Skip to content

Secrets

Module for secret integrations.

Contains abstract class for various secret integrations also known as SecretContext.

koheesio.secrets.Secret #

Abstract class for various secret integrations. All secrets are wrapped into Context class for easy access. Either existing context can be provided, or new context will be created and returned at runtime.

Secrets are wrapped into the pydantic.SecretStr.

context class-attribute instance-attribute #

context: Optional[Context] = Field(
    Context({}),
    description="Existing `Context` instance can be used for secrets, otherwise new empty context will be created.",
)

parent class-attribute instance-attribute #

parent: Optional[str] = Field(
    default=...,
    description="Group secrets from one secure path under this friendly name",
    pattern="^[a-zA-Z0-9_]+$",
)

root class-attribute instance-attribute #

root: Optional[str] = Field(
    default="secrets",
    description="All secrets will be grouped under this root.",
)

Output #

Output class for Secret.

context class-attribute instance-attribute #

context: Context = Field(
    default=..., description="Koheesio context"
)

encode_secret_values classmethod #

encode_secret_values(data: dict) -> dict

Encode secret values in the dictionary.

Ensures that all values in the dictionary are wrapped in SecretStr.

Source code in src/koheesio/secrets/__init__.py
@classmethod
def encode_secret_values(cls, data: dict) -> dict:
    """Encode secret values in the dictionary.

    Ensures that all values in the dictionary are wrapped in SecretStr.
    """
    encoded_dict = {}
    for key, value in data.items():
        if isinstance(value, dict):
            encoded_dict[key] = cls.encode_secret_values(value)
        else:
            encoded_dict[key] = SecretStr(value)  # type: ignore[assignment]
    return encoded_dict

execute #

execute() -> None

Main method to handle secrets protection and context creation with "root-parent-secrets" structure.

Source code in src/koheesio/secrets/__init__.py
def execute(self) -> None:
    """
    Main method to handle secrets protection and context creation with "root-parent-secrets" structure.
    """
    context = Context(self.encode_secret_values(data={self.root: {self.parent: self._get_secrets()}}))
    self.output.context = self.context.merge(context=context)

get #

get() -> Context

Convenience method to return context with secrets.

Source code in src/koheesio/secrets/__init__.py
def get(self) -> Context:
    """
    Convenience method to return context with secrets.
    """
    self.execute()
    return self.output.context