Installation
pip install confidential
How does it work?
Confidential manages secrets for your project, using AWS Secrets Manager.
First, store a secret in AWS Secrets Manager. Then, create a secrets file, say my_secrets.json
. A value will be decrypted if the word secret
precedes it, like the database
value below:
{
"database": "secret:database_details",
"environment": "production",
"debug_mode": false
}
You can decrypt this file either in Python, or directly using the CLI. Ensure AWS CLI is set up, then run:
confidential my_secrets.json
which outputs the file with decrypted values
{
"database": {
"url": "https://example.com",
"username": "admin",
"password": "p@55w0rd",
"port": 5678
},
"environment": "production",
"debug_mode": false
}
Can I use it in my Python projects?
Yes, simply import and instantiate SecretsManager
, like so:
settings.py
from confidential import SecretsManager
secrets = SecretManager(
secrets_file=".secrets/production.json",
secrets_file_default=".secrets/defaults.json", # Overridable defaults you can use in common environments
region_name="us-east-1",
)
DATABASES = {
'default': secrets["database"]
}
Testing
First, install all dependencies:
poetry install
Then run the tests
poetry run pytest