This commit is contained in:
parent
5cec4b5ba8
commit
e56b7c8fa4
47
README.md
47
README.md
|
@ -1,3 +1,46 @@
|
||||||
# Secret Loader
|
# Secret Loader System.
|
||||||
|
|
||||||
Python library for standardized and flexible loading of secrets, like passwords, etc.
|
System for loading secrets from a variety of sources.
|
||||||
|
|
||||||
|
Usage:
|
||||||
|
|
||||||
|
```python
|
||||||
|
import secret_loader
|
||||||
|
secrets = secret_loader.SecretLoader(env_key_prefix = 'MYAPP')
|
||||||
|
|
||||||
|
db_username = secrets.load_or_fail('DATABASE_USERNAME')
|
||||||
|
db_password = secrets.load_or_fail('DATABASE_PASSWORD')
|
||||||
|
```
|
||||||
|
|
||||||
|
Secret loading order:
|
||||||
|
|
||||||
|
0. Hardcoded values. **This is purely for debugging, prototyping, and for
|
||||||
|
configuring below options.**
|
||||||
|
1. Files pointed to by environment variables. Docker friendly.
|
||||||
|
2. Secrets folder. Also Docker friendly.
|
||||||
|
3. [Pass: the standard unix password
|
||||||
|
manager](https://www.passwordstore.org/). Most suited for personal
|
||||||
|
usage; very unsuited for server environments. Requires `pass` installed
|
||||||
|
locally, and configuration of the `PASS_STORE_SUBFOLDER` through one of the above
|
||||||
|
methods.
|
||||||
|
4. Vault instance if configured. Suited for production environments.
|
||||||
|
|
||||||
|
## TODO
|
||||||
|
|
||||||
|
- [ ] Avoid leakage to swap files.
|
||||||
|
* Possibly Mlock? [Does not seem to work](https://stackoverflow.com/questions/29524020/prevent-ram-from-paging-to-swap-area-mlock)
|
||||||
|
* Alternatively use [mmap](https://docs.python.org/3/library/mmap.html) and [memoryview](https://stackoverflow.com/questions/18655648/what-exactly-is-the-point-of-memoryview-in-python)?§
|
||||||
|
- [ ] Wrap secrets in intelligent strings:
|
||||||
|
* Instead of returning None on unloaded, return UnknownSecret, that produce
|
||||||
|
error when formatted.
|
||||||
|
* `repr(secret)` should not include contents, but only the secret and how
|
||||||
|
it was loaded.
|
||||||
|
* Methods on `Secret` should be kept minimal.
|
||||||
|
- [ ] Vault:
|
||||||
|
* [ ] Ensure vault code path works.
|
||||||
|
* [ ] Document usage and requirements.
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
Copyright 2024 Jon Michael Aanes.
|
||||||
|
All rights reserved.
|
||||||
|
|
1
requirements.txt
Normal file
1
requirements.txt
Normal file
|
@ -0,0 +1 @@
|
||||||
|
frozendict
|
1
requirements_test.txt
Normal file
1
requirements_test.txt
Normal file
|
@ -0,0 +1 @@
|
||||||
|
pytest
|
Loading…
Reference in New Issue
Block a user