Omegaconf custom resolvers to retrieve configuration values from cloud services
Project description
Omegaconf Plugin: Cloud Secrets
This package is a plugin designed to enhance OmegaConf by providing additional custom resolvers to securely retrieve sensitive values that should not be hard-coded in your configuration files.
Currently, there are resolvers for:
- AWS:
- Secrets Manager
- Parameter Store
- Google Cloud Platform (GCP):
- Secret Manager
- Microsoft Azure:
- Key Vault
Installation
- AWS:
pip install omegaconf-cloud-resolvers[aws]
- GCP:
pip install omegaconf-cloud-resolvers[gcp]
- Azure:
pip install omegaconf-cloud-resolvers[az]
Quickstart
The following is an introductory example using a secret stored in AWS Secrets Manager.
First create a secret in the AWS Secrets Manager. You can use the CLI:
aws secretsmanager create-secret --name secret_jwt --secret-string 'thiscouldbe.a.jwt'
from omegaconf import OmegaConf
from omegaconf_cloud_resolvers import register_custom_resolvers
from omegaconf_cloud_resolvers.resolvers.aws import AWSSecretsManagerResolver
# Option A. Define an env var: `AWS_DEFAULT_PROFILE=<your-aws-profile>`
# If you do, there is no need to pass a Session to the PluginResolver
# Option B. Alternatively you can create a boto3 session and pass it to the `AWSSecretsManagerResolver`
# Check `.aws/config` to see what are your profiles.
# from boto3 import Session
# session = Session(profile_name="<your-aws-profile>")
# Define the custom resolver. The dict key is the name that you will use in your config
resolvers = {
"aws_secretsmanager": AWSSecretsManagerResolver(),
}
# Use CustomResolverInjector to declare the resolver. You cannot inject twice the same key.
register_custom_resolvers(**resolvers)
# The syntax is: <resolver-name>:<secret-name>
conf = OmegaConf.create({"secret": "${aws_secretsmanager:secret_jwt}"})
print("Your secret is:", conf["secret"]) # THAT IS AN ILLUSTRATIVE EXAMPLE, NEVER DO THIS IN PRODUCTION
Roadmap
- Resolver for Azure Key Vault
- Support for older secret version - AWS Secrets Manager Resolver
- Examples using AWS services - Lambda
- Examples using Google Cloud Platform services - Functions
WARNING
This package is in a very early and experimental stage, use it under your own responsibility.
Troubleshooting
- [AWS] NoCredentialsError raised while resolving interpolation: Unable to locate credentials You might not have configured a default profile or provided with a session to a AWS Resolver.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file omegaconf_cloud_resolvers-0.2.0.tar.gz.
File metadata
- Download URL: omegaconf_cloud_resolvers-0.2.0.tar.gz
- Upload date:
- Size: 10.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.2 CPython/3.9.15 Linux/5.15.0-122-generic
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0c3cca809ba752d59bbbe1746e3da263aab29b7b8b92e424f2be7602df8882a3 |
|
| MD5 | a035236a046795dedd2c1c7794e9f009 |
|
| BLAKE2b-256 | c56523abcb3db799044a1f2f5bdaf4faba9528b59ea06c5f22b3c5cee990193f |
File details
Details for the file omegaconf_cloud_resolvers-0.2.0-py3-none-any.whl.
File metadata
- Download URL: omegaconf_cloud_resolvers-0.2.0-py3-none-any.whl
- Upload date:
- Size: 15.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.2 CPython/3.9.15 Linux/5.15.0-122-generic
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 441049f3c1885c74a8ab92943d186b8cacde005861c5630c27ae8d9b9cc6a451 |
|
| MD5 | c0ddce166f8d0f84b62c0d46f0c26aec |
|
| BLAKE2b-256 | ada60ef8ee008c1ac1ffe2de7f649aa23978dfdd8b0fa0623a68628dcf44db53 |
