Skip to content

Cerberus

Module for retrieving secrets from Cerberus.

Secrets are stored as SecretContext and can be accessed accordingly.

See CerberusSecret for more information.

koheesio.secrets.cerberus.CerberusSecret #

Retrieve secrets from Cerberus and wrap them into Context class for easy access. All secrets are stored under the "secret" root and "parent". "Parent" either derived from the secure data path by replacing "/" and "-", or manually provided by the user. Secrets are wrapped into the pydantic.SecretStr.

Example: 

context = {
    "secrets": {
        "parent": {
            "webhook": SecretStr("**********"),
            "description": SecretStr("**********"),
        }
    }
}

Values can be decoded like this: 

context.secrets.parent.webhook.get_secret_value()
or if working with dictionary is preferable: 
for key, value in context.get_all().items():
    value.get_secret_value()

aws_session class-attribute instance-attribute #

aws_session: Optional[Session] = Field(default=None, description='AWS Session to pass to Cerberus client, can be used for local execution.')

path class-attribute instance-attribute #

path: str = Field(default=..., description="Secure data path, eg. 'app/my-sdb/my-secrets'")

token class-attribute instance-attribute #

token: Optional[SecretStr] = Field(default=get('CERBERUS_TOKEN', None), description='Cerberus token, can be used for local development without AWS auth mechanism.Note: Token has priority over AWS session.')

url class-attribute instance-attribute #

url: str = Field(default=..., description='Cerberus URL, eg. https://cerberus.domain.com')

verbose class-attribute instance-attribute #

verbose: bool = Field(default=False, description='Enable verbose for Cerberus client')