Skip to main content

A library that offers a simple method of loading and accessing environmental variables and `.env` file values.

Project description

secretbox

Code style: black pre-commit pre-commit.ci status Python Tests codecov

A library that offers a simple method of loading and accessing environmental variables, .env file values, and other sources of secrets. The class stores values to state when load methods are called.

Loaded values are also injected into the local environ. This is to assist with adjacent libraries that reference os.environ values by default. Required values can be kept in a .env file instead of managing a script to load them into the environment.


Requirements

  • Python >=3.6

Optional Dependencies

  • boto3
  • boto3-stubs[secretsmanager]

Install

$ pip install secretbox

Optional AWS Secret Manager support

$ pip install secretbox[aws]

Example use with auto_load=True

This loads the system environ and the .env from the current working directory into the class state for quick reference.

from secretbox import SecretBox

secrets = SecretBox(auto_load=True)


def main() -> int:
    """Main function"""
    my_sevice_password = secrets.get("SERVICE_PW")
    # More code
    return 0


if __name__ == "__main__":
    raise SystemExit(main())

Example use with load_from()

This loads our system environ, our AWS secret store, and then a specific .env file if it exists (replacing any values from the prior to loads)

Notice we can declare our parameters when creating the SecretBox instance and when calling load_from(). All keywords will be sent to the loaders with preference to the load_from() values.

from secretbox import SecretBox

secrets = SecretBox(filename="sandbox/.override_env")


def main() -> int:
    """Main function"""
    secrets.load_from(
        loaders=["environ", "awssecret", "envfile"],
        aws_sstore_name="mySecrets",
        aws_region_name="us-east-1",
    )
    my_sevice_password = secrets.get("SERVICE_PW")
    # More code
    return 0


if __name__ == "__main__":
    raise SystemExit(main())

SecretBox arguments:

SecretBox(auto_load: bool = False, load_debug: bool = False, **kwargs: Any)

auto_load

  • Loads environment variables and then the .env file from current working directory if found.

load_debug

  • When true, internal logger level is set to DEBUG. Secret values are truncated, however it is not recommended to leave this on for production deployments.

kwargs

  • All keyword arguments will be passed to loaders when called. These can also be given to the load_from() method as detailed below.

SecretBox API:

.get(key: str, default: str = "") -> str

  • Returns the string value of the loaded value by key name. If the key does not exist, an empty string will be returned "" or the provided optional default value.
  • Note: This method pulls from the instance's state and does not reflect changes to the environment before/after loading.

.load_from(loaders: list[str], **kwargs: Any) -> None

  • Runs load_values from each of the listed loadered in the order they appear
  • Loader options:
    • environ
      • Loads the current environmental variables into secretbox.
    • envfile
      • Loads .env file. Optional filename kwarg can override the default load of the current working directory .env file.
    • awssecret
      • Loads secrets from an AWS secret manager. Requires aws_sstore_name and aws_region_name keywords to be provided or for those values to be in the environment variables under AWS_SSTORE_NAME and AWS_REGION_NAME. aws_sstore_name is the name of the store, not the arn.
  • kwargs
    • All keyword arguments are passed into the loaders when they are called. Each loader details which extra keyword arguments it uses or requires above.

.env file format

Current format for the .env file supports strings only and is parsed in the following order:

  • Each seperate line is considered a new possible key/value set
  • Each set is delimted by the first = found
  • Leading and trailing whitespace are removed
  • Matched leading/trailing single quotes or double quotes will be stripped from values (not keys).

I'm open to suggestions on standards to follow here.

This .env example:

# Comments are ignored

KEY=value

Invalid lines without the equal sign delimiter will also be ignored

Will be parsed as:

{"KEY": "value"}

This .env example:

PASSWORD = correct horse battery staple
USER_NAME="not_admin"

MESSAGE = '    Totally not an "admin" account logging in'

Will be parsed as:

{
    "PASSWORD": "correct horse battery staple",
    "USER_NAME": "not_admin",
    "MESSAGE": '    Toally not an "admin" account logging in',
}

Local developer installation

It is highly recommended to use a venv for installation. Leveraging a venv will ensure the installed dependency files will not impact other python projects.

Clone this repo and enter root directory of repo:

$ git clone https://github.com/Preocts/secretbox
$ cd secretbox

Create and activate venv:

# Linux/MacOS
python3 -m venv venv
. venv/bin/activate

# Windows
python -m venv venv
venv\Scripts\activate.bat
# or
py -m venv venv
venv\Scripts\activate.bat

Your command prompt should now have a (venv) prefix on it.

Install editable library and development requirements:

# Linux/MacOS
pip install -r requirements-dev.txt
pip install --editable .[aws,tests]

# Windows
python -m pip install -r requirements-dev.txt
python -m pip install --editable .[aws,test]
# or
py -m pip install -r requirements-dev.txt
py -m pip install --editable .[aws,test]

Install pre-commit hooks to local repo:

pre-commit install
pre-commit autoupdate

Run tests

tox

To exit the venv:

deactivate

Makefile

This repo has a Makefile with some quality of life scripts if your system supports make.

  • install : Clean all artifacts, update pip, install requirements with no updates
  • update : Clean all artifacts, update pip, update requirements, install everything
  • clean-pyc : Deletes python/mypy artifacts
  • clean-tests : Deletes tox, coverage, and pytest artifacts
  • build-dist : Build source distribution and wheel distribution

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

secretbox-2.0.1.tar.gz (10.2 kB view details)

Uploaded Source

Built Distribution

secretbox-2.0.1-py3-none-any.whl (9.9 kB view details)

Uploaded Python 3

File details

Details for the file secretbox-2.0.1.tar.gz.

File metadata

  • Download URL: secretbox-2.0.1.tar.gz
  • Upload date:
  • Size: 10.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.8.10

File hashes

Hashes for secretbox-2.0.1.tar.gz
Algorithm Hash digest
SHA256 5eb8cf73303c07e9237ab9fab1cb89683c0577e82cbf5bdc88814abbaa26ef68
MD5 e9a6d8896c50f58ec83f3d5858161a74
BLAKE2b-256 cd206bdb233cdde722ef5992dcb30401ffcca3b9b890cd64aa24b46c3dbaf265

See more details on using hashes here.

File details

Details for the file secretbox-2.0.1-py3-none-any.whl.

File metadata

  • Download URL: secretbox-2.0.1-py3-none-any.whl
  • Upload date:
  • Size: 9.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.8.10

File hashes

Hashes for secretbox-2.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 8a1d8ae4ed77a816da0ddb6f85fa464605654f710d0ffb3a085f55c1dbc94203
MD5 2ef8c6c2b60d0e572a1dbae1c54be345
BLAKE2b-256 78a290873bdfb84fc9a29ca9a827d1e8785f52c861d15c3b4bebb4f0f66dbd90

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page