Skip to main content

AWS secrets manager helper

Project description

aws-vault

travis-ci

version number: 0.1.1 author: Spacetime Labs

Why

It's pretty handy using the AWS Secrets Manager to store sensitive KEY and VALUE pars such as an AWS bucket, database, credentials to external API and other services. Then you'll need something simple to get those secrets in your project rather than using boto directly, you also might need an environment variables fall back and have multiple environment (testing, staging, production) support.

Overview

Given secrets created in the AWS Secrets Manager:

An image

An image

An image

Installation / Usage

To install use pip:

$ pip install awsvault

Or clone the repo:

$ git clone https://github.com/spacetimelabs/awsvault.git
$ python setup.py install

Usage

Basic usage

from awsvault import Vault

vault = Vault("myproject/email/prod")
email_user = vault.get("EMAIL_USER")
email_password = vault.get("EMAIL_PASS")

More than on set of secrets

from awsvault import Vault

vault = Vault("myproject/email/prod,myproject/database/prod")
email_user = vault.get("EMAIL_USER")
email_password = vault.get("EMAIL_PASS")

db_hostname = vault.get("DB_HOSTNAME")
db_username = vault.get("DB_USERNAME")
db_password = vault.get("DB_PASSWORD")

Get values from environment variables (Local/Development)

from awsvault import Vault

vault = Vault(None)
email_user = vault.get("EMAIL_USER")

How we usually use it

import os
from awsvault import Vault

# In dev, the PROJECT_SECRETS is None and all secrets are set in the environment variables

# In testing, the PROJECT_SECRETS is mysecret/testing
# In prod, the PROJECT_SECRETS is mysecret/prod

PROJECT_SECRETS = os.environ['PROJECT_SECRETS']

# Then
vault = Vault(PROJECT_SECRETS)

my_secret = vault.get("MY_SECRET")

It's also possible to override the default os.environ fall back to a dict or something callable

OVERRIDE = {
    'EMAIL_USER': 'bart.simpsons@example.com'
}

vault = Vault("myproject/email_secrets", look_first=OVERRIDE)
email_user = vault.get('EMAIL_USER')
assert email_user == 'bart.simpsons@example.com'
def my_super_special_get_config_fn(name):
    if name == 'FRUIT':
        return 'avocado'


vault = Vault("myproject/email_secrets", look_first=my_super_special_get_config_fn)
email_user = vault.get('EMAIL_USER')
fruit = vault.get('FRUIT')

assert fruit == 'avocado'

check the tests out for more usage examples

Contributing

pip install requirements-dev.txt
tox

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

awsvault-0.1.3.linux-x86_64.tar.gz (4.1 kB view details)

Uploaded Source

File details

Details for the file awsvault-0.1.3.linux-x86_64.tar.gz.

File metadata

  • Download URL: awsvault-0.1.3.linux-x86_64.tar.gz
  • Upload date:
  • Size: 4.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/3.10.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.9.1

File hashes

Hashes for awsvault-0.1.3.linux-x86_64.tar.gz
Algorithm Hash digest
SHA256 3a69ec6694164ac4d909f5d9eaa9282e7183cd7e0c202aedcefa5efdcedd88ec
MD5 fdf25736a20faba90791752d22c9dbf3
BLAKE2b-256 982dc86d261ce49804428c7cff3593c472a311e47c7d14e7613857f3f65ad4cf

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page