Introduction
============
The ``ox_secrets`` package provides a simple secret manager for python.
You can think ``ox_secrets`` like an ORM for secrets with the following
goals:
- Simple, light-weight management of secrets.
- Handle various back-ends for storing secrets:
- environment variables
- Amazon Web Services (AWS)
- local files
- Easy to switch secrets for dev, testing, or production.
- You can use simple file based secret storage in development and
testing and then add more sophisticated secret storage in
production. Similarly, you can use it to switch which type of
secret manager you are using by changing only the mode for
``ox_secerts`` (e.g., by setting ``OX_SECRETS_MODE`` environment
variable or setting the value of
``ox_secrets.settings.OX_SECRETS_MODE`` in python) without having
to re-write the rest of your code.
Currently, the following back ends are supported:
- ``fss``: File secret server
- Reads secrets from a local file.
- Useful for development and testing.
- ``evs``: Environment variable server.
- While other modes back ends can use environment variables to
override, this mode **ONLY** looks at environment variables.
- ``aws``: Uses the AWS Secret Manager or AWS Parameter Store
- By default the ``aws`` back-end will use the AWS Secrets Manager.
If you want to use the parameter store instead, provide
``service_name='ssm'``.
The main secret server can merge and cache secrets from multiple
back-ends in case your secrets are split across various places.
Usage
=====
To get started, you can simply ``pip install ox_secrets`` as usual and
then see either the `Usage in Python <#usage-in-python>`__ section for
how to use in python or the `Usage in Command
Line <#usage-in-command-line>`__ for the CLI.
Usage in Python
---------------
.. code:: python
#The =ox_secrets= package provides a simple secret server with various
#back-ends. The following illustrates example usage.
# First we setup an example secrets file:
>>> import os, tempfile, csv
>>> fn = tempfile.mktemp(suffix='_ox_secrets.csv')
>>> writer = csv.writer(open(fn, 'w')).writerows([
... ['name', 'category', 'value', 'notes'],
... ['example_name', 'root', 'super_secret', 'example secret'],
... ['example_pw', 'prod/data', 'super_secret_pw', 'example secret_pw'],
... ['example_pw', 'test/data', 'unsecret_test_pw', 'example secret test pw'],
... ['example_pw', 'alt', 'alt_unsecret_test_pw', 'alt secret test pw']])
>>> print(open(fn).read().strip())
name,category,value,notes
example_name,root,super_secret,example secret
example_pw,prod/data,super_secret_pw,example secret_pw
example_pw,test/data,unsecret_test_pw,example secret test pw
example_pw,alt,alt_unsecret_test_pw,alt secret test pw
>>> from ox_secrets import settings, server as oss
>>> oss.settings.OX_SECRETS_FILE = fn # default is ~/.ox_secrets.csv
>>> oss.forget_secrets() # Clear it to make sure we start fresh
>>> oss.get_secret('example_name')
'super_secret'
# We can also get a dictionary of all the secrets for a given category:
>>> oss.get_secret_dict(category='test/data')
{'example_pw': 'unsecret_test_pw'}
# We can also setup our environment variables from a secret dictionary
# using the setup_env_from_secrets for a given secret server:
>>> oss.get_server().setup_env_from_secrets(category='test/data')
>>> os.environ['example_pw']
'unsecret_test_pw'
# Sometimes it is nice to be able to just pass a dictionary of
# credential information to get_secret:
>>> creds = {'name': 'example_name', 'category': 'root', 'server': 'fss'}
>>> oss.get_secret(**creds)
'super_secret'
# You can also puts secrets into the environment variables:
>>> os.environ['OX_SECRETS_ROOT_EXAMPLE_NAME'] = 'other'
>>> oss.get_secret('example_name')
'other'
# You can use the OX_SECRETS_CATEGORY_REGEXP and
# the OX_SECRETS_CATEGORY_REPLACE either in the settings file
# or environment variables (before starting python) to automatically
# switch from production to testing secrets:
>>> oss.get_secret('example_pw', 'prod/data')
'super_secret_pw'
>>> oss.forget_secrets() # Clear it to make sure we start fresh
>>> oss.settings.OX_SECRETS_CATEGORY_REGEXP = '^prod/'
>>> oss.settings.OX_SECRETS_CATEGORY_REPLACE = 'test/'
>>> oss.get_secret('example_pw', 'prod/data')
'unsecret_test_pw'
# If desired, you can also store secrets (assuming
# you have appropriate permissions):
>>> oss.store_secrets({'example_pw': 'foobar'}, category='alt')
>>> oss.get_secret('example_pw', category='alt')
'foobar'
# Now cleanup
>>> os.remove(fn)
# If you have an account with the appropriate permissions (e.g.,
# you may need to set the AWS_PROFILE environment variable to
# to such an account), you can also store secrets and parameters
# to aws.
#
# For example, you could do something like:
#
# oss.get_server(mode='aws').store_secrets(
# {'test_storage':'foobar'}, category=AWS_SECRET_ID)
#
# to store a secret to the existing secret with secret ID
# `AWS_SECRET_ID` on Amazon Web Services. You could also proide the
# `service_name='ssm'` argument if you wanted to use the parameter store
# instead of the secret store via something like:
#
# oss.get_server(mode='aws').store_secrets(
# {'test_storage':'foobar', category=AWS_PARAM_NAME,
# service_name='ssm')
Usage in Command Line
---------------------
You can also use ``ox_secrets`` from the command line.
For example, if you setup a secrets file in ``~/.ox_secrets.csv``
similar to the example in the `Usage in Python <#usage-in-python>`__
section, you can do something like
.. code:: shell
ox_secrets example_name --category root
to extract the desired secret.
You can also pass other parameters (run ``ox_secrets --help`` for
details).
Raw data
{
"_id": null,
"home_page": "http://github.com/emin63/ox_secrets",
"name": "ox-secrets",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "secret management",
"author": "Emin Martinian",
"author_email": "emin.martinian@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/d5/49/6eaea1379f771a9adbb0680dc66d24e0ea3b9daec0dda964c622367bc4dd/ox_secrets-0.5.7.tar.gz",
"platform": null,
"description": "Introduction\n============\n\nThe ``ox_secrets`` package provides a simple secret manager for python.\nYou can think ``ox_secrets`` like an ORM for secrets with the following\ngoals:\n\n- Simple, light-weight management of secrets.\n- Handle various back-ends for storing secrets:\n\n - environment variables\n - Amazon Web Services (AWS)\n - local files\n\n- Easy to switch secrets for dev, testing, or production.\n\n - You can use simple file based secret storage in development and\n testing and then add more sophisticated secret storage in\n production. Similarly, you can use it to switch which type of\n secret manager you are using by changing only the mode for\n ``ox_secerts`` (e.g., by setting ``OX_SECRETS_MODE`` environment\n variable or setting the value of\n ``ox_secrets.settings.OX_SECRETS_MODE`` in python) without having\n to re-write the rest of your code.\n\nCurrently, the following back ends are supported:\n\n- ``fss``: File secret server\n\n - Reads secrets from a local file.\n - Useful for development and testing.\n\n- ``evs``: Environment variable server.\n\n - While other modes back ends can use environment variables to\n override, this mode **ONLY** looks at environment variables.\n\n- ``aws``: Uses the AWS Secret Manager or AWS Parameter Store\n\n - By default the ``aws`` back-end will use the AWS Secrets Manager.\n If you want to use the parameter store instead, provide\n ``service_name='ssm'``.\n\nThe main secret server can merge and cache secrets from multiple\nback-ends in case your secrets are split across various places.\n\nUsage\n=====\n\nTo get started, you can simply ``pip install ox_secrets`` as usual and\nthen see either the `Usage in Python <#usage-in-python>`__ section for\nhow to use in python or the `Usage in Command\nLine <#usage-in-command-line>`__ for the CLI.\n\nUsage in Python\n---------------\n\n.. code:: python\n\n\n #The =ox_secrets= package provides a simple secret server with various\n #back-ends. The following illustrates example usage.\n\n # First we setup an example secrets file:\n\n >>> import os, tempfile, csv\n >>> fn = tempfile.mktemp(suffix='_ox_secrets.csv')\n >>> writer = csv.writer(open(fn, 'w')).writerows([\n ... ['name', 'category', 'value', 'notes'],\n ... ['example_name', 'root', 'super_secret', 'example secret'],\n ... ['example_pw', 'prod/data', 'super_secret_pw', 'example secret_pw'],\n ... ['example_pw', 'test/data', 'unsecret_test_pw', 'example secret test pw'],\n ... ['example_pw', 'alt', 'alt_unsecret_test_pw', 'alt secret test pw']])\n >>> print(open(fn).read().strip())\n name,category,value,notes\n example_name,root,super_secret,example secret\n example_pw,prod/data,super_secret_pw,example secret_pw\n example_pw,test/data,unsecret_test_pw,example secret test pw\n example_pw,alt,alt_unsecret_test_pw,alt secret test pw\n\n >>> from ox_secrets import settings, server as oss\n >>> oss.settings.OX_SECRETS_FILE = fn # default is ~/.ox_secrets.csv\n >>> oss.forget_secrets() # Clear it to make sure we start fresh\n >>> oss.get_secret('example_name')\n 'super_secret'\n\n # We can also get a dictionary of all the secrets for a given category:\n\n >>> oss.get_secret_dict(category='test/data')\n {'example_pw': 'unsecret_test_pw'}\n\n # We can also setup our environment variables from a secret dictionary\n # using the setup_env_from_secrets for a given secret server:\n\n >>> oss.get_server().setup_env_from_secrets(category='test/data')\n >>> os.environ['example_pw']\n 'unsecret_test_pw'\n\n\n # Sometimes it is nice to be able to just pass a dictionary of\n # credential information to get_secret:\n\n >>> creds = {'name': 'example_name', 'category': 'root', 'server': 'fss'}\n >>> oss.get_secret(**creds)\n 'super_secret'\n\n # You can also puts secrets into the environment variables:\n\n >>> os.environ['OX_SECRETS_ROOT_EXAMPLE_NAME'] = 'other'\n >>> oss.get_secret('example_name')\n 'other'\n\n # You can use the OX_SECRETS_CATEGORY_REGEXP and\n # the OX_SECRETS_CATEGORY_REPLACE either in the settings file\n # or environment variables (before starting python) to automatically\n # switch from production to testing secrets:\n\n >>> oss.get_secret('example_pw', 'prod/data')\n 'super_secret_pw'\n >>> oss.forget_secrets() # Clear it to make sure we start fresh\n >>> oss.settings.OX_SECRETS_CATEGORY_REGEXP = '^prod/'\n >>> oss.settings.OX_SECRETS_CATEGORY_REPLACE = 'test/'\n >>> oss.get_secret('example_pw', 'prod/data')\n 'unsecret_test_pw'\n\n\n # If desired, you can also store secrets (assuming\n # you have appropriate permissions):\n\n >>> oss.store_secrets({'example_pw': 'foobar'}, category='alt')\n >>> oss.get_secret('example_pw', category='alt')\n 'foobar'\n\n # Now cleanup\n\n >>> os.remove(fn)\n\n\n # If you have an account with the appropriate permissions (e.g.,\n # you may need to set the AWS_PROFILE environment variable to\n # to such an account), you can also store secrets and parameters\n # to aws.\n # \n # For example, you could do something like:\n # \n # oss.get_server(mode='aws').store_secrets(\n # {'test_storage':'foobar'}, category=AWS_SECRET_ID)\n # \n # to store a secret to the existing secret with secret ID\n # `AWS_SECRET_ID` on Amazon Web Services. You could also proide the\n # `service_name='ssm'` argument if you wanted to use the parameter store\n # instead of the secret store via something like:\n # \n # oss.get_server(mode='aws').store_secrets(\n # {'test_storage':'foobar', category=AWS_PARAM_NAME,\n # service_name='ssm')\n\nUsage in Command Line\n---------------------\n\nYou can also use ``ox_secrets`` from the command line.\n\nFor example, if you setup a secrets file in ``~/.ox_secrets.csv``\nsimilar to the example in the `Usage in Python <#usage-in-python>`__\nsection, you can do something like\n\n.. code:: shell\n\n ox_secrets example_name --category root\n\nto extract the desired secret.\n\nYou can also pass other parameters (run ``ox_secrets --help`` for\ndetails).",
"bugtrack_url": null,
"license": "custom",
"summary": "Simple secret server for python",
"version": "0.5.7",
"project_urls": {
"Homepage": "http://github.com/emin63/ox_secrets"
},
"split_keywords": [
"secret",
"management"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "d5496eaea1379f771a9adbb0680dc66d24e0ea3b9daec0dda964c622367bc4dd",
"md5": "74da029b3c530d0de14ac3b091b8ef81",
"sha256": "a2c1b5eae17bca2d8b471de286e895565c54fc8fc0e90fec62570b97742a7775"
},
"downloads": -1,
"filename": "ox_secrets-0.5.7.tar.gz",
"has_sig": false,
"md5_digest": "74da029b3c530d0de14ac3b091b8ef81",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 16522,
"upload_time": "2024-04-14T17:30:06",
"upload_time_iso_8601": "2024-04-14T17:30:06.565421Z",
"url": "https://files.pythonhosted.org/packages/d5/49/6eaea1379f771a9adbb0680dc66d24e0ea3b9daec0dda964c622367bc4dd/ox_secrets-0.5.7.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-04-14 17:30:06",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "emin63",
"github_project": "ox_secrets",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [],
"lcname": "ox-secrets"
}