Skip to main content

AWS secrets manager helper

Project description

aws-vault

travis-ci

version number: 0.1.1 author: Spacetime Labs

Why

It's pretty handy using the AWS Secrets Manager to store sensitive KEY and VALUE pars such as an AWS bucket, database, credentials to external API and other services. Then you'll need something simple to get those secrets in your project rather than using boto directly, you also might need an environment variables fall back and have multiple environment (testing, staging, production) support.

Overview

Given secrets created in the AWS Secrets Manager:

An image

An image

An image

Installation / Usage

To install use pip:

$ pip install awsvault

Or clone the repo:

$ git clone https://github.com/spacetimelabs/awsvault.git
$ python setup.py install

Usage

Basic usage

from awsvault import Vault

vault = Vault("myproject/email/prod")
email_user = vault.get("EMAIL_USER")
email_password = vault.get("EMAIL_PASS")

More than on set of secrets

from awsvault import Vault

vault = Vault("myproject/email/prod,myproject/database/prod")
email_user = vault.get("EMAIL_USER")
email_password = vault.get("EMAIL_PASS")

db_hostname = vault.get("DB_HOSTNAME")
db_username = vault.get("DB_USERNAME")
db_password = vault.get("DB_PASSWORD")

Get values from environment variables (Local/Development)

from awsvault import Vault

vault = Vault(None)
email_user = vault.get("EMAIL_USER")

How we usually use it

import os
from awsvault import Vault

# In dev, the PROJECT_SECRETS is None and all secrets are set in the environment variables

# In testing, the PROJECT_SECRETS is mysecret/testing
# In prod, the PROJECT_SECRETS is mysecret/prod

PROJECT_SECRETS = os.environ['PROJECT_SECRETS']

# Then
vault = Vault(PROJECT_SECRETS)

my_secret = vault.get("MY_SECRET")

It's also possible to override the default os.environ fall back to a dict or something callable

OVERRIDE = {
    'EMAIL_USER': 'bart.simpsons@example.com'
}

vault = Vault("myproject/email_secrets", look_first=OVERRIDE)
email_user = vault.get('EMAIL_USER')
assert email_user == 'bart.simpsons@example.com'
def my_super_special_get_config_fn(name):
    if name == 'FRUIT':
        return 'avocado'


vault = Vault("myproject/email_secrets", look_first=my_super_special_get_config_fn)
email_user = vault.get('EMAIL_USER')
fruit = vault.get('FRUIT')

assert fruit == 'avocado'

check the tests out for more usage examples

Contributing

pip install requirements-dev.txt
tox

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

awsvault-0.1.2.linux-x86_64.tar.gz (4.1 kB view details)

Uploaded Source

File details

Details for the file awsvault-0.1.2.linux-x86_64.tar.gz.

File metadata

  • Download URL: awsvault-0.1.2.linux-x86_64.tar.gz
  • Upload date:
  • Size: 4.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/3.10.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.9.1

File hashes

Hashes for awsvault-0.1.2.linux-x86_64.tar.gz
Algorithm Hash digest
SHA256 e0e628d3569c84a3db2a0d0223dd9652b906cdcd0400d6b47e73d69b52838bdb
MD5 6e93d699a33a88d05e0d7b8872177f0a
BLAKE2b-256 929766d452c80b71f7555bb5e3968a32bd99a0ed11072b26acb504c226a85bcd

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page