1
0
System for loading secrets from a variety of sources.
Go to file
Jon Michael Aanes e56b7c8fa4
All checks were successful
Test Python / Test (push) Successful in 23s
README and requirements
2024-07-08 18:10:55 +02:00
.gitea/workflows 🤖 Repository layout updated to latest Python version 2024-06-12 23:02:57 +02:00
secret_loader 🤖 Bumped version to 0.1.4 2024-07-08 00:55:27 +02:00
test There is little reason to differentiate between hardcoded values and configuration 2024-07-08 00:00:50 +02:00
.gitignore 🤖 Repository layout updated to latest Python version 2024-06-13 22:01:55 +02:00
README.md README and requirements 2024-07-08 18:10:55 +02:00
requirements_test.txt README and requirements 2024-07-08 18:10:55 +02:00
requirements.txt README and requirements 2024-07-08 18:10:55 +02:00
ruff.toml 🤖 Repository layout updated to latest Python version 2024-06-16 02:17:48 +02:00
setup.py README and requirements 2024-07-08 18:10:55 +02:00

Secret Loader System.

System for loading secrets from a variety of sources.

Usage:

import secret_loader
secrets = secret_loader.SecretLoader(env_key_prefix = 'MYAPP')

db_username = secrets.load_or_fail('DATABASE_USERNAME')
db_password = secrets.load_or_fail('DATABASE_PASSWORD')

Secret loading order:

  1. Hardcoded values. This is purely for debugging, prototyping, and for configuring below options.
  2. Files pointed to by environment variables. Docker friendly.
  3. Secrets folder. Also Docker friendly.
  4. Pass: the standard unix password manager. Most suited for personal usage; very unsuited for server environments. Requires pass installed locally, and configuration of the PASS_STORE_SUBFOLDER through one of the above methods.
  5. Vault instance if configured. Suited for production environments.

TODO

  • Avoid leakage to swap files.
  • Wrap secrets in intelligent strings:
    • Instead of returning None on unloaded, return UnknownSecret, that produce error when formatted.
    • repr(secret) should not include contents, but only the secret and how it was loaded.
    • Methods on Secret should be kept minimal.
  • Vault:
    • Ensure vault code path works.
    • Document usage and requirements.

License

Copyright 2024 Jon Michael Aanes. All rights reserved.