Cerberus

Module for retrieving secrets from Cerberus.

Secrets are stored as SecretContext and can be accessed accordingly.

See CerberusSecret for more information.

koheesio.secrets.cerberus.CerberusSecret

Retrieve secrets from Cerberus and wrap them into Context class for easy access. All secrets are stored under the "secret" root and "parent". "Parent" either derived from the secure data path by replacing "/" and "-", or manually provided by the user. Secrets are wrapped into the pydantic.SecretStr.

Example:

context = {
    "secrets": {
        "parent": {
            "webhook": SecretStr("**********"),
            "description": SecretStr("**********"),
        }
    }
}

Values can be decoded like this:

context.secrets.parent.webhook.get_secret_value()

or if working with dictionary is preferable:

for key, value in context.get_all().items():
    value.get_secret_value()

aws_session class-attribute instance-attribute

aws_session: Optional[Session] = Field(
    default=None,
    description="AWS Session to pass to Cerberus client, can be used for local execution.",
)

path class-attribute instance-attribute

path: str = Field(
    default=...,
    description="Secure data path, eg. 'app/my-sdb/my-secrets'",
)

token class-attribute instance-attribute

token: Optional[SecretStr] = Field(
    default=get("CERBERUS_TOKEN", None),
    description="Cerberus token, can be used for local development without AWS auth mechanism.Note: Token has priority over AWS session.",
)

url class-attribute instance-attribute

url: str = Field(
    default=...,
    description="Cerberus URL, eg. https://cerberus.domain.com",
)

verbose class-attribute instance-attribute

verbose: bool = Field(
    default=False,
    description="Enable verbose for Cerberus client",
)