Skip to main content

Get your hard won secrets, simply

Project description

SecretFinder 🕵️

Have you ever had secerts for you apps in multiple places? Some are environment variables. Others are in a 3rd party providers like AWS SSM, AWS Secrets Manager, Hashicorp Vault, or any other number of places.

Pulling from these locations can be frustrating if you have 2 or 3 in one app for various reasons.

Secret finder provides you a way to have a single unified api to pull from any number of locations.

Install

pip install secretfinder

Examples

Environment Variables

You can pull from environment variables easily enough. This is almost useless since you can use os.getenv, but it has it purpose.

from secretfinder import SecretsEnv, providers

env = SecretsEnv(providers=providers.EnvironmentVariable)

env.get('SOME_VAR', default='hello world')

AWS SSM

If you are using AWS SSM to store your keys or other information, a lot of reasons to use it. You can see it works just the same as environment variables.

from secretfinder import SecretsEnv, providers

env = SecretsEnv(providers=providers.AWSSSM)

env.get('prod.moneymaker.db', default='hello world')

AWS Secrets Manager

If you are using AWS Secrets Manager to store your secrets because maybe you want to auto-rotate passwords then you can easily use it.

from secretfinder import SecretsEnv, providers

env = SecretsEnv(providers=providers.AWSSecretsManager)

env.get('prod.moneymaker.db', default='hello world')

This still has limited support, but it works for other text secret types. It is a todo to expand it.

AWS SSM and AWS Secrets Manager

You might be storing information in both SSM and Secrets Manager. Either you are in the middle of migrating from one to the other, or you have specific information in each for separation concerns.

No problem you still have a similar API you can use.

from secretfinder import SecretsEnv, providers

env = SecretsEnv(providers=[providers.AWSSecretsManager, providers.AWSSSM])

env.get('prod.moneymaker.db', default='hello world')

This will just fall through all providers until it finds a match, or it returns a default.

There is logging in place to throw out warning when it can't find a value for a provider.

HashiCorp Vault

Coming Soon

Raise Exceptions

In the default use case it just falls through returning back a default or None. However, you might want it to raise an exception so that it stops execution if it fails.

In that case you can use the raise_exception keyword argument to raise.

from secretfinder import SecretsEnv, providers

env = SecretsEnv(providers=providers.AWSSecretsManager, raise_exception=True)

env.get('prod.moneymaker.db', default='hello world')

Contributing

If you would like to help expand the work on this please feel free submit a PR. Adding more providers would be greate, or filling out code for exising providers.

Testing aws locally

If you are using aws and wanting to test locally with different profile. Here is what I had to use to get it to work right.

$ AWS_PROFILE=somprofile AWS_DEFAULT_REGION=us-east-2 ipython

Release

pip install twine wheel setuptools
python setup.py sdist bdist_wheel
twine check dist/*
twine upload dist/*

Changelog

0.2.1

  • Tweak depdencies to be more inclusive.

0.2

  • Rename Class because I misspelled it. 🙄

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

secretfinder-0.2.1.tar.gz (3.7 kB view details)

Uploaded Source

Built Distribution

secretfinder-0.2.1-py3-none-any.whl (4.7 kB view details)

Uploaded Python 3

File details

Details for the file secretfinder-0.2.1.tar.gz.

File metadata

  • Download URL: secretfinder-0.2.1.tar.gz
  • Upload date:
  • Size: 3.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.36.1 CPython/3.7.4

File hashes

Hashes for secretfinder-0.2.1.tar.gz
Algorithm Hash digest
SHA256 c3a716e89726eb5dc48bdb878f26d47df417a42f90feaff65fe67557055987f5
MD5 f625cbac4d12e54811bce65ce66a961a
BLAKE2b-256 0036f25e88a09e0a4e687eac324f9f81bbb7a86c2abd34977e70076313a351c1

See more details on using hashes here.

File details

Details for the file secretfinder-0.2.1-py3-none-any.whl.

File metadata

  • Download URL: secretfinder-0.2.1-py3-none-any.whl
  • Upload date:
  • Size: 4.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.36.1 CPython/3.7.4

File hashes

Hashes for secretfinder-0.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 ba1860b6d898ea660c804f8f545972ba79d996c58f9a2bb4485fb3f6ba8fe01d
MD5 f9422f7bb8b136e99f10baae5b19ff29
BLAKE2b-256 224896841a210ddd61904952b889a8dac093d2a5d04615ad14789532045b98fb

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page