diff --git a/README.md b/README.md index 24e69d5..ed9bc04 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,46 @@ -# Secret Loader +# Secret Loader System. -Python library for standardized and flexible loading of secrets, like passwords, etc. +System for loading secrets from a variety of sources. + +Usage: + +```python +import secret_loader +secrets = secret_loader.SecretLoader(env_key_prefix = 'MYAPP') + +db_username = secrets.load_or_fail('DATABASE_USERNAME') +db_password = secrets.load_or_fail('DATABASE_PASSWORD') +``` + +Secret loading order: + +0. Hardcoded values. **This is purely for debugging, prototyping, and for + configuring below options.** +1. Files pointed to by environment variables. Docker friendly. +2. Secrets folder. Also Docker friendly. +3. [Pass: the standard unix password + manager](https://www.passwordstore.org/). Most suited for personal + usage; very unsuited for server environments. Requires `pass` installed + locally, and configuration of the `PASS_STORE_SUBFOLDER` through one of the above + methods. +4. Vault instance if configured. Suited for production environments. + +## TODO + +- [ ] Avoid leakage to swap files. + * Possibly Mlock? [Does not seem to work](https://stackoverflow.com/questions/29524020/prevent-ram-from-paging-to-swap-area-mlock) + * Alternatively use [mmap](https://docs.python.org/3/library/mmap.html) and [memoryview](https://stackoverflow.com/questions/18655648/what-exactly-is-the-point-of-memoryview-in-python)?ยง +- [ ] Wrap secrets in intelligent strings: + * Instead of returning None on unloaded, return UnknownSecret, that produce + error when formatted. + * `repr(secret)` should not include contents, but only the secret and how + it was loaded. + * Methods on `Secret` should be kept minimal. +- [ ] Vault: + * [ ] Ensure vault code path works. + * [ ] Document usage and requirements. + +## License + +Copyright 2024 Jon Michael Aanes. +All rights reserved. diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..302328f --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +frozendict diff --git a/requirements_test.txt b/requirements_test.txt new file mode 100644 index 0000000..e079f8a --- /dev/null +++ b/requirements_test.txt @@ -0,0 +1 @@ +pytest diff --git a/setup.py b/setup.py index 7171814..1ec7bae 100644 --- a/setup.py +++ b/setup.py @@ -48,9 +48,11 @@ def determine_short_description(readme: str) -> str: REQUIREMENTS_MAIN = """ +frozendict """ REQUIREMENTS_TEST = """ +pytest """