Utility package for assessing Google Cloud Platform (GCP) secrets uniformly
Project description
Introduction
This project is designed to simplify access to the secrets stored in the Secret Manager within Google Cloud Platform (GCP) during the development life cycle of Python apps.
Let's imagine you are working on a Python-based application running in Google Cloud Run as part of a team. In this case:
- Development is done locally on your machine,
- Code versioning and CI/CD pipelines are orchestrated with a Git repository such as GitHub
- The deployed application is running in Cloud Run, where the secrets are mounted as environmental variables.
The problem is that you need to have the secret available in your local environment, as well as in the environment where the application unit and integration tests are running, and finally in the Cloud Run environment.
This Python package unifies access to secrets across all the above-mentioned environments. It first looks if the secret is available as an environmental variable. If not, it tries to load it from the Secret Manager with the help of default application credentials sourced from the GOOGLE_APPLICATION_CREDENTIALS environmental variable.
This approach allows you to have the same codebase for all the environments and maintain carefully only the default application credentials.
Quick start
# import the Secret Assessor class
from surquest.GCP.secret_assessor import Secret
secret = Secret.get("MY_SECRET") # returns the secret value
# If your secret is a JSON string, you can load it as a dictionary
secret = Secret.get("MY_SECRET", parse="JSON") # returns the secret value as a dictionary
# If your secret is a YAML string, you can load it as a dictionary
secret = Secret.get("MY_SECRET", parse="YAML") # returns the secret value as a dictionary
Local development
You are more than welcome to contribute to this project. To make your start easier we have prepared a docker image with all the necessary tools to run it as interpreter for Pycharm or to run tests.
Build docker image
docker build `
--tag surquest/gcp/secretassessor `
--file package.base.dockerfile `
--target test .
Run tests
docker run --rm -it `
-v "${pwd}:/opt/project" `
-e "GOOGLE_APPLICATION_CREDENTIALS=/opt/project/credentials/keyfile.json" `
-w "/opt/project/test" `
surquest/gcp/secretassessor pytest
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for surquest_gcp_secret_assessor-0.0.4.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 89533019a227c3cefaf791edbee7c9d3029eeb3fa375476ba30897f5339b023e |
|
| MD5 | c5629f58f7ea61109fc3406a04acf600 |
|
| BLAKE2b-256 | 5a26382ac4be7499fbbab20169c4574f325c386e5b866a0445346f971aae70b2 |
Hashes for surquest_gcp_secret_assessor-0.0.4-py2.py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6df7b1518368c68a6d9ba01e0fe186e837e63e25aaa635bbd162b3c279f5cad8 |
|
| MD5 | 73afd494a04ab196fa9f94b134984c25 |
|
| BLAKE2b-256 | 1b1ea5da318e51f98dfe1d5e48c7a219fd4bd5d79c8d3beae536cdb5a271023d |
