Skip to main content

A library that offers a simple method of loading and accessing environmental variables and `.env` file values.

Project description

secretbox

Code style: black pre-commit pre-commit.ci status Python Tests

A library that offers a simple method of loading and accessing environmental variables, .env file values, and other sources of secrets. The class stores values to state when load methods are called.

Loaded values are also injected into the local environ. This is to assist with adjacent libraries that reference os.environ values by default. Required values can be kept in a .env file instead of managing a script to load them into the environment.

Requirements

  • Python >= 3.6 <= 3.9

Optional Dependencies

  • boto3
  • boto3-stubs[secretsmanager]

Install

$ pip install secretbox

Optional AWS Secret Manager support

$ pip install secretbox[aws]

Example use

import sys

from secretbox import SecretBox

secrets = SecretBox()


def main() -> int:
    """Main function"""
    secrets.load()

    my_sevice_password = secrets.get("SERVICE_PW")
    # More code

    return 0


if __name__ == "__main__":
    sys.exit(main())

Default Behavior: (shown above)

  • On initialization the SecretBox() class does nothing. By calling .load() we cause the class to load all the currently available environ variables. It also looks for and loads, if found, a .env file in the working directory. From there we can access those values with .get("KEY_NAME").

SecretBox arguments:

SecretBox(filename: str = ".env", aws_sstore_name: Optional[str] = None, aws_region: Optional[str] = None, auto_load: bool = False)

filename

  • You can specify a .env formatted file and location, overriding the default behavior to load the .env from the working directory

aws_sstore_name

  • When provided, an attempt to load values from named AWS secrets manager will be made. Requires aws_region to be provided. Requires boto3 and boto3-stubs[secretsmanager] to be installed

aws_region

  • When provided, an attempt to load values from the given AWS secrets manager found in this region will be made. Requires aws_sstore_name to be provided. Requires boto3 and boto3-stubs[secretsmanager] to be installed

auto_load

  • If true, the load() method will be auto-exectued on initialization

Load Order

Secret values are loaded, and over-written if pre-existing, in the following order:

  1. Local environment variables
  2. .env file
  3. AWS secret store [optional]

SecretBox methods:

.get("[Key Name]")

  • Returns the string value of the loaded value by key name. If the key does not exist, an empty string will be returned "". Note: This method pulls from the class instance's state copy of loaded value.

.load()

  • Runs all importer methods. If optional dependencies are not installed, e.g. boto3, the importer is skipped.

.load_env_vars()

  • Loads all existing os.environ values into state.

.load_env_file()

  • Loads .env file or any file provided with the filename argument on initialization.

.load_aws_store()

  • Loads secrets from AWS secret manager. Requires aws_sstore_name and aws_region to have been provided. Will raise NotImplementedError if library requirements are missing.

.env file format

Current format for the .env file supports strings only and is parsed in the following order:

  • Each seperate line is considered a new possible key/value set
  • Each set is delimted by the first = found
  • Leading and trailing whitespace are removed
  • Matched leading/trailing single quotes or double quotes will be stripped from values (not keys).

I'm open to suggestions on standards to follow here.

This .env example:

# Comments are ignored

KEY=value

Invalid lines without the equal sign delimiter will also be ignored

Will be parsed as:

{"KEY": "value"}

This .env example:

PASSWORD = correct horse battery staple
USER_NAME="not_admin"

MESSAGE = '    Totally not an "admin" account logging in'

Will be parsed as:

{
    "PASSWORD": "correct horse battery staple",
    "USER_NAME": "not_admin",
    "MESSAGE": '    Toally not an "admin" account logging in',
}

Local developer installation

It is highly recommended to use a venv for installation. Leveraging a venv will ensure the installed dependency files will not impact other python projects.

The instruction below make use of a bash shell and a Makefile. All commands should be able to be run individually of your shell does not support make

Clone this repo and enter root directory of repo:

$ git clone https://github.com/Preocts/secretbox
$ cd secretbox

Create and activate venv:

$ python3 -m venv venv
$ . venv/bin/activate

Your command prompt should now have a (venv) prefix on it.

Install editable library and development requirements:

(venv) $ pip install -r requirements-dev.txt
(venv) $ pip install --editable .[aws,tests]
(venv) $ pre-commit install

Run tests

(venv) $ tox

To exit the venv:

(venv) $ deactivate

Makefile

This repo has a Makefile with some quality of life scripts if your system supports make.

  • update : Clean all artifacts, update pip, update requirements, install everything
  • clean-pyc : Deletes python/mypy artifacts
  • clean-tests : Deletes tox, coverage, and pytest artifacts
  • build-dist : Build source distribution and wheel distribution

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

secretbox-1.3.0.tar.gz (6.6 kB view details)

Uploaded Source

Built Distribution

secretbox-1.3.0-py3-none-any.whl (8.7 kB view details)

Uploaded Python 3

File details

Details for the file secretbox-1.3.0.tar.gz.

File metadata

  • Download URL: secretbox-1.3.0.tar.gz
  • Upload date:
  • Size: 6.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/4.3.1 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.0 CPython/3.8.10

File hashes

Hashes for secretbox-1.3.0.tar.gz
Algorithm Hash digest
SHA256 61fffe434fb7a0da28cc91b022b0cee3e3bcc23075d41f62768147780decb204
MD5 676ba59bd332446f6aad1f1c1e6f7170
BLAKE2b-256 e78baef16cbfbdb6053da46af7c2385595810bae3e01387085b4860d73e98dd0

See more details on using hashes here.

File details

Details for the file secretbox-1.3.0-py3-none-any.whl.

File metadata

  • Download URL: secretbox-1.3.0-py3-none-any.whl
  • Upload date:
  • Size: 8.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/4.3.1 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.0 CPython/3.8.10

File hashes

Hashes for secretbox-1.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 92d615091bda21633850cddef2b804a49e1c39139d0dd83d533761b7c6f02129
MD5 321d29a5edfd5dde583fa5f933b9cbb6
BLAKE2b-256 954fe886df253cf089ce64174f3f6766795c264752724eecd4927f2c19e15f19

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page