secret_loader/__init__.py

@@ -118,19 +118,15 @@ class SecretLoader:
         self.env_key_prefix = self._load_or_none(ENV_KEY_PREFIX)
         if self.env_key_prefix is not None:
             logger.info('Environment enabled with prefix: %s', self.env_key_prefix)
-            if self.env_key_prefix != self.env_key_prefix.upper():
+            assert (
-                msg = 'Prefix must be uppercase'
+                self.env_key_prefix == self.env_key_prefix.upper()
-                raise ValueError(msg)
+            ), 'Prefix must be uppercase'
-            if self.env_key_prefix.endswith('_'):
+            assert not self.env_key_prefix.endswith(
-                msg = 'Prefix must not end with _ (this will be added automatically)'
+                '_',
-                raise ValueError(msg)
+            ), 'Prefix must not end with _ (this will be added automatically)'
 
         # Setup secrets path
-        self.secret_folder = Path(
+        self.secret_folder = Path(self.hardcoded.get(ENV_KEY_SECRETS_DIRECTORY) or self._load_or_none_env(ENV_KEY_SECRETS_DIRECTORY) or DEFAULT_SECRETS_DIRECTORY)
-            self.hardcoded.get(ENV_KEY_SECRETS_DIRECTORY)
-            or self._load_or_none_env(ENV_KEY_SECRETS_DIRECTORY)
-            or DEFAULT_SECRETS_DIRECTORY,
-        )
 
         # Setup pass
         self.pass_folder = self._load_or_none(ENV_KEY_PASS_FOLDER)
@@ -210,12 +206,8 @@ class SecretLoader:
         if self.pass_folder is None:
             return None
 
-        process = subprocess.run(  # noqa: S603
+        cmd = ['pass', 'show', f'{self.pass_folder}/{secret_name.lower()}']
-            ['/usr/bin/pass', 'show', f'{self.pass_folder}/{secret_name.lower()}'],
+        process = subprocess.run(cmd, capture_output=True, check=False)
-            capture_output=True,
-            check=False,
-            shell=False,
-        )
         if process.returncode:
             return None