Unified configuration management for Netrun Systems portfolio with TTL caching and multi-vault support
Project description
netrun-config
Unified configuration management for Netrun Systems portfolio projects.
Features
- Type-Safe Configuration: Built on Pydantic v2 with automatic validation
- Azure Key Vault Integration: Seamless secrets management for production
- Environment-Specific: Development, staging, production, testing environments
- Security Best Practices: 32-char secret validation, SecretStr support, CORS parsing
- Caching: LRU cache for performance optimization
- Framework Integration: Works seamlessly with FastAPI, Flask, Django
Installation
pip install netrun-config
With Azure Key Vault support:
pip install netrun-config[azure]
Quick Start
Basic Usage
from netrun_config import BaseConfig, Field, get_settings
class MyAppSettings(BaseConfig):
app_name: str = Field(default="MyApp")
api_key: str = Field(..., env="API_KEY")
settings = get_settings(MyAppSettings)
print(settings.app_name) # "MyApp"
print(settings.is_production) # False (default: development)
Environment Variables
Create a .env file:
APP_NAME=MyAwesomeApp
APP_ENVIRONMENT=development
APP_SECRET_KEY=your-32-character-secret-key-here
DATABASE_URL=postgresql://user:pass@localhost/db
LOG_LEVEL=INFO
CORS_ORIGINS=http://localhost:3000,http://localhost:8080
Azure Key Vault Integration
from netrun_config import BaseConfig, KeyVaultMixin, Field
class ProductionSettings(BaseConfig, KeyVaultMixin):
KEY_VAULT_URL: str = Field(default=None, env="KEY_VAULT_URL")
database_password: str = Field(default=None, env="DATABASE_PASSWORD")
@property
def database_password_resolved(self) -> str:
if self.is_production and self.KEY_VAULT_URL:
return self.get_keyvault_secret("database-password") or ""
return self.database_password
settings = get_settings(ProductionSettings)
Built-in Configuration
BaseConfig includes common configuration patterns from 12 Netrun Systems projects:
Application Settings
app_name: Application name (default: "Netrun Application")app_version: Application version (default: "1.0.0")app_environment: Environment (development, staging, production, testing)app_debug: Debug mode (default: False)
Security Settings
app_secret_key: Application secret key (validated ≥32 chars)jwt_secret_key: JWT secret key (validated ≥32 chars)jwt_algorithm: JWT algorithm (default: "HS256")jwt_access_token_expire_minutes: Access token TTL (default: 15)jwt_refresh_token_expire_days: Refresh token TTL (default: 7)
CORS Settings
cors_origins: Allowed CORS origins (parses comma-separated strings)cors_allow_credentials: Allow credentials (default: True)
Database Settings
database_url: Database connection URLdatabase_pool_size: Connection pool size (default: 10)database_max_overflow: Max overflow connections (default: 20)database_pool_timeout: Pool timeout in seconds (default: 30)database_pool_recycle: Pool recycle time in seconds (default: 3600)
Redis Settings
redis_url: Redis connection URLredis_host: Redis host (default: "localhost")redis_port: Redis port (default: 6379)redis_db: Redis database (default: 0)redis_password: Redis password
Logging Settings
log_level: Log level (DEBUG, INFO, WARNING, ERROR, CRITICAL)log_format: Log format (default: "json")log_file: Log file path
Monitoring Settings
enable_metrics: Enable metrics (default: True)metrics_port: Metrics port (default: 9090)sentry_dsn: Sentry DSN for error tracking
Azure Settings
azure_subscription_id: Azure subscription IDazure_tenant_id: Azure tenant IDazure_client_id: Azure client IDazure_client_secret: Azure client secret
Property Methods
Environment Checks
settings.is_production # True if environment == "production"
settings.is_development # True if environment == "development"
settings.is_staging # True if environment == "staging"
settings.is_testing # True if environment == "testing"
Database URL Transformation
settings.database_url # postgresql://user:pass@localhost/db
settings.database_url_async # postgresql+asyncpg://user:pass@localhost/db
Redis URL Construction
settings.redis_url_full # redis://:password@localhost:6379/0
Validation
All configurations are validated at startup with clear error messages:
# Invalid environment
BaseConfig(app_environment="invalid")
# ValidationError: Environment must be one of: ['development', 'staging', 'production', 'testing']
# Short secret key
BaseConfig(app_secret_key="short")
# ValidationError: Secret keys must be at least 32 characters long
# Invalid log level
BaseConfig(log_level="TRACE")
# ValidationError: Log level must be one of: ['DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL']
FastAPI Integration
from typing import Annotated
from fastapi import Depends, FastAPI
from netrun_config import BaseConfig, get_settings
app = FastAPI()
SettingsDep = Annotated[BaseConfig, Depends(get_settings)]
@app.get("/")
async def root(settings: SettingsDep):
return {"app": settings.app_name, "version": settings.app_version}
Testing
Override settings in tests:
import pytest
from netrun_config import BaseConfig, get_settings, reload_settings
@pytest.fixture
def test_settings(monkeypatch):
monkeypatch.setenv("APP_ENVIRONMENT", "testing")
monkeypatch.setenv("DATABASE_URL", "sqlite:///test.db")
reload_settings() # Clear cache
yield get_settings()
Azure Key Vault Setup
Local Development (Azure CLI)
az login
az account set --subscription <subscription-id>
Production (Managed Identity)
- Enable Managed Identity on Azure App Service or VM
- Grant Key Vault access:
az keyvault set-policy --name <vault-name> \ --object-id <managed-identity-id> \ --secret-permissions get list
- Set environment variable:
KEY_VAULT_URL=https://<vault-name>.vault.azure.net
Roadmap: Advanced Key Vault Features (v2.0)
Research completed December 2025 identified 15+ enterprise features for future releases.
See RESEARCH_KEYVAULT_ADVANCED_PATTERNS_v1.0.md for full analysis.
Phase 1: Foundation (Q1 2026)
- TTL-Based Caching: 8-hour cache with configurable TTL per Microsoft best practices
- Pydantic Settings Source: Native
settings_customise_sources()integration - Improved Credential Chain:
DefaultAzureCredentialwith optimized exclusions
Phase 2: Enterprise (Q1-Q2 2026)
- Multi-Vault Support: Environment-specific vault configuration
- Batch Prefetching: Async bulk secret loading at startup
- Lazy Loading Descriptors: On-demand secret resolution
- Secret Rotation Detection: Poll-based version checking
Phase 3: Advanced (Q2 2026)
- Certificate Management: Full certificate lifecycle support
- Key Management: Encryption key operations (wrap/unwrap, encrypt/decrypt)
- Audit Logging: Structured logging with compliance support (SOC2, ISO27001)
- Event Grid Integration: Real-time rotation notifications
Competitive Comparison
| Feature | pydantic-settings | dynaconf | netrun-config (v2.0) |
|---|---|---|---|
| Azure KV TTL Cache | No | No | Planned |
| Multi-Vault | No | No | Planned |
| Rotation Detection | No | No | Planned |
| Certificate Mgmt | No | No | Planned |
| Audit Logging | No | No | Planned |
Examples
See the examples/ directory:
basic_usage.py: Simple .env configurationkeyvault_integration.py: Azure Key Vault integrationfastapi_integration.py: FastAPI dependency injection
Architecture
netrun-config consolidates configuration patterns from 12 Netrun Systems projects:
- 3,200 LOC duplicate configuration code → 480 LOC core library
- 85% code reduction
- 89.7% reusability across projects
Source Projects
- Wilbur (578 LOC) → 128 LOC (78% reduction)
- NetrunCRM (476 LOC) → 126 LOC (74% reduction)
- GhostGrid (559 LOC) → 130 LOC (77% reduction)
- Intirkast (380 LOC) → 115 LOC (70% reduction)
- +8 additional projects
Contributing
Contributions are welcome! Please ensure:
- All tests pass:
pytest - Code coverage ≥ 80%:
pytest --cov - Code formatted:
black . - Linting passes:
ruff check .
License
MIT License - Copyright (c) 2025 Netrun Systems
Author
Daniel Garza (daniel@netrunsystems.com)
Version
1.0.0
Links
- Documentation: GitHub README
- Issues: GitHub Issues
- PyPI: netrun-config
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
netrun_config-1.1.0.tar.gz
(40.2 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file netrun_config-1.1.0.tar.gz.
File metadata
- Download URL: netrun_config-1.1.0.tar.gz
- Upload date:
- Size: 40.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
09a3a33516cf28b15dcfbf19d3d2201cbbc4db6f60af7933ad42101419aeb38f
|
|
| MD5 |
1181cd04b885335af42b4b29b807a66b
|
|
| BLAKE2b-256 |
9219270ce40dd8e78100d34c1a3fca2f554c6f4bdf0e2d5fb54eb1200f368b98
|
File details
Details for the file netrun_config-1.1.0-py3-none-any.whl.
File metadata
- Download URL: netrun_config-1.1.0-py3-none-any.whl
- Upload date:
- Size: 22.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6a6aa8c8ba138ceb3c81cd184489bcf05b289eede73b4b7653cf9e2d3b5a101c
|
|
| MD5 |
b9c8bb15a02a63119ce33273fd3fd449
|
|
| BLAKE2b-256 |
7f1858274e4356e6904d70fa4e7178d6ce7a24104773465065e4632413504fff
|
