Get your hard won secrets, simply
Project description
SecretFinder 🕵️
Have you ever had secerts for you apps in multiple places? Some are environment variables. Others are in a 3rd party providers like AWS SSM, AWS Secrets Manager, Hashicorp Vault, or any other number of places.
Pulling from these locations can be frustrating if you have 2 or 3 in one app for various reasons.
Secret finder provides you a way to have a single unified api to pull from any number of locations.
Install
pip install secretfinder
Examples
Environment Variables
You can pull from environment variables easily enough. This is almost useless since you can use os.getenv
, but it has it purpose.
from secretfinder import SecretsEnv, providers
env = SecretsEnv(providers=providers.EnvironmentVariable)
env.get('SOME_VAR', default='hello world')
AWS SSM
If you are using AWS SSM to store your keys or other information, a lot of reasons to use it. You can see it works just the same as environment variables.
from secretfinder import SecretsEnv, providers
env = SecretsEnv(providers=providers.AWSSSM)
env.get('prod.moneymaker.db', default='hello world')
AWS Secrets Manager
If you are using AWS Secrets Manager to store your secrets because maybe you want to auto-rotate passwords then you can easily use it.
from secretfinder import SecretsEnv, providers
env = SecretsEnv(providers=providers.AWSSecretsManager)
env.get('prod.moneymaker.db', default='hello world')
This still has limited support, but it works for other text secret types. It is a todo to expand it.
AWS SSM and AWS Secrets Manager
You might be storing information in both SSM and Secrets Manager. Either you are in the middle of migrating from one to the other, or you have specific information in each for separation concerns.
No problem you still have a similar API you can use.
from secretfinder import SecretsEnv, providers
env = SecretsEnv(providers=[providers.AWSSecretsManager, providers.AWSSSM])
env.get('prod.moneymaker.db', default='hello world')
This will just fall through all providers until it finds a match, or it returns a default.
There is logging in place to throw out warning when it can't find a value for a provider.
HashiCorp Vault
Coming Soon
Raise Exceptions
In the default use case it just falls through returning back a default or None. However, you might want it to raise an exception so that it stops execution if it fails.
In that case you can use the raise_exception
keyword argument to raise.
from secretfinder import SecretsEnv, providers
env = SecretsEnv(providers=providers.AWSSecretsManager, raise_exception=True)
env.get('prod.moneymaker.db', default='hello world')
Contributing
If you would like to help expand the work on this please feel free submit a PR. Adding more providers would be greate, or filling out code for exising providers.
Testing aws locally
If you are using aws and wanting to test locally with different profile. Here is what I had to use to get it to work right.
$ AWS_PROFILE=somprofile AWS_DEFAULT_REGION=us-east-2 ipython
Release
pip install twine wheel setuptools
python setup.py sdist bdist_wheel
twine check dist/*
twine upload dist/*
Changelog
0.2.1
- Tweak depdencies to be more inclusive.
0.2
- Rename Class because I misspelled it. 🙄
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file secretfinder-0.2.1.tar.gz
.
File metadata
- Download URL: secretfinder-0.2.1.tar.gz
- Upload date:
- Size: 3.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.36.1 CPython/3.7.4
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | c3a716e89726eb5dc48bdb878f26d47df417a42f90feaff65fe67557055987f5 |
|
MD5 | f625cbac4d12e54811bce65ce66a961a |
|
BLAKE2b-256 | 0036f25e88a09e0a4e687eac324f9f81bbb7a86c2abd34977e70076313a351c1 |
File details
Details for the file secretfinder-0.2.1-py3-none-any.whl
.
File metadata
- Download URL: secretfinder-0.2.1-py3-none-any.whl
- Upload date:
- Size: 4.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.36.1 CPython/3.7.4
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | ba1860b6d898ea660c804f8f545972ba79d996c58f9a2bb4485fb3f6ba8fe01d |
|
MD5 | f9422f7bb8b136e99f10baae5b19ff29 |
|
BLAKE2b-256 | 224896841a210ddd61904952b889a8dac093d2a5d04615ad14789532045b98fb |