Use file secrets in nested models of Pydantic Settings.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for makukha from gravatar.com makukha

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Michael Makukha
  • Tags python, python3, pydantic, pydantic-v2, pydantic-settings, settings, configuration, config, validation, secrets, docker-secret, docker, file-secrets
  • Requires: Python >=3.8
Classifiers

Project description

pydantic-file-secrets 📁🔑

Use file secrets in nested models of Pydantic Settings.

GitHub License Tests Coverage linting - Ruff Code style: black
pypi versions Pydantic v2

This package is inspired by and based on discussions in pydantic-settings issue #154.

Features

  • Use secret file source in nested settings models
  • Drop-in replacement of standard SecretsSettingsSource
  • Plain or nested directory layout: /run/secrets/dir__key or /run/secrets/dir/key
  • Respects env_prefix, env_nested_delimiter and other config options
  • Has secrets_prefix, secrets_nested_delimiter, etc. to configure secrets and env vars separately
  • Pure Python thin wrapper over standard EnvSettingsSource
  • No third party dependencies except pydantic-settings
  • 100% test coverage

Motivation

Nested Pydantic config can contain nested models with secret entries, as well as secrets in top level config. In dockerized environment, these entries may be read from file system, e.g. /run/secrets when using Docker Secrets:

from pydantic import BaseModel, Secret
from pydantic_settings import BaseSettings, SettingsConfigDict

class DbSettings(BaseModel):
    user: str
    password: Secret[str]  # secret in nested model

class Settings(BaseSettings):
    db: DbSettings
    app_key: Secret[str]  # secret in root config

    model_config = SettingsConfigDict(
        secrets_dir='/run/secrets',
    )

Pydantic Settings has a corresponding data source, SecretsSettingsSource, but it does not load secrets in nested models. For methods that do not work in original Pydantic Settings, see test_pydantic_motivation.py.

Solution

The new FileSecretsSettingsSource is a drop-in replacement of stock SecretsSettingsSource.

Installation

$ pip install pydantic-file-secrets

Plain directory layout

file content
/run/secrets/app_key secret1
/run/secrets/db__password secret2 
from pydantic import BaseModel, Secret
from pydantic_file_secrets import FileSecretsSettingsSource
from pydantic_settings import BaseSettings, SettingsConfigDict

class DbSettings(BaseModel):
    user: str
    password: Secret[str]

class Settings(BaseSettings):
    db: DbSettings
    app_key: Secret[str]

    model_config = SettingsConfigDict(
        secrets_dir='/run/secrets',
        env_nested_delimiter='__',
    )
    @classmethod
    def settings_customise_sources(
        cls,
        settings_cls,
        init_settings,
        env_settings,
        dotenv_settings,
        file_secret_settings,
    ):
        return (
            env_settings,
            init_settings,
            FileSecretsSettingsSource(settings_cls),
        )

Secrets in subdirectories

Config option secrets_nested_delimiter overrides env_nested_delimiter for files. In particular, this allows to use nested directory layout along with environmemt variables for other non-secret settings:

file content
/run/secrets/app_key secret1
/run/secrets/db/password secret2 
...
    model_config = SettingsConfigDict(
        secrets_dir='/run/secrets',
        secrets_nested_subdir=True,
    )
...

Configuration options

TODO

Roadmap

  • Support _FILE environment variables to set secret file name.
  • Per-field secret file name override.

Changelog

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for makukha from gravatar.com makukha

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Michael Makukha
  • Tags python, python3, pydantic, pydantic-v2, pydantic-settings, settings, configuration, config, validation, secrets, docker-secret, docker, file-secrets
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.3.0

0.2.0

0.1.3

0.1.2

This version

0.1.1

0.1.0a1 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pydantic_file_secrets-0.1.1.tar.gz (8.2 kB view details)

Uploaded Source

Built Distribution

pydantic_file_secrets-0.1.1-py3-none-any.whl (5.4 kB view details)

Uploaded Python 3

File details

Details for the file pydantic_file_secrets-0.1.1.tar.gz.

File metadata

  • Download URL: pydantic_file_secrets-0.1.1.tar.gz
  • Upload date:
  • Size: 8.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: pdm/2.18.0 CPython/3.12.5 Darwin/21.6.0

File hashes

Hashes for pydantic_file_secrets-0.1.1.tar.gz
Algorithm Hash digest
SHA256 15c85edfa49cd0a2cd892f69b8335dec4bc34cd830dd27efc96beeea0f03e367
MD5 762d28ae02de25c3cf60808b28fe47d6
BLAKE2b-256 9fa961243df5291935f4381ff027c24730bea9a9f80e371280cb2d8616acde2b

See more details on using hashes here.

File details

Details for the file pydantic_file_secrets-0.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for pydantic_file_secrets-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 eae5b295f58f9ba78a31ea56d9d7c674fa9a393aec82a20dc480fee1228b3de2
MD5 ea3cee8b29beac962412b3e128ef4fda
BLAKE2b-256 501f68a55f57491d50fbae63cd0e688d04de999e9d1c5c607a4f4f76a3f2e9af

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page