aws-vault

版本号：0.1.1 作者：Spacetime Labs

原因

使用AWS Secrets Manager存储敏感的KEY和VALUE参数（如AWS存储桶、数据库、外部API和其他服务的凭证）非常方便。然后您需要一些简单的方法来获取项目中的这些机密，而不是直接使用boto，您可能还需要支持多个环境（测试、预发布、生产）的环境变量回退。

概述

在AWS Secrets Manager中创建的机密

安装/使用

使用pip进行安装

$ pip install awsvault

或克隆仓库

$ git clone https://github.com/spacetimelabs/awsvault.git
$ python setup.py install

使用

基本使用

from awsvault import Vault

vault = Vault("myproject/email/prod")
email_user = vault.get("EMAIL_USER")
email_password = vault.get("EMAIL_PASS")

多个机密集

from awsvault import Vault

vault = Vault("myproject/email/prod,myproject/database/prod")
email_user = vault.get("EMAIL_USER")
email_password = vault.get("EMAIL_PASS")

db_hostname = vault.get("DB_HOSTNAME")
db_username = vault.get("DB_USERNAME")
db_password = vault.get("DB_PASSWORD")

从环境变量中获取值（本地/开发）

from awsvault import Vault

vault = Vault(None)
email_user = vault.get("EMAIL_USER")

我们通常如何使用它

import os
from awsvault import Vault

# In dev, the PROJECT_SECRETS is None and all secrets are set in the environment variables

# In testing, the PROJECT_SECRETS is mysecret/testing
# In prod, the PROJECT_SECRETS is mysecret/prod

PROJECT_SECRETS = os.environ['PROJECT_SECRETS']

# Then
vault = Vault(PROJECT_SECRETS)

my_secret = vault.get("MY_SECRET")

还可以覆盖默认的os.environ回退到字典或可调用对象

OVERRIDE = {
    'EMAIL_USER': 'bart.simpsons@example.com'
}

vault = Vault("myproject/email_secrets", look_first=OVERRIDE)
email_user = vault.get('EMAIL_USER')
assert email_user == 'bart.simpsons@example.com'

def my_super_special_get_config_fn(name):
    if name == 'FRUIT':
        return 'avocado'


vault = Vault("myproject/email_secrets", look_first=my_super_special_get_config_fn)
email_user = vault.get('EMAIL_USER')
fruit = vault.get('FRUIT')

assert fruit == 'avocado'

查看 tests 以获取更多使用示例

贡献

pip install requirements-dev.txt
tox