A flexible secret management system
Project description
Sesam Secret Management System
Overview
This project demonstrates a flexible and extensible approach to managing secrets using different secret management systems. The strategy pattern is employed to allow switching between different secret management systems at runtime.
Strategy Pattern for Secret Management
The project includes the following components:
SesamStrategy
: The strategy interface.EnvSesamStrategy
,AzureKeyVaultSesamStrategy
, andHashiCorpVaultSesamStrategy
: Concrete strategies for different secret management systems.Sesam
: The context that uses a strategy to get secrets.
You can switch between different secret management systems by changing the strategy at runtime. This makes your code flexible and easy to extend.
Installation
-
Clone the repository:
git clone https://github.com/your-repo/sesam-secret-management.git cd sesam-secret-management
-
Install the required dependencies:
pip install -r requirements.txt
Components
Strategy Interface
The SesamStrategy
interface defines a method for retrieving secrets:
from abc import ABC, abstractmethod
class SesamStrategy(ABC):
@abstractmethod
def secret(self, key: str) -> str:
pass
Concrete Strategies
EnvSesamStrategy
This strategy retrieves secrets from environment variables stored in a .env
file. It uses the cryptography
library to decrypt secrets.
import os
from cryptography.fernet import Fernet
from dotenv import load_dotenv
class EnvSesamStrategy(SesamStrategy):
KEY_SUFFFIX = "_KEY"
def secret(self, key: str) -> str:
if not isinstance(key, str):
raise TypeError("Key must be a string")
if len(key.strip()) == 0:
raise ValueError("Key cannot be empty or whitespace")
load_dotenv()
try:
if os.getenv(key+self.KEY_SUFFFIX) is None:
raise KeyError(f"Key of '{key}' does not exist")
key_name = os.getenv(key+self.KEY_SUFFFIX).encode()
encrypted_secret = os.getenv(key).encode()
fernet = Fernet(key_name)
decrypted_secret = fernet.decrypt(encrypted_secret)
return decrypted_secret.decode()
except (AttributeError, KeyError) as error:
raise error
AzureKeyVaultSesamStrategy
-
Ensure you have the necessary Azure credentials and permissions.
-
Use the
AzureKeyVaultSesamStrategy
to retrieve the secret:from sesam import AzureKeyVaultSesamStrategy, Sesam vault_url = "https://your-vault-url.vault.azure.net/" credential = None # Use default Azure credentials strategy = AzureKeyVaultSesamStrategy(vault_url, credential) sesam = Sesam(strategy) secret = sesam.secret("your-secret-name") print(secret)
HashiCorpVaultSesamStrategy
-
Ensure you have the necessary HashiCorp Vault credentials and permissions.
-
Use the
HashiCorpVaultSesamStrategy
to retrieve the secret:from sesam import HashiCorpVaultSesamStrategy, Sesam url = "https://your-vault-url" token = "your-vault-token" strategy = HashiCorpVaultSesamStrategy(url, token) sesam = Sesam(strategy) secret = sesam.secret("your-secret-path") print(secret)
Extending
To add a new secret management strategy, create a new class that inherits from SesamStrategy
and implements the secret
method. Then, you can use this new strategy with the Sesam
context.
class NewSesamStrategy(SesamStrategy):
def secret(self, key: str) -> str:
# Implement your secret retrieval logic here
pass
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
File details
Details for the file nonosesam-0.0.1-py3-none-any.whl
.
File metadata
- Download URL: nonosesam-0.0.1-py3-none-any.whl
- Upload date:
- Size: 7.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.9.2
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 26617c02225b01cbdfedbab93b3dae3eef640673d3a95b3d25f7fa462938cbc2 |
|
MD5 | 67ad759d9f206c338264f5ec23784f79 |
|
BLAKE2b-256 | f3362f64c5ae3897568ed77198cb111c4efecc49e41f58b529c61c55510c8c75 |