1
0

README and requirements
All checks were successful
Test Python / Test (push) Successful in 23s

This commit is contained in:
Jon Michael Aanes 2024-07-08 18:10:55 +02:00
parent 5cec4b5ba8
commit e56b7c8fa4
Signed by: Jmaa
SSH Key Fingerprint: SHA256:Ab0GfHGCblESJx7JRE4fj4bFy/KRpeLhi41y4pF3sNA
4 changed files with 49 additions and 2 deletions

View File

@ -1,3 +1,46 @@
# Secret Loader # Secret Loader System.
Python library for standardized and flexible loading of secrets, like passwords, etc. System for loading secrets from a variety of sources.
Usage:
```python
import secret_loader
secrets = secret_loader.SecretLoader(env_key_prefix = 'MYAPP')
db_username = secrets.load_or_fail('DATABASE_USERNAME')
db_password = secrets.load_or_fail('DATABASE_PASSWORD')
```
Secret loading order:
0. Hardcoded values. **This is purely for debugging, prototyping, and for
configuring below options.**
1. Files pointed to by environment variables. Docker friendly.
2. Secrets folder. Also Docker friendly.
3. [Pass: the standard unix password
manager](https://www.passwordstore.org/). Most suited for personal
usage; very unsuited for server environments. Requires `pass` installed
locally, and configuration of the `PASS_STORE_SUBFOLDER` through one of the above
methods.
4. Vault instance if configured. Suited for production environments.
## TODO
- [ ] Avoid leakage to swap files.
* Possibly Mlock? [Does not seem to work](https://stackoverflow.com/questions/29524020/prevent-ram-from-paging-to-swap-area-mlock)
* Alternatively use [mmap](https://docs.python.org/3/library/mmap.html) and [memoryview](https://stackoverflow.com/questions/18655648/what-exactly-is-the-point-of-memoryview-in-python)?§
- [ ] Wrap secrets in intelligent strings:
* Instead of returning None on unloaded, return UnknownSecret, that produce
error when formatted.
* `repr(secret)` should not include contents, but only the secret and how
it was loaded.
* Methods on `Secret` should be kept minimal.
- [ ] Vault:
* [ ] Ensure vault code path works.
* [ ] Document usage and requirements.
## License
Copyright 2024 Jon Michael Aanes.
All rights reserved.

1
requirements.txt Normal file
View File

@ -0,0 +1 @@
frozendict

1
requirements_test.txt Normal file
View File

@ -0,0 +1 @@
pytest

View File

@ -48,9 +48,11 @@ def determine_short_description(readme: str) -> str:
REQUIREMENTS_MAIN = """ REQUIREMENTS_MAIN = """
frozendict
""" """
REQUIREMENTS_TEST = """ REQUIREMENTS_TEST = """
pytest
""" """