AWS secrets manager helper
Project description
aws-vault
version number: 0.1.1 author: Spacetime Labs
Why
It's pretty handy using the AWS Secrets Manager to store sensitive KEY and VALUE pars such as an AWS bucket, database, credentials to external API and other services. Then you'll need something simple to get those secrets in your project rather than using boto directly, you also might need an environment variables fall back and have multiple environment (testing, staging, production) support.
Overview
Given secrets created in the AWS Secrets Manager:
Installation / Usage
To install use pip:
$ pip install awsvault
Or clone the repo:
$ git clone https://github.com/spacetimelabs/awsvault.git
$ python setup.py install
Usage
Basic usage
from awsvault import Vault
vault = Vault("myproject/email/prod")
email_user = vault.get("EMAIL_USER")
email_password = vault.get("EMAIL_PASS")
More than on set of secrets
from awsvault import Vault
vault = Vault("myproject/email/prod,myproject/database/prod")
email_user = vault.get("EMAIL_USER")
email_password = vault.get("EMAIL_PASS")
db_hostname = vault.get("DB_HOSTNAME")
db_username = vault.get("DB_USERNAME")
db_password = vault.get("DB_PASSWORD")
Get values from environment variables (Local/Development)
from awsvault import Vault
vault = Vault(None)
email_user = vault.get("EMAIL_USER")
How we usually use it
import os
from awsvault import Vault
# In dev, the PROJECT_SECRETS is None and all secrets are set in the environment variables
# In testing, the PROJECT_SECRETS is mysecret/testing
# In prod, the PROJECT_SECRETS is mysecret/prod
PROJECT_SECRETS = os.environ['PROJECT_SECRETS']
# Then
vault = Vault(PROJECT_SECRETS)
my_secret = vault.get("MY_SECRET")
It's also possible to override the default os.environ
fall back to a dict or something callable
OVERRIDE = {
'EMAIL_USER': 'bart.simpsons@example.com'
}
vault = Vault("myproject/email_secrets", look_first=OVERRIDE)
email_user = vault.get('EMAIL_USER')
assert email_user == 'bart.simpsons@example.com'
def my_super_special_get_config_fn(name):
if name == 'FRUIT':
return 'avocado'
vault = Vault("myproject/email_secrets", look_first=my_super_special_get_config_fn)
email_user = vault.get('EMAIL_USER')
fruit = vault.get('FRUIT')
assert fruit == 'avocado'
check the tests
out for more usage examples
Contributing
pip install requirements-dev.txt
tox
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file awsvault-0.1.2.linux-x86_64.tar.gz
.
File metadata
- Download URL: awsvault-0.1.2.linux-x86_64.tar.gz
- Upload date:
- Size: 4.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/3.10.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.9.1
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | e0e628d3569c84a3db2a0d0223dd9652b906cdcd0400d6b47e73d69b52838bdb |
|
MD5 | 6e93d699a33a88d05e0d7b8872177f0a |
|
BLAKE2b-256 | 929766d452c80b71f7555bb5e3968a32bd99a0ed11072b26acb504c226a85bcd |