDER) self.pass_folder = self._load_or_none(ENV_KEY_PASS_FOLDER)
@ -165,7 +171,9 @@ class SecretLoader:
Returns `None` if the secret is not present in either the environment Returns `None` if the secret is not present in either the environment
or the directory. or the directory.
""" """
filepath: Path | str | None = os.environ.get(f'{self.env_key_prefix}_{secret_name.upper()}') filepath: Path | str | None = os.environ.get(
f'{self.env_key_prefix}_{secret_name.upper()}',
)
if filepath is None: if filepath is None:
filepath = DEFAULT_SECRETS_DIRECTORY / secret_name.lower() filepath = DEFAULT_SECRETS_DIRECTORY / secret_name.lower()
@ -186,7 +194,7 @@ class SecretLoader:
return None return None
cmd = ['pass', 'show', f'{self.pass_folder}/{secret_name.lower()}'] cmd = ['pass', 'show', f'{self.pass_folder}/{secret_name.lower()}']
process = subprocess.run(cmd, capture_output = True) process = subprocess.run(cmd, capture_output=True)
if process.returncode: if process.returncode:
return None return None
@ -218,11 +226,19 @@ class SecretLoader:
enabled. enabled.
""" """
solutions_list = [] solutions_list = []
solutions_list.append(f'Write secret to file: \033[1m{DEFAULT_SECRETS_DIRECTORY}/{secret_name.lower()}\033[0m') solutions_list.append(
f'Write secret to file: \033[1m{DEFAULT_SECRETS_DIRECTORY}/{secret_name.lower()}\033[0m',
)
if self.env_key_prefix is not None: if self.env_key_prefix is not None:
solutions_list.append(f'Add environment variable pointing to written secret: \033[1m{self.env_key_prefix}_{secret_name.upper()}\033[0m') solutions_list.append(
f'Add environment variable pointing to written secret: \033[1m{self.env_key_prefix}_{secret_name.upper()}\033[0m',
)
if self.pass_folder is not None: if self.pass_folder is not None:
solutions_list.append(f'Write secret to password store entry: \033[1m{self.pass_folder}/{secret_name.lower()}\033[0m') solutions_list.append(
f'Write secret to password store entry: \033[1m{self.pass_folder}/{secret_name.lower()}\033[0m',
)
solutions_list = '\n'.join([f'* {s}' for s in solutions_list]) solutions_list = '\n'.join([f'* {s}' for s in solutions_list])
return ERROR_MESSAGE_FORMAT.format(secret_name = secret_name, solutions_list=solutions_list) return ERROR_MESSAGE_FORMAT.format(
secret_name=secret_name, solutions_list=solutions_list,
)

View File

@ -2,10 +2,11 @@ import secret_loader
def test_hardcoded(): def test_hardcoded():
loader = secret_loader.SecretLoader(ENV_KEY_PREFIX = 'TEST', KEY = 'VALUE') loader = secret_loader.SecretLoader(ENV_KEY_PREFIX='TEST', KEY='VALUE')
assert loader.load('ENV_KEY_PREFIX') == 'TEST' assert loader.load('ENV_KEY_PREFIX') == 'TEST'
assert loader.load('KEY') == 'VALUE' assert loader.load('KEY') == 'VALUE'
def test_lookup_unknown(): def test_lookup_unknown():
loader = secret_loader.SecretLoader() loader = secret_loader.SecretLoader()
assert loader.load('UNKNOWN') is None assert loader.load('UNKNOWN') is None