Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support env vars with _FILE suffix pointing to file with secret value #22

Open
makukha opened this issue Nov 26, 2024 · 3 comments
Open
Labels
enhancement New feature or request

Comments

@makukha
Copy link
Owner

makukha commented Nov 26, 2024

Many Docker images allow setting env vars pointing to specific secret file.

For example, official PostgreSQL docker image, in addition to env var POSTGRES_PASSWORD, allows setting POSTGRES_PASSWORD_FILE, which, if set, must point to a file containing secret value.

All env vars in official PostgreSQL image, that allow _FILE override, are

  • POSTGRES_INITDB_ARGS -> POSTGRES_INITDB_ARGS_FILE
  • POSTGRES_PASSWORD -> POSTGRES_PASSWORD_FILE
  • POSTGRES_USER -> POSTGRES_USER_FILE
  • POSTGRES_DB -> POSTGRES_DB_FILE

This feature makes sense for secrets other than regular settings, that's why it might be a good idea to add it to this package.

@makukha makukha added the enhancement New feature or request label Nov 26, 2024
@FichteFoll
Copy link

FichteFoll commented Nov 27, 2024

Would providing an explicit option for this functionality be an advantage over the already possible instantiation arguments?

In my current code, I use something like the following and I doubt that either hard-coding an environment variable and/or adding another argument to a config dict would be worth it, unless there is a commonly used standard for this that could be pushed that way.

    secrets_dir = os.getenv("SECRETS_BASEPATH")
    env_file = os.getenv("ENV_FILE", ENV_FILE) or None
    settings = AppSettings(
        _secrets_dir=secrets_dir,
        _env_file=env_file,
    )

@makukha
Copy link
Owner Author

makukha commented Nov 27, 2024

@FichteFoll sorry, the original issue had no description, I was keeping in mind a different thing (description added). In addition, I made issue title more clear. Do you think this would be useful?

@makukha makukha changed the title Support _FILE environment variables to set secret file name Support env vars with _FILE suffix pointing to file with secret value Nov 27, 2024
@FichteFoll
Copy link

FichteFoll commented Nov 27, 2024

I see. This is a different usage pattern than what I had assumed.

Since I'm using pydantic-file-secrets in applications whose life cycle I control, I can generally also specify where the files are mounted into a container and make those conform to the names defined by the base Settings model and how pydantic-file-secrets interprets them. Thus, I wouldn't need another way to achieve this.

I'm not sure if others may have a use case for this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants