piny 0.3.0

Load YAML configs with environment variables interpolation

Piny

YAML configs loader with environment variables interpolation for Python.

Keep your app’s configuration in YAML file with sensitive data marked as environment variables. Put sensitive data into environment variables. Then let piny interpolate the variables on YAML loading.

Rationale

Piny combines YAML config’s readability, versioning, and environment variable’s security. Read more in the blog post.

Installation

Install using pip install -U piny.

Usage

Set your environment variables, add them to your YAML configuration file:

db:
  login: user
  password: ${DB_PASSWORD}
mail:
  login: user
  password: ${MAIL_PASSWORD:-my_default_password}
sentry:
  dsn: ${VAR_NOT_SET}

Then load your config:

from piny import YamlLoader

config = YamlLoader(path="config.yaml").load()
print(config)
# {'db': {'login': 'user', 'password': 'my_db_password'},
# 'mail': {'login': 'user', 'password': 'my_default_password'},
# 'sentry': {'dsn': None}}

You may want to discourage Bash-style envs with defaults in your configs. In such case, use a StrictMatcher:

from piny import YamlLoader, StrictMatcher

config = YamlLoader(path="config.yaml", matcher=StrictMatcher).load()

Both strict and default matchers produce None value if environment variable matched is not set in the system (and no default syntax used in the case of default matcher).

Best practices

• Maintain healthy security/convenience balance for your config

• Mark up entity as an environment variable in your YAML if and only if it really is a secret (login/passwords, private API keys, crypto keys, certificates, or maybe DB hostname too? You decide)

• Once config is loaded by Piny validate it using your favourite validation tool (some integrations are coming in the future releases)

• Store your config files in the version control system along with you app’s code.

• Environment variables are set by whomever is responsible for the deployment. Modern orchestration systems like Kubernetes make it easier to keep envs secure (see Kubernetes Secrets).

Fun facts

Piny is a recursive acronym for Piny Is Not YAML. Not only it’s a library name, but also a name for YAML marked up with environment variables.

CHANGELOG

v0.3.0 (2019-06-09)

• README.rst extended with Rationale and Best practices sections (#5) by @pilosus

v0.2.0 (2019-06-09)

• StrictMatcher added (#3) by @pilosus

v0.1.1 (2019-06-07)

• CI/CD config minor tweaks

• README updated

v0.1.0 (2019-06-07)

• YamlLoader added

• Makefile added

• CI/CD minimal pipeline added

v0.0.1 (2019-06-07)

• Start the project