Use file secrets in nested models of Pydantic Settings.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for makukha from gravatar.com makukha

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Michael Makukha
  • Tags python, python3, pydantic, pydantic-v2, pydantic-settings, settings, configuration, config, validation, secrets, docker-secret, docker, file-secrets
  • Requires: Python >=3.8
Classifiers

Project description

pydantic-file-secrets 📁🔑

Use file secrets in nested models of Pydantic Settings.

license Tests Coverage linting - Ruff Code style: black
pypi versions Pydantic v2

This package is inspired by and based on discussions in pydantic-settings issue #154.

Features

  • Use secret file source in nested settings models
  • Drop-in replacement of standard SecretsSettingsSource
  • Plain or nested directory layout: /run/secrets/dir__key or /run/secrets/dir/key
  • Respects env_prefix, env_nested_delimiter and other config options
  • Has secrets_prefix, secrets_nested_delimiter, etc. to configure secrets and env vars separately
  • Pure Python thin wrapper over standard EnvSettingsSource
  • No third party dependencies except pydantic-settings
  • 100% test coverage

Motivation

Nested Pydantic config can contain nested models with secret entries, as well as secrets in top level config. In dockerized environment, these entries may be read from file system, e.g. /run/secrets when using Docker Secrets:

from pydantic import BaseModel, Secret
from pydantic_settings import BaseSettings, SettingsConfigDict

class DbSettings(BaseModel):
    user: str
    password: Secret[str]  # secret in nested model

class Settings(BaseSettings):
    db: DbSettings
    app_key: Secret[str]  # secret in root config

    model_config = SettingsConfigDict(
        secrets_dir='/run/secrets',
    )

Pydantic Settings has a corresponding data source, SecretsSettingsSource, but it does not load secrets in nested models. For methods that do not work in original Pydantic Settings, see tests/test_pydantic_motivation.py.

Solution

The new FileSecretsSettingsSource is a drop-in replacement of stock SecretsSettingsSource.

Installation

$ pip install pydantic-file-secrets

Plain directory layout

file content
/run/secrets/app_key secret1
/run/secrets/db__password secret2 
from pydantic import BaseModel, Secret
from pydantic_file_secrets import FileSecretsSettingsSource
from pydantic_settings import BaseSettings, SettingsConfigDict

class DbSettings(BaseModel):
    user: str
    password: Secret[str]

class Settings(BaseSettings):
    db: DbSettings
    app_key: Secret[str]

    model_config = SettingsConfigDict(
        secrets_dir='/run/secrets',
        env_nested_delimiter='__',
    )
    @classmethod
    def settings_customise_sources(
        cls,
        settings_cls,
        init_settings,
        env_settings,
        dotenv_settings,
        file_secret_settings,
    ):
        return (
            env_settings,
            init_settings,
            FileSecretsSettingsSource(settings_cls),
        )

Secrets in subdirectories

Config option secrets_nested_delimiter overrides env_nested_delimiter for files. In particular, this allows to use nested directory layout along with environmemt variables for other non-secret settings:

file content
/run/secrets/app_key secret1
/run/secrets/db/password secret2 
...
    model_config = SettingsConfigDict(
        secrets_dir='/run/secrets',
        secrets_nested_subdir=True,
    )
...

Configuration options

TODO

Roadmap

  • Support _FILE environment variables to set secret file name.
  • Per-field secret file name override.

Changelog

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for makukha from gravatar.com makukha

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Michael Makukha
  • Tags python, python3, pydantic, pydantic-v2, pydantic-settings, settings, configuration, config, validation, secrets, docker-secret, docker, file-secrets
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.3.0

0.2.0

0.1.3

0.1.2

0.1.1

This version

0.1.0a1 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pydantic_file_secrets-0.1.0a1.tar.gz (8.1 kB view details)

Uploaded Source

Built Distribution

pydantic_file_secrets-0.1.0a1-py3-none-any.whl (5.4 kB view details)

Uploaded Python 3

File details

Details for the file pydantic_file_secrets-0.1.0a1.tar.gz.

File metadata

  • Download URL: pydantic_file_secrets-0.1.0a1.tar.gz
  • Upload date:
  • Size: 8.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: pdm/2.18.0 CPython/3.12.5 Darwin/21.6.0

File hashes

Hashes for pydantic_file_secrets-0.1.0a1.tar.gz
Algorithm Hash digest
SHA256 34357693ede25a0f73f21e9bc80cefa53907d2d09a1af409aa5783e0fb59503d
MD5 82e3be5a796c0ed95bbdd19160213846
BLAKE2b-256 058b2f365bb0ce6d64fb2f31e5d39687024999f23ef2aaba884be6d4c49cc71f

See more details on using hashes here.

File details

Details for the file pydantic_file_secrets-0.1.0a1-py3-none-any.whl.

File metadata

File hashes

Hashes for pydantic_file_secrets-0.1.0a1-py3-none-any.whl
Algorithm Hash digest
SHA256 7f858ba78251487e6d302280e081a1f6f75dc62203f03ed1914f8df856e395dd
MD5 e3fc51fd5b92aadad74e2f1a5eb56f10
BLAKE2b-256 a403a49b8c67eead94e6d4dd539abd5b2548afe6f77de3a14927ebdad06c40bc

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page