Move hardcoded secrets to a Secrets Manager-Python Tutorial-php.cn

Home

Backend Development

Python Tutorial

Move hardcoded secrets to a Secrets Manager

Barbara Streisand

Oct 14, 2024 am 06:15 AM

Move hardcoded secrets to a Secrets Manager

A secrets manager is a tool for storing and managing your passwords, API keys, database credentials and other types of sensitive data your application requires.

Secrets hard-coded in application source codes or stored in plain text files for your codes to consume can be exploited by malicious entities who can inspect the applications or the components in your system. This risk can be mitigated with secrets managers.

dotenv-vault

dotenv-vault is one such secrets manager that provides a safer alternative to putting your secrets in code.

[!Note]
This is not a tutorial on using dotenv-vault. The aim of this document is to explain how a secret manager can help developers avoid hard-coding secrets or storing them in plain text files. You can learn how to get started with dotenv-vault here.

Let's say I have sensitive information about a particular character in the movie Star Wars: Episode V and I want my program to use that information.

def spoiler():
    spoiler = "Darth Vader is Luke Skywalker's father"
    return { "spoiler": spoiler }

Instead of hard-coding the information, I would write it as an environment variable in the .env file:

SPOILER="Darth Vader is Luke Skywalker's father"

With dotenv-vault, my program is able to access the sensitive information by using the environment variable.

import os
from dotenv_vault import load_dotenv

load_dotenv() # Take environment variables from .env

def spoiler():
    spoiler = os.getenv("SPOILER") # Get the secret
    return { "spoiler": spoiler }

Then I encrypt the environment variable by syncing the .env file. Once the syncing is completed, a data known as DOTENV_KEY can be generated. This output can be read by my program as an environment variable in production.

DOTENV_KEY='dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=production' python main.py

As a result, my production application is able to access the secret.

{ "spoiler": "Darth Vader is Luke Skywalker's father" }

Choose the right Secrets Manager for you

There is a variety of secrets management solutions available. Each secrets manager comes with its own set of pros and cons. Choose the option that best fits your organization's requirements.

List of alternative Secrets Managers:

Infiscal
Doppler
HashiCorp Vault
AWS Secrets Manager
Azure Key Vault

The above is the detailed content of Move hardcoded secrets to a Secrets Manager. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

How Do I Use Beautiful Soup to Parse HTML?Mar 10, 2025 pm 06:54 PM

This article explains how to use Beautiful Soup, a Python library, to parse HTML. It details common methods like find(), find_all(), select(), and get_text() for data extraction, handling of diverse HTML structures and errors, and alternatives (Sel

Mathematical Modules in Python: StatisticsMar 09, 2025 am 11:40 AM

Python's statistics module provides powerful data statistical analysis capabilities to help us quickly understand the overall characteristics of data, such as biostatistics and business analysis. Instead of looking at data points one by one, just look at statistics such as mean or variance to discover trends and features in the original data that may be ignored, and compare large datasets more easily and effectively. This tutorial will explain how to calculate the mean and measure the degree of dispersion of the dataset. Unless otherwise stated, all functions in this module support the calculation of the mean() function instead of simply summing the average. Floating point numbers can also be used. import random import statistics from fracti

Serialization and Deserialization of Python Objects: Part 1Mar 08, 2025 am 09:39 AM

Serialization and deserialization of Python objects are key aspects of any non-trivial program. If you save something to a Python file, you do object serialization and deserialization if you read the configuration file, or if you respond to an HTTP request. In a sense, serialization and deserialization are the most boring things in the world. Who cares about all these formats and protocols? You want to persist or stream some Python objects and retrieve them in full at a later time. This is a great way to see the world on a conceptual level. However, on a practical level, the serialization scheme, format or protocol you choose may determine the speed, security, freedom of maintenance status, and other aspects of the program

How to Perform Deep Learning with TensorFlow or PyTorch?Mar 10, 2025 pm 06:52 PM

This article compares TensorFlow and PyTorch for deep learning. It details the steps involved: data preparation, model building, training, evaluation, and deployment. Key differences between the frameworks, particularly regarding computational grap

What are some popular Python libraries and their uses?Mar 21, 2025 pm 06:46 PM

The article discusses popular Python libraries like NumPy, Pandas, Matplotlib, Scikit-learn, TensorFlow, Django, Flask, and Requests, detailing their uses in scientific computing, data analysis, visualization, machine learning, web development, and H

How to Create Command-Line Interfaces (CLIs) with Python?Mar 10, 2025 pm 06:48 PM

This article guides Python developers on building command-line interfaces (CLIs). It details using libraries like typer, click, and argparse, emphasizing input/output handling, and promoting user-friendly design patterns for improved CLI usability.

Scraping Webpages in Python With Beautiful Soup: Search and DOM ModificationMar 08, 2025 am 10:36 AM

This tutorial builds upon the previous introduction to Beautiful Soup, focusing on DOM manipulation beyond simple tree navigation. We'll explore efficient search methods and techniques for modifying HTML structure. One common DOM search method is ex

Explain the purpose of virtual environments in Python.Mar 19, 2025 pm 02:27 PM

The article discusses the role of virtual environments in Python, focusing on managing project dependencies and avoiding conflicts. It details their creation, activation, and benefits in improving project management and reducing dependency issues.

See all articles