This package features an opinionated, python configuration management system, focused on combining both secret and non-secret keys in the same configuration file. The values for secret keys are encrypted and can be committed to the repo, but since each key is separated on a line-by-line basis, merge conflicts shouldn't cause much trouble.
pip install python-configuration-management
In a terminal, enter:
pycm generate-keyFollow the instructions printed to the console. For example, if you're setting up a production configuration,
make a file called .env-production in the root of your project. Inside of it, save the key generated
above to a variable called ENC_KEY.
To insert or update a secret, enter:
pycm upsert --environment <your environment>And follow the prompts.
Simply open the .yml file for the generated stage (the naming scheme is config-<environment>.yaml),
and insert a row. It should look like this:
USERNAME: whatsup1994 # non-secret
PASSWORD:
secret: true
value: gAAAAABf2_kxEgWXQzJ0SlRmDy6lbXe-d3dWD68W4aM26yiA0EO2_4pA5FhV96uMWCLwpt7N6Y32zXQq-gTJ3sREbh1GOvNh5Q==You can change the values of non-secrets by hand, as well as the keynames, but clearly you must not change the value of secrets by hand, as they're encrypted. Changing the order of any of the keys is perfectly fine.
To show the decrypted values of all the secrets in the console, enter:
pycm reveal --environment <your-environment>To re-encrypt all secret values for a given environment's config file, pass
pycm reencrypt --environment <your-environment> --new-key <your-new-key>If you do not provide a key, a new one will be generated for you.
In the root of your project, you can create a file called config-required.json.
The JSON object can be a list or a dictionary. This is useful for validating the presence of your keys on start-up.
There are two ways to use this library. You can either have a dotenv file with your ENC_KEY,
or you can place the ENC_KEY in your environment variables. If you use a dotenv, make sure
the file follows this naming scheme: .env-[environment].
As for accessing the config, if you don't mind a little magic, you can use inject_config.
# settings.py
from pycm import PYCM
# development is the environment name
pycm = PYCM("development")
pycm.inject_config(sys.modules[__name__])If you want more verbosity, you can import the following function which will return the config as a normalized dictionary that's flat and has all secrets decrypted.
# settings.py
from pycm import PYCM
pycm = PYCM("development")
# pycm.config = {"USERNAME": "helloworld", "PASSWORD": "im decrypted"}
USERNAME = pycm.config["USERNAME"]
# ...All file paths within the libary are relative to root by default. To change this
behaviour, pass a path object to the argument pycm_root that contains the
path to the root of your project (where your .env-[environment] and config-[environment].yml
files are stored).
To make this independent of where the script is run from, look at the tests
for test_get_config_weird_root. Here, an example of constructing a path independent
of where the script is run from is provided.
def test_get_config_weird_root():
# this test will pass when run from the root of this repo, or from the `tests` folder
pycm_root = Path(os.path.dirname(os.path.abspath(__file__)))
pycm = PYCM("nested", use_secrets=False, pycm_root=pycm_root)
assert pycm.config == {
"PASSWORD": "idk",
"USERNAME": "testusername",
}You'll need the following encryption key to run tests
rj10mXFq-JTDlsSa-5GxYzcx4KAF6TQpXWcl1LLbUTU=
This belongs either in your environment variables under ENC_KEY or in .env-test.
This project uses poetry for dependency management and packaging.