Cerberus
Module for retrieving secrets from Cerberus.
Secrets are stored as SecretContext and can be accessed accordingly.
See CerberusSecret for more information.
koheesio.secrets.cerberus.CerberusSecret #
Retrieve secrets from Cerberus and wrap them into Context class for easy access. All secrets are stored under the "secret" root and "parent". "Parent" either derived from the secure data path by replacing "/" and "-", or manually provided by the user. Secrets are wrapped into the pydantic.SecretStr.
Example:
context = {
"secrets": {
"parent": {
"webhook": SecretStr("**********"),
"description": SecretStr("**********"),
}
}
}
Values can be decoded like this:
or if working with dictionary is preferable:
aws_session
class-attribute
instance-attribute
#
aws_session: Optional[Session] = Field(default=None, description='AWS Session to pass to Cerberus client, can be used for local execution.')
path
class-attribute
instance-attribute
#
path: str = Field(default=..., description="Secure data path, eg. 'app/my-sdb/my-secrets'")
token
class-attribute
instance-attribute
#
token: Optional[SecretStr] = Field(default=get('CERBERUS_TOKEN', None), description='Cerberus token, can be used for local development without AWS auth mechanism.Note: Token has priority over AWS session.')