pydantic2-settings-vault


Namepydantic2-settings-vault JSON
Version 1.1.0 PyPI version JSON
download
home_pageNone
SummaryA Pydantic v2 settings extension for secure configuration management using HashiCorp Vault OpenSource (OSS) and Enterprise
upload_time2025-02-22 13:08:38
maintainerNone
docs_urlNone
authorNone
requires_python>=3.10
licenseMIT
keywords configuration enterprise hashicorp opensource pydantic python secrets management security settings vault
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls. 
            # Pydantic2-Settings-Vault

Pydantic2-Settings-Vault is a simple extension of Pydantic Settings to collect secrets from HashiCorp Vault OpenSource (OSS) and Enterprise


### Demonstration:

```python
from functools import lru_cache
from threading import Lock
from typing import Tuple, Type
from pydantic import Field, SecretStr
from pydantic_settings import (
    BaseSettings,
    PydanticBaseSettingsSource,
)
from pydantic2_settings_vault import VaultConfigSettingsSource

class AppSettings(BaseSettings):

    MY_SECRET: SecretStr = Field(
        ...,
        json_schema_extra={
            "vault_secret_path": "secret/data/test",
            "vault_secret_key": "FOO",  # pragma: allowlist secret
        },
    )
    
    @classmethod
    def settings_customise_sources(
        cls,
        settings_cls: Type[BaseSettings],
        init_settings: PydanticBaseSettingsSource,
        env_settings: PydanticBaseSettingsSource,
        dotenv_settings: PydanticBaseSettingsSource,
        file_secret_settings: PydanticBaseSettingsSource,
    ) -> Tuple[PydanticBaseSettingsSource, ...]:
        return (
            init_settings,
            env_settings,
            dotenv_settings,
            VaultConfigSettingsSource(settings_cls=settings_cls),
        )

# The connection to Vault is done via HTTPS with AppRole authentication
import os
os.environ['VAULT_URL'] = "<configure it>"
os.environ['VAULT_ROLE_ID'] = "<configure it>"
os.environ['VAULT_SECRET_ID'] = "<configure it>"

# Only with Enterprise edition
os.environ['VAULT_NAMESPACE'] = "<configure it>"

### Usage
app_settings_lock = Lock()

@lru_cache
def get_app_settings() -> AppSettings:
    with app_settings_lock:
        return AppSettings()  # type: ignore
```

### Internal interactions:
```mermaid
sequenceDiagram
    participant A as Your Application
    participant B as BaseSettings
    participant V as Vault
    note over A,B: 1. Retrieve settings
    A->>B: get_app_settings()
    note over B: 2. Collect secrets paths
    B->>B: foreach fields, get the secret path and keep unique value
    note over B,V: 3. HTTPS Asynchronously fetch secrets by path from Vault
    B->>V: get_secrets(secrets/data/<A>)
    B->>V: get_secrets(secrets/data/<B>)
    note over V,B: 4. Vault returns secrets
    V->>B: return secrets for secrets/data/<A>
    V->>B: return secrets for secrets/data/<B>
    note over B: 5. Fill fields with secrets values
    B->>B: SECRET_ONE => secrets/data/<A>[SECRET_ONE] <br> SECRET_TWO => secrets/data/<A>[SECRET_TWO] <br> SECRET_THREE => secrets/data/<B>[SECRET_THREE]
    note over B,A: 6. Return settings
    B->>A: settings with variables and secrets
```

## Table of Contents

- [Pydantic2-Settings-Vault](#Pydantic2-Settings-Vault)
  - [Table of Contents](#table-of-contents)
  - [Description](#description)
  - [Installation](#installation)
  - [License](#license)
  - [Contact](#contact)

## Description

Pydantic2-Settings-Vault is a extension for Pydantic Settings that enables secure configuration management by integrating with HashiCorp Vault. This library supports both the open-source (OSS) and Enterprise versions of Vault, providing a seamless way to retrieve and manage secrets within your Pydantic-based applications. By leveraging Vault's robust security features, Pydantic2-Settings-Vault allows developers to easily incorporate secure secret management practices into their Python projects, enhancing overall application security and simplifying the handling of sensitive configuration data.

## Installation

```bash
# Install the dependency
pip install pydantic2-settings-vault
uv add pydantic2-settings-vault
poetry add pydantic2-settings-vault
```

## License

Pydantic2-Settings-Vault is released under the MIT License. See the [LICENSE](LICENSE) file for more details.

## Contact

For questions, suggestions, or issues related to Pydantic2-Settings-Vault, please open an issue on the GitHub repository.

Raw data

            {
    "_id": null,
    "home_page": null,
    "name": "pydantic2-settings-vault",
    "maintainer": null,
    "docs_url": null,
    "requires_python": ">=3.10",
    "maintainer_email": null,
    "keywords": "configuration, enterprise, hashicorp, opensource, pydantic, python, secrets management, security, settings, vault",
    "author": null,
    "author_email": "Sylvain Mouquet <sylvain.mouquet@gmail.com>",
    "download_url": "https://files.pythonhosted.org/packages/97/26/f678a420a1182a7b1c8b59d5272c2034c9df705aca23798bbcd90d12e791/pydantic2_settings_vault-1.1.0.tar.gz",
    "platform": null,
    "description": "# Pydantic2-Settings-Vault\n\nPydantic2-Settings-Vault is a simple extension of Pydantic Settings to collect secrets from HashiCorp Vault OpenSource (OSS) and Enterprise\n\n\n### Demonstration:\n\n```python\nfrom functools import lru_cache\nfrom threading import Lock\nfrom typing import Tuple, Type\nfrom pydantic import Field, SecretStr\nfrom pydantic_settings import (\n    BaseSettings,\n    PydanticBaseSettingsSource,\n)\nfrom pydantic2_settings_vault import VaultConfigSettingsSource\n\nclass AppSettings(BaseSettings):\n\n    MY_SECRET: SecretStr = Field(\n        ...,\n        json_schema_extra={\n            \"vault_secret_path\": \"secret/data/test\",\n            \"vault_secret_key\": \"FOO\",  # pragma: allowlist secret\n        },\n    )\n    \n    @classmethod\n    def settings_customise_sources(\n        cls,\n        settings_cls: Type[BaseSettings],\n        init_settings: PydanticBaseSettingsSource,\n        env_settings: PydanticBaseSettingsSource,\n        dotenv_settings: PydanticBaseSettingsSource,\n        file_secret_settings: PydanticBaseSettingsSource,\n    ) -> Tuple[PydanticBaseSettingsSource, ...]:\n        return (\n            init_settings,\n            env_settings,\n            dotenv_settings,\n            VaultConfigSettingsSource(settings_cls=settings_cls),\n        )\n\n# The connection to Vault is done via HTTPS with AppRole authentication\nimport os\nos.environ['VAULT_URL'] = \"<configure it>\"\nos.environ['VAULT_ROLE_ID'] = \"<configure it>\"\nos.environ['VAULT_SECRET_ID'] = \"<configure it>\"\n\n# Only with Enterprise edition\nos.environ['VAULT_NAMESPACE'] = \"<configure it>\"\n\n### Usage\napp_settings_lock = Lock()\n\n@lru_cache\ndef get_app_settings() -> AppSettings:\n    with app_settings_lock:\n        return AppSettings()  # type: ignore\n```\n\n### Internal interactions:\n```mermaid\nsequenceDiagram\n    participant A as Your Application\n    participant B as BaseSettings\n    participant V as Vault\n    note over A,B: 1. Retrieve settings\n    A->>B: get_app_settings()\n    note over B: 2. Collect secrets paths\n    B->>B: foreach fields, get the secret path and keep unique value\n    note over B,V: 3. HTTPS Asynchronously fetch secrets by path from Vault\n    B->>V: get_secrets(secrets/data/<A>)\n    B->>V: get_secrets(secrets/data/<B>)\n    note over V,B: 4. Vault returns secrets\n    V->>B: return secrets for secrets/data/<A>\n    V->>B: return secrets for secrets/data/<B>\n    note over B: 5. Fill fields with secrets values\n    B->>B: SECRET_ONE => secrets/data/<A>[SECRET_ONE] <br> SECRET_TWO => secrets/data/<A>[SECRET_TWO] <br> SECRET_THREE => secrets/data/<B>[SECRET_THREE]\n    note over B,A: 6. Return settings\n    B->>A: settings with variables and secrets\n```\n\n## Table of Contents\n\n- [Pydantic2-Settings-Vault](#Pydantic2-Settings-Vault)\n  - [Table of Contents](#table-of-contents)\n  - [Description](#description)\n  - [Installation](#installation)\n  - [License](#license)\n  - [Contact](#contact)\n\n## Description\n\nPydantic2-Settings-Vault is a extension for Pydantic Settings that enables secure configuration management by integrating with HashiCorp Vault. This library supports both the open-source (OSS) and Enterprise versions of Vault, providing a seamless way to retrieve and manage secrets within your Pydantic-based applications. By leveraging Vault's robust security features, Pydantic2-Settings-Vault allows developers to easily incorporate secure secret management practices into their Python projects, enhancing overall application security and simplifying the handling of sensitive configuration data.\n\n## Installation\n\n```bash\n# Install the dependency\npip install pydantic2-settings-vault\nuv add pydantic2-settings-vault\npoetry add pydantic2-settings-vault\n```\n\n## License\n\nPydantic2-Settings-Vault is released under the MIT License. See the [LICENSE](LICENSE) file for more details.\n\n## Contact\n\nFor questions, suggestions, or issues related to Pydantic2-Settings-Vault, please open an issue on the GitHub repository.\n\n",
    "bugtrack_url": null,
    "license": "MIT",
    "summary": "A Pydantic v2 settings extension for secure configuration management using HashiCorp Vault OpenSource (OSS) and Enterprise",
    "version": "1.1.0",
    "project_urls": {
        "changelog": "https://github.com/sylvainmouquet/pydantic2-settings-vault/releases",
        "documentation": "https://github.com/sylvainmouquet/pydantic2-settings-vault",
        "homepage": "https://github.com/sylvainmouquet/pydantic2-settings-vault",
        "repository": "https://github.com/sylvainmouquet/pydantic2-settings-vault"
    },
    "split_keywords": [
        "configuration",
        " enterprise",
        " hashicorp",
        " opensource",
        " pydantic",
        " python",
        " secrets management",
        " security",
        " settings",
        " vault"
    ],
    "urls": [
        {
            "comment_text": null,
            "digests": {
                "blake2b_256": "4432ae712ef302d83cbdb1f9a5913a68721e6a902aac734bbfbc71c8f4e358a8",
                "md5": "23c90141a2259ad147e41b2a12def225",
                "sha256": "f7ba3c3908ce5c53ee5c461f29eafee318367f4396895eda33e80ef736f117c9"
            },
            "downloads": -1,
            "filename": "pydantic2_settings_vault-1.1.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "23c90141a2259ad147e41b2a12def225",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.10",
            "size": 6131,
            "upload_time": "2025-02-22T13:08:36",
            "upload_time_iso_8601": "2025-02-22T13:08:36.356526Z",
            "url": "https://files.pythonhosted.org/packages/44/32/ae712ef302d83cbdb1f9a5913a68721e6a902aac734bbfbc71c8f4e358a8/pydantic2_settings_vault-1.1.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": null,
            "digests": {
                "blake2b_256": "9726f678a420a1182a7b1c8b59d5272c2034c9df705aca23798bbcd90d12e791",
                "md5": "ef4b01c32542f8c0ad4f82d193a35838",
                "sha256": "c2b23c8cf891a095e86109cabb165c94fadc2f0cdf1e8ab00708483db00801b3"
            },
            "downloads": -1,
            "filename": "pydantic2_settings_vault-1.1.0.tar.gz",
            "has_sig": false,
            "md5_digest": "ef4b01c32542f8c0ad4f82d193a35838",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.10",
            "size": 63635,
            "upload_time": "2025-02-22T13:08:38",
            "upload_time_iso_8601": "2025-02-22T13:08:38.069201Z",
            "url": "https://files.pythonhosted.org/packages/97/26/f678a420a1182a7b1c8b59d5272c2034c9df705aca23798bbcd90d12e791/pydantic2_settings_vault-1.1.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2025-02-22 13:08:38",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "sylvainmouquet",
    "github_project": "pydantic2-settings-vault",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "lcname": "pydantic2-settings-vault"
}
None
Elapsed time: 0.43070s