Skip to main content

Secret distribution tool, written as a wrapper on credstash

Project description

https://github.com/razorpay/alohomora/actions/workflows/ci.yml/badge.svg

Razorpay’s Secret Credential management system.

Installation

alohomora is distributed via PyPi:

pip install razorpay.alohomora

What?

Alohomora is an opinionated project that relies on our conventions to intelligently fetch secrets at run-time.

We don’t do our own crypto. We rely on these libraries instead:

This is how the template file looks in our app repository:

# {{ alohomora_managed }}
DB_PASSWORD      = {{ lookup('db_password') }}
APP_ENV          = {{ env }}
ENV_DEBUG        = {{ ENV['DEBUG'] }}
APP_NAME         = {{ app }}

This repo runs directly on the same template and generates the equivalent file as the output.

The steps it follows are the following:

  1. Figure out the tables from which to read. All secrets are stored in a credstash-env-app table structure in dynamoDB.

  2. Fetch all secrets from that table using credstash

  3. Render the template with the secrets using jinja

How it Works?

Alohomora expects the secrets for any application to be stored in a table called credstash-{env}-{app}. The IAM roles for this table must be configured by you. Once you try to render a template, alohomora will do the following:

  1. Read the entire table and decrypt all secrets and cache them locally.

  2. Render the template with these files and 3 extra variables: env, app, and ENV variables.

ENV is same as os.environ inside the jinja template.

Configuration?

Alohomora is designed to be a zero-config solution.

We perform a few transforms on the arguments that are passed:

  • Change both app and env to lowercase

  • Replace production with prod in the env name

  • Ignore anything after - in the environment. So beta-birdie becomes beta

Usage

Please see the wiki regarding alohomora binary usage.

LICENSE

alohomora is released under the same license as credstash.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

razorpay.alohomora-0.5.0-py3-none-any.whl (8.9 kB view details)

Uploaded Python 3

File details

Details for the file razorpay.alohomora-0.5.0-py3-none-any.whl.

File metadata

  • Download URL: razorpay.alohomora-0.5.0-py3-none-any.whl
  • Upload date:
  • Size: 8.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.6.0 importlib_metadata/4.8.1 pkginfo/1.8.3 requests/2.28.1 requests-toolbelt/0.9.1 tqdm/4.64.0 CPython/3.10.6

File hashes

Hashes for razorpay.alohomora-0.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 1af23387688cd35123ff6d7415b26f7a44590144c999bb63d9b1468e16c7e87f
MD5 35c2d3503a8b6393e205a8eb17fe8517
BLAKE2b-256 6041cf3083b931c80b7337f695cfabe939cecb1d93362e4c1930608d6b7f1f58

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page