Secrets manager baked into most OS's using keyring...
# randomv
visch
02/09/2022, 6:23 PMSecrets manager baked into most OS's using keyring - https://pypi.org/project/keyring/ 馃У for code
visch
02/09/2022, 6:24 PMSecrets manager that's baked into most os's 馃し
visch
02/09/2022, 6:25 PM Copy code
# Check for plugin. If exists, read it from keyring and set values.
self._plugin = plugin
if self._plugin:
import keyring
# Set default blank values for creds
keyring_creds = {
"client_id": None,
"client_secret": None,
"access_token": None
}
# Try to update the blank creds with values from keyring
try:
keyring_creds.update( json.loads( keyring.get_password( self._base_url, self._plugin) ) )
except:
pass
# Prompt for client_id or client_secret if not defined
if not keyring_creds['client_id'] or not keyring_creds['client_secret']:
import getpass
# Prompt for client_id if not defined
while not keyring_creds['client_id']:
keyring_creds['client_id'] = getpass.getpass( f"No client_id found for plugin {self._plugin} on {self._base_url}. Please enter: ")
# Prompt for client_secret if not defined
while not keyring_creds['client_secret']:
keyring_creds['client_secret'] = getpass.getpass( f"No client_secret found for plugin {self._plugin} on {self._base_url}. Please enter: ")
# Set keyring password value as a stringified JSON object with the client_id and client_secret
keyring.set_password( self._base_url, self._plugin, json.dumps(keyring_creds) )
# Set client_id, client_secret, and access_token
self._client_id = keyring_creds['client_id']
self._client_secret = keyring_creds['client_secret']
self._access_token = keyring_creds['access_token'] Copy code
if self._plugin:
import keyring
keyring.set_password( self._base_url, self._plugin, json.dumps({
"client_id": self._client_id,
"client_secret": self._client_secret,
"access_token": self._access_token
}))visch
02/09/2022, 6:27 PMI don't love the code, but the idea is interesting!
a
aaronsteers
02/09/2022, 6:29 PMInteresting indeed. 馃 I assume this is based https://pypi.org/project/keyring/
aaronsteers
02/09/2022, 6:30 PMmessage has been deleted
v
visch
02/09/2022, 6:30 PMyes! I ninja edited this on you so it has the link now 馃槃
visch
02/09/2022, 6:31 PMYeah normally I think https://registry.terraform.io/providers/hashicorp/vault/latest/docs / SecretServer (bunch of secret managers) but this one is baked into your OS and if you're mostly worried about local dev maybe it's a good choice? I have no idea I haven't tried to use these much myself as I don't trust my OS (Windows) to store this stuff for me very well
a
aaronsteers
02/09/2022, 6:41 PM