Metadata-Version: 2.1
Name: omegaconf-cloud-resolvers
Version: 0.2.0
Summary: Omegaconf custom resolvers to retrieve configuration values from cloud services
Author: M Gil Valverde
Author-email: m.gilvalverde@gmail.com
Requires-Python: >=3.9,<4.0
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Provides-Extra: aws
Provides-Extra: az
Provides-Extra: gcp
Requires-Dist: azure-identity (>=1.18.0,<2.0.0) ; extra == "az"
Requires-Dist: azure-keyvault-secrets (>=4.8.0,<5.0.0) ; extra == "az"
Requires-Dist: boto3 (>=1.34.16,<2.0.0) ; extra == "aws"
Requires-Dist: google-cloud-secret-manager (>=2.20.2,<3.0.0) ; extra == "gcp"
Requires-Dist: jmespath (>=1.0.1,<2.0.0)
Requires-Dist: omegaconf (>=2.3.0,<3.0.0)
Description-Content-Type: text/markdown

# Omegaconf Plugin: Cloud Secrets

This package is a plugin designed to enhance OmegaConf by providing additional custom resolvers to **securely retrieve
sensitive values** that should not be hard-coded in your configuration files.

Currently, there are resolvers for:

* AWS:
    * Secrets Manager
    * Parameter Store
* Google Cloud Platform (GCP):
    * Secret Manager
* Microsoft Azure:
    * Key Vault

## Installation

 * AWS:
```
pip install omegaconf-cloud-resolvers[aws]
```

 * GCP:
```
pip install omegaconf-cloud-resolvers[gcp]
```

 * Azure:
```
pip install omegaconf-cloud-resolvers[az]
```

## Quickstart

The following is an introductory example using a secret stored in AWS Secrets Manager.

First create a secret in the AWS Secrets Manager. You can use the CLI:

```bash
aws secretsmanager create-secret --name secret_jwt --secret-string 'thiscouldbe.a.jwt'
```

```python
from omegaconf import OmegaConf
from omegaconf_cloud_resolvers import register_custom_resolvers
from omegaconf_cloud_resolvers.resolvers.aws import AWSSecretsManagerResolver

# Option A. Define an env var: `AWS_DEFAULT_PROFILE=<your-aws-profile>`
# If you do, there is no need to pass a Session to the PluginResolver

# Option B. Alternatively you can create a boto3 session and pass it to the `AWSSecretsManagerResolver`
# Check `.aws/config` to see what are your profiles.
#   from boto3 import Session
#   session = Session(profile_name="<your-aws-profile>")

# Define the custom resolver. The dict key is the name that you will use  in your config
resolvers = {
    "aws_secretsmanager": AWSSecretsManagerResolver(),
}
# Use CustomResolverInjector to declare the resolver. You cannot inject twice the same key.
register_custom_resolvers(**resolvers)

# The syntax is: <resolver-name>:<secret-name>
conf = OmegaConf.create({"secret": "${aws_secretsmanager:secret_jwt}"})
print("Your secret is:", conf["secret"])  # THAT IS AN ILLUSTRATIVE EXAMPLE, NEVER DO THIS IN PRODUCTION
```

## Roadmap

- [X] Resolver for Azure Key Vault
- [ ] Support for older secret version - AWS Secrets Manager Resolver
- [ ] Examples using AWS services - Lambda
- [ ] Examples using Google Cloud Platform services - Functions


# WARNING

This package is in a very early and experimental stage, use it under your own responsibility.

# Troubleshooting


* **[AWS]** NoCredentialsError raised while resolving interpolation: Unable to locate credentials
  You might not have configured a default profile or provided with a session to a AWS Resolver.

