Skip to content

surquest/python-gcp-secrets-assessor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

.github/workflows

.github/workflows

 
 

src

src

 
 

test

test

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

package.base.dockerfile

package.base.dockerfile

 
 

pyproject.toml

pyproject.toml

 
 

Repository files navigation

GitHub GitHub Workflow Status (with branch) Coverage PyPI - Downloads

Introduction

This project is designed to simplify access to the secrets stored in the Secret Manager within Google Cloud Platform (GCP) during the development life cycle of Python apps.

Let's imagine you are working on a Python-based application running in Google Cloud Run as part of a team. In this case:

  • Development is done locally on your machine,
  • Code versioning and CI/CD pipelines are orchestrated with a Git repository such as GitHub
  • The deployed application is running in Cloud Run, where the secrets are mounted as environmental variables.

The problem is that you need to have the secret available in your local environment, as well as in the environment where the application unit and integration tests are running, and finally in the Cloud Run environment.

This Python package unifies access to secrets across all the above-mentioned environments. It first looks if the secret is available as an environmental variable. If not, it tries to load it from the Secret Manager with the help of default application credentials sourced from the GOOGLE_APPLICATION_CREDENTIALS environmental variable.

This approach allows you to have the same codebase for all the environments and maintain carefully only the default application credentials.

Quick start

# import the Secret Assessor class
from surquest.GCP.secret_assessor import Secret

secret = Secret.get("MY_SECRET") # returns the secret value

# If your secret is a JSON string, you can load it as a dictionary
secret = Secret.get("MY_SECRET", parse="JSON") # returns the secret value as a dictionary

# If your secret is a YAML string, you can load it as a dictionary
secret = Secret.get("MY_SECRET", parse="YAML") # returns the secret value as a dictionary

Local development

You are more than welcome to contribute to this project. To make your start easier we have prepared a docker image with all the necessary tools to run it as interpreter for Pycharm or to run tests.

Build docker image

docker build `
     --tag surquest/gcp/secretassessor `
     --file package.base.dockerfile `
     --target test .

Run tests

docker run --rm -it `
 -v "${pwd}:/opt/project" `
 -e "GOOGLE_APPLICATION_CREDENTIALS=/opt/project/credentials/keyfile.json" `
 -w "/opt/project/test" `
 surquest/gcp/secretassessor pytest

About

Wrapper around Google Cloud Platform Secret Manager API to simplify access to the secrets during the development lifecycle

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

Preview Latest
Mar 26, 2023
+ 1 release

Packages

No packages published

Languages