Django SecretsManager is a package that helps you manage the secret values used by Django through variable services.
pip install django-secrets-manager
- Python >= 3.6
- Django
- AWS_SECRETS_MANAGER_SECRET_NAME (or AWS_SECRET_NAME)
- Secret name of SecretsManager to use
- AWS_SECRETS_MANAGER_SECRET_SECTION (or AWS_SECRET_SECTION)
- The key that separates JSON objects by colons.
ex) In the example below, the "production" item is represented as "sample-project:production".
- The key that separates JSON objects by colons.
- AWS_SECRETS_MANAGER_REGION_NAME (or AWS_REGION_NAME)
- Region of the SecretsManager service to use
ex) ap-northeast-2
- Region of the SecretsManager service to use
SecretsManager's Secret value uses JSON format in Plaintext.
Here is an example Secret value to use for configuration, and the Secret (Corresponds to AWS_SECRETS_MANAGER_SECRET_NAME in the settings module) is named sample-project-secret
{
"sample-project(Recommend the name of django project)": {
"base(If the settings module is a package, submodule names are recommended)": {
"SECRET_KEY": "DjangoSecretKey"
},
"dev": {
"AWS_S3_BUCKET_NAME": "sample-s3-dev"
},
"production": {
"AWS_S3_BUCKET_NAME": "sample-s3-production"
}
}
}Django uses two methods to access the SecretsManager on AWS. The first uses a profile of ~/.aws/credentials in your home folder, and the second uses an environment variable.
Recommended for use in development environments
Set Profile of IAM User with SecretsManagerReadWrite Permission to ~/.aws/credentials. The following example uses the profile name sample-project-secretsmanager
[sample-project-secretsmanager]
aws_access_key_id = AKI*************
aws_secret_access_key = Mlp********************Then enter the profile name in AWS_SECRETS_MANAGER_PROFILE (or AWS_PROFILE) of the settings module.
# settings.py
AWS_SECRETS_MANAGER_PROFILE = 'sample-project-secrets-manager'Or using AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
# settings.py
AWS_ACCESS_KEY_ID = 'aws-access-key-id'
AWS_SECRET_ACCESS_KEY = 'aws-secret-access-key'It is recommended to use in distribution or CI / CD environment.
If you set the following values in the environment variable, the contents are used to use the SecretsManager service.
- AWS_SECRETS_MANAGER_ACCESS_KEY_ID (or AWS_ACCESS_KEY_ID)
- AWS_SECRETS_MANAGER_SECRET_ACCESS_KEY (or AWS_SECRET_ACCESS_KEY)
- First, import the SECRETS instance of the library.
- Enter the settings for Django AWS SecretsManager
- Use SECRETS as a dictionary to get the secrets you want
Follow the form of the example below
By separating the settings module into packages, it is assumed that there are base and dev submodules.
settings/ __init__.py base.py dev.py
## settings/base.py
# 1. Import the SECRETS instance of the library
from django_secrets import SECRETS
# 2. Enter the settings for Django AWS SecretsManager
AWS_SECRETS_MANAGER_SECRET_NAME = 'sample-project-secret'
AWS_SECRETS_MANAGER_PROFILE = 'sample-project-secretsmanager'
AWS_SECRETS_MANAGER_SECRET_SECTION = 'sample-project:base'
AWS_SECRETS_MANAGER_REGION_NAME = 'ap-northeast-2'
# 3. Use SECRETS as a dictionary to get the secrets you want
SECRET_KEY = SECRETS['SECRET_KEY']
SECRET_KEY = SECRETS.get('SECRET_KEY')## settings/dev.py
# The SECRETS instance is already imported from the base module.
from .base import *
# Use a different secrets section
AWS_SECRETS_MANAGER_SECRET_SECTION = 'sample-project:dev'
# Use SECRETS as a dictionary to get the secrets you want
AWS_STORAGE_BUCKET_NAME = SECRETS['AWS_STORAGE_BUCKET_NAME']
AWS_STORAGE_BUCKET_NAME = SECRETS.get('AWS_STORAGE_BUCKET_NAME', 'default')As an open source project, we welcome contributions.
The code lives on GitHub
