pass
Wrapper functions for the pass password manager.
Common Arguments
secret_store
Directory where the pass
secrets are stored, defaults to <current working directory>/secrets
if not provided.
path
Path to the secret inside the password store. All functions automatically use the path to check for an environment variable, to allow for overriding in CI environments where access to the password store may not be desirable.
path | environment variable |
---|---|
secret1 | SECRET1 |
nested/secret/password2 | NESTED_SECRET_PASSWORD2 |
secret-with-dashes3 | SECRET_WITH_DASHES3 |
``
env_name
Override the environment variable named derived from path
.
Functions
pass_has_secret(path, secret_store=None, env_name=None)
Returns True
if secret path
exists in secret_store
or is injected via environment variable derived from path or env_name
.
from solidblocks_do.secrets_pass import pass_has_secret
if pass_has_secret('secret1', '/path/to/secret/store'):
pass
pass_get_secret(path, secret_store=None, env_name=None)
Returns value of secret at path
inside secret_store
or from environment variable derived from path (or env_name
).
from solidblocks_do.secrets_pass import pass_get_secret
secret = pass_get_secret('secret1', '/path/to/secret/store')
if secret is not None:
pass
pass_temp_file(path, secret_store=None, env_name=None)
Stores value of secret at path
from secret_store
in a temporary file, that will get deleted when the pass_temp_file
context is closed.
from solidblocks_do.secrets_pass import pass_temp_file
with pass_temp_file('some/password', '/path/to/secret/store') as temp_secret_file:
secret = open(temp_secret_file, 'r').read()