websauna.utils.secrets module

INI-file based secrets reading.

exception websauna.utils.secrets.MissingSecretsEnvironmentVariable[source]

Bases: Exception

Thrown when we try to interpolate an environment variable that does not exist.

websauna.utils.secrets.read_ini_secrets(secrets_file, strict=True)[source]

Read plaintext .INI file to pick up secrets.

Dummy secrets handler which does not have encryption. Reads INI file. Creates dictionary keys in format [ini section name].[ini key name] = value. Entries with a leading $ are environment variable expansions.

Example INI contents:

[authentication]
secret = CHANGEME

[authomatic]
# This is a secret seed used in various OAuth related keys
secret = CHANGEME

[facebook]
consumer_key = $FACEBOOK_CONSUMER_KEY
consumer_secret = $FACEBOOK_CONSUMER_SECRET

The following secrets_file formats are supported

  • A path relative to the current working directory, e.g. test-secrets.ini
  • Absolute path using file:// URL: file:///etc/myproject/mysecrets.ini
  • A path relative to deployed Python package. E.g. resource://websauna/conf/test-settings.ini
Parameters:
  • secrets_file – URI like resource://websauna/conf/test-settings.ini
  • strict – Bail out in the environment variable expansion if the environment variable is not. Useful e.g. for testing when all users are not assumed to know all secrets. In non-strict mode if the environment variable is missing the secret value is set to None.
Return type:

dict

Returns:

ConfigParser instance.

websauna.utils.secrets.resolve(uri)[source]

Resolve secrets location.