Django SecretsManager is custom secret managers for Django
Project description
Django SecretsManager
Django SecretsManager is a package that helps you manage the secret values used by Django through variable services.
Requirements
- Python >= 3.6
- Django
Required settings for the settings module
- AWS_SECRETS_MANAGER_SECRET_NAME (or AWS_SECRET_NAME)
- Secret name of SecretsManager to use
- AWS_SECRETS_MANAGER_SECRET_SECTION (or AWS_SECRET_SECTION)
- The key that separates JSON objects by colons.
ex) In the example below, the "production" item is represented as "sample-project:production".
- The key that separates JSON objects by colons.
- AWS_SECRETS_MANAGER_REGION_NAME (or AWS_REGION_NAME)
- Region of the SecretsManager service to use
ex) ap-northeast-2
- Region of the SecretsManager service to use
Secret value setting of AWS SecretsManager
SecretsManager's Secret value uses JSON format in Plaintext.
Here is an example Secret value to use for configuration, and the Secret (Corresponds to AWS_SECRETS_MANAGER_SECRET_NAME in the settings module) is named sample-project-secret
{ "sample-project(Recommend the name of django project)": { "base(If the settings module is a package, submodule names are recommended)": { "SECRET_KEY": "DjangoSecretKey" }, "dev": { "AWS_S3_BUCKET_NAME": "sample-s3-dev" }, "production": { "AWS_S3_BUCKET_NAME": "sample-s3-production" } } }
Setting up AWS Credentials for Django to use
Django uses two methods to access the SecretsManager on AWS. The first uses a profile of ~/.aws/credentials
in your home folder, and the second uses an environment variable.
1. Using the AWS Credentials Profile
Recommended for use in development environments
Set Profile of IAM User with SecretsManagerReadWrite Permission to ~/.aws/credentials
. The following example uses the profile name sample-project-secretsmanager
[sample-project-secretsmanager] aws_access_key_id = AKI************* aws_secret_access_key = Mlp********************
Then enter the profile name in AWS_SECRETS_MANAGER_PROFILE (or AWS_PROFILE) of the settings module.
# settings.py AWS_SECRETS_MANAGER_PROFILE = 'sample-project-secrets-manager'
2. Use environment variables
It is recommended to use in distribution or CI / CD environment.
If you set the following values in the environment variable, the contents are used to use the SecretsManager service.
- AWS_SECRETS_MANAGER_ACCESS_KEY_ID (or AWS_ACCESS_KEY_ID)
- AWS_SECRETS_MANAGER_SECRET_ACCESS_KEY (or AWS_SECRET_ACCESS_KEY)
Using Secrets in Django's Settings Module
- First, import the SECRETS instance of the library.
- Enter the settings for Django AWS SecretsManager
- Use SECRETS as a dictionary to get the secrets you want
Follow the form of the example below
By separating the settings module into packages, it is assumed that there are base and dev submodules.
settings/ __init__.py base.py dev.py
## settings/base.py # 1. Import the SECRETS instance of the library from django_secrets import SECRETS # 2. Enter the settings for Django AWS SecretsManager AWS_SECRETS_MANAGER_SECRET_NAME = 'sample-project-secret' AWS_SECRETS_MANAGER_PROFILE = 'sample-project-secretsmanager' AWS_SECRETS_MANAGER_SECRET_SECTION = 'sample-project:base' AWS_SECRETS_MANAGER_REGION_NAME = 'ap-northeast-2' # 3. Use SECRETS as a dictionary to get the secrets you want SECRET_KEY = SECRETS['SECRET_KEY'] SECRET_KEY = SECRETS.get('SECRET_KEY')
## settings/dev.py # The SECRETS instance is already imported from the base module. from .base import * # Use a different secrets section AWS_SECRETS_MANAGER_SECRET_SECTION = 'sample-project:dev' # Use SECRETS as a dictionary to get the secrets you want AWS_STORAGE_BUCKET_NAME = SECRETS['AWS_STORAGE_BUCKET_NAME'] AWS_STORAGE_BUCKET_NAME = SECRETS.get('AWS_STORAGE_BUCKET_NAME', 'default')
Contributing
As an open source project, we welcome contributions.
The code lives on GitHub
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Filename, size | File type | Python version | Upload date | Hashes |
---|---|---|---|---|
Filename, size django_secrets_manager-0.1.13-py3-none-any.whl (7.1 kB) | File type Wheel | Python version py3 | Upload date | Hashes View |
Filename, size django-secrets-manager-0.1.13.tar.gz (5.1 kB) | File type Source | Python version None | Upload date | Hashes View |
Hashes for django_secrets_manager-0.1.13-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b7d8e619703e95ce7110c7194c93973a0cc3d4b3895c78244f7007e653e169a8 |
|
MD5 | 23fd29c3539c8493d1dce5768d4ebea0 |
|
BLAKE2-256 | 6cb760177bdd571a1927755e80fed624785d8da88d3b42ffffad6636eb35a2cf |
Hashes for django-secrets-manager-0.1.13.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 46d6360b0ddf8f4c860b62b3cfe9c4ab342c115478a10af5577736f9abe6a8e5 |
|
MD5 | 8f0d8f8119e8cda75b27b6d978a1f895 |
|
BLAKE2-256 | cfc3e5a46482a969285f3d48b483bffe098bd6076877c3b1e85ad281e0dd758e |