Compare commits
No commits in common. "e5afd4a12f4e0c8958dfc63355453e8ab45c0903" and "03d5f5fa045df01e9a2974cf80669ab3552d58f4" have entirely different histories.
e5afd4a12f
...
03d5f5fa04
|
@ -6,8 +6,7 @@ Usage:
|
||||||
|
|
||||||
```python
|
```python
|
||||||
import secret_loader
|
import secret_loader
|
||||||
|
secrets = secret_loader.SecretLoader(env_key_prefix = 'MYAPP')
|
||||||
secrets = secret_loader.SecretLoader(env_key_prefix='MYAPP')
|
|
||||||
|
|
||||||
db_username = secrets.load_or_fail('DATABASE_USERNAME')
|
db_username = secrets.load_or_fail('DATABASE_USERNAME')
|
||||||
db_password = secrets.load_or_fail('DATABASE_PASSWORD')
|
db_password = secrets.load_or_fail('DATABASE_PASSWORD')
|
||||||
|
@ -91,7 +90,6 @@ See more ways to supply the secret here:
|
||||||
https://gitfub.space/Jmaa/secret_loader
|
https://gitfub.space/Jmaa/secret_loader
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
||||||
class SecretLoader:
|
class SecretLoader:
|
||||||
"""Main entry point for loading secrets.
|
"""Main entry point for loading secrets.
|
||||||
|
|
||||||
|
@ -112,12 +110,8 @@ class SecretLoader:
|
||||||
# Setup environment
|
# Setup environment
|
||||||
self.env_key_prefix = self._load_or_none(ENV_KEY_PREFIX)
|
self.env_key_prefix = self._load_or_none(ENV_KEY_PREFIX)
|
||||||
if self.env_key_prefix is not None:
|
if self.env_key_prefix is not None:
|
||||||
assert (
|
assert self.env_key_prefix == self.env_key_prefix.upper(), 'Prefix must be uppercase'
|
||||||
self.env_key_prefix == self.env_key_prefix.upper()
|
assert not self.env_key_prefix.endswith('_'), 'Prefix must not end with _ (this will be added automatically)'
|
||||||
), 'Prefix must be uppercase'
|
|
||||||
assert not self.env_key_prefix.endswith(
|
|
||||||
'_',
|
|
||||||
), 'Prefix must not end with _ (this will be added automatically)'
|
|
||||||
|
|
||||||
# Setup pass
|
# Setup pass
|
||||||
self.pass_folder = self._load_or_none(ENV_KEY_PASS_FOLDER)
|
self.pass_folder = self._load_or_none(ENV_KEY_PASS_FOLDER)
|
||||||
|
@ -171,9 +165,7 @@ class SecretLoader:
|
||||||
Returns `None` if the secret is not present in either the environment
|
Returns `None` if the secret is not present in either the environment
|
||||||
or the directory.
|
or the directory.
|
||||||
"""
|
"""
|
||||||
filepath: Path | str | None = os.environ.get(
|
filepath: Path | str | None = os.environ.get(f'{self.env_key_prefix}_{secret_name.upper()}')
|
||||||
f'{self.env_key_prefix}_{secret_name.upper()}',
|
|
||||||
)
|
|
||||||
|
|
||||||
if filepath is None:
|
if filepath is None:
|
||||||
filepath = DEFAULT_SECRETS_DIRECTORY / secret_name.lower()
|
filepath = DEFAULT_SECRETS_DIRECTORY / secret_name.lower()
|
||||||
|
@ -194,7 +186,7 @@ class SecretLoader:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
cmd = ['pass', 'show', f'{self.pass_folder}/{secret_name.lower()}']
|
cmd = ['pass', 'show', f'{self.pass_folder}/{secret_name.lower()}']
|
||||||
process = subprocess.run(cmd, capture_output=True, check=True)
|
process = subprocess.run(cmd, capture_output = True)
|
||||||
if process.returncode:
|
if process.returncode:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
@ -226,20 +218,11 @@ class SecretLoader:
|
||||||
enabled.
|
enabled.
|
||||||
"""
|
"""
|
||||||
solutions_list = []
|
solutions_list = []
|
||||||
solutions_list.append(
|
solutions_list.append(f'Write secret to file: \033[1m{DEFAULT_SECRETS_DIRECTORY}/{secret_name.lower()}\033[0m')
|
||||||
f'Write secret to file: \033[1m{DEFAULT_SECRETS_DIRECTORY}/{secret_name.lower()}\033[0m',
|
|
||||||
)
|
|
||||||
if self.env_key_prefix is not None:
|
if self.env_key_prefix is not None:
|
||||||
solutions_list.append(
|
solutions_list.append(f'Add environment variable pointing to written secret: \033[1m{self.env_key_prefix}_{secret_name.upper()}\033[0m')
|
||||||
f'Add environment variable pointing to written secret: \033[1m{self.env_key_prefix}_{secret_name.upper()}\033[0m',
|
|
||||||
)
|
|
||||||
if self.pass_folder is not None:
|
if self.pass_folder is not None:
|
||||||
solutions_list.append(
|
solutions_list.append(f'Write secret to password store entry: \033[1m{self.pass_folder}/{secret_name.lower()}\033[0m')
|
||||||
f'Write secret to password store entry: \033[1m{self.pass_folder}/{secret_name.lower()}\033[0m',
|
|
||||||
)
|
|
||||||
|
|
||||||
solutions_list = '\n'.join([f'* {s}' for s in solutions_list])
|
solutions_list = '\n'.join([f'* {s}' for s in solutions_list])
|
||||||
return ERROR_MESSAGE_FORMAT.format(
|
return ERROR_MESSAGE_FORMAT.format(secret_name = secret_name, solutions_list=solutions_list)
|
||||||
secret_name=secret_name,
|
|
||||||
solutions_list=solutions_list,
|
|
||||||
)
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
# Dummy
|
|
|
@ -2,11 +2,10 @@ import secret_loader
|
||||||
|
|
||||||
|
|
||||||
def test_hardcoded():
|
def test_hardcoded():
|
||||||
loader = secret_loader.SecretLoader(ENV_KEY_PREFIX='TEST', KEY='VALUE')
|
loader = secret_loader.SecretLoader(ENV_KEY_PREFIX = 'TEST', KEY = 'VALUE')
|
||||||
assert loader.load('ENV_KEY_PREFIX') == 'TEST'
|
assert loader.load('ENV_KEY_PREFIX') == 'TEST'
|
||||||
assert loader.load('KEY') == 'VALUE'
|
assert loader.load('KEY') == 'VALUE'
|
||||||
|
|
||||||
|
|
||||||
def test_lookup_unknown():
|
def test_lookup_unknown():
|
||||||
loader = secret_loader.SecretLoader()
|
loader = secret_loader.SecretLoader()
|
||||||
assert loader.load('UNKNOWN') is None
|
assert loader.load('UNKNOWN') is None
|
||||||
|
|
Loading…
Reference in New Issue
Block a user