81 lines
2.3 KiB
ReStructuredText
81 lines
2.3 KiB
ReStructuredText
Overview
|
|
========
|
|
|
|
This section provides the general overview of Keep It Secret.
|
|
|
|
Installation
|
|
------------
|
|
|
|
.. code-block:: shell
|
|
|
|
$ pip install keep_it_secret
|
|
|
|
Usage
|
|
-----
|
|
|
|
Keep It Secret gives a developer API needed to declare secrets used
|
|
by the app and access them in a secure, uniform manner.
|
|
|
|
Consider the following example:
|
|
|
|
.. code-block:: python
|
|
|
|
from secrets_manager import (
|
|
AbstractField, EnvField, LiteralField, Secrets, SecretsField,
|
|
)
|
|
from secrets_manager.ext.aws import AWSSecrets, AWSSecretsManagerField
|
|
|
|
class AppSecrets(Secrets):
|
|
secret_key: str = AbstractField.new()
|
|
db_password: str = EnvField.new('APP_DB_PASSWORD', required=True)
|
|
pbkdf2_iterations_count: int = EnvField(
|
|
'APP_PBKDF2_ITERATIONS_COUNT',
|
|
default=16384,
|
|
required=False,
|
|
as_type=int,
|
|
)
|
|
|
|
class DevelopmentSecrets(AppSecrets):
|
|
secret_key: str = LiteralField.new('thisisntsecure')
|
|
|
|
class ProductionSecrets(AppSecrets):
|
|
aws: AWSSecrets = SecretsField.new(AWSSecrets)
|
|
secret_key: str = AWSSecretsManagerField(
|
|
'app/production/secret_key', required=True,
|
|
)
|
|
db_password: str = AWSSecretsManagerField(
|
|
'app/production/db_password', required=True,
|
|
)
|
|
|
|
The ``AppSecrets`` class serves as base class for environment specific classes.
|
|
The environment specific classes can overload any field, add new fields and
|
|
extend the base class to provide custom behaviour.
|
|
|
|
The ``DevelopmentSecrets`` class uses environment variables and literal values
|
|
to provide secrets suitable for the development environment:
|
|
|
|
.. code-block:: pycon
|
|
|
|
>>> development_secrets = DevelopmentSecrets()
|
|
>>> development_secrets.secret_key
|
|
'thisisntsecure'
|
|
>>> development_secrets.db_password
|
|
'spam'
|
|
>>> development_secrets.pbkdf2_iterations_count
|
|
1024
|
|
|
|
The ``ProductionSecrets`` class uses environment variables and AWS Secrets
|
|
Manager to provide secrets suitable for the development environment:
|
|
|
|
.. code-block:: pycon
|
|
|
|
>>> production_secrets = ProductionSecrets()
|
|
>>> production_secrets.aws.access_key_id
|
|
'anawsaccesskey'
|
|
>>> production_secrets.secret_key
|
|
'asecuresecretkey'
|
|
>>> production_secrets.db_password
|
|
'asecuredbpassword'
|
|
>>> production_secrets.pbkdf2_iterations_count
|
|
16384
|