From 31e8ed3a00587120c9489424f44a0e77a26723b4 Mon Sep 17 00:00:00 2001 From: soyouzpanda Date: Mon, 28 Apr 2025 18:18:39 +0200 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8(backend)=20support=20`=5FFILE`=20envi?= =?UTF-8?q?ronment=20variables=20for=20secrets?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allow configuration variables that handles secrets, like `DJANGO_SECRET_KEY` to be able to read from a file which is given through an environment file. For example, if `DJANGO_SECRET_KEY_FILE` is set to `/var/lib/docs/django-secret-key`, the value of `DJANGO_SECRET_KEY` will be the content of `/var/lib/docs/django-secret-key`. --- CHANGELOG.md | 1 + src/backend/impress/settings.py | 19 ++++++++++--------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8af63ae5..e8bf858c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,6 +33,7 @@ and this project adheres to - 🐛(frontend) fix meta title #1017 - 🔧(git) set LF line endings for all text files #1032 - 📝(docs) minor fixes to docs/env.md +- ✨(backend) support `_FILE` environment variables for secrets #912 ### Removed diff --git a/src/backend/impress/settings.py b/src/backend/impress/settings.py index e306ddf3..dd1d3acc 100755 --- a/src/backend/impress/settings.py +++ b/src/backend/impress/settings.py @@ -19,6 +19,7 @@ from django.utils.translation import gettext_lazy as _ import sentry_sdk from configurations import Configuration, values from csp.constants import NONE +from lasuite.configuration.values import SecretFileValue from sentry_sdk.integrations.django import DjangoIntegration from sentry_sdk.integrations.logging import ignore_logger @@ -68,7 +69,7 @@ class Base(Configuration): # Security ALLOWED_HOSTS = values.ListValue([]) - SECRET_KEY = values.Value(None) + SECRET_KEY = SecretFileValue(None) SERVER_TO_SERVER_API_TOKENS = values.ListValue([]) # Application definition @@ -87,7 +88,7 @@ class Base(Configuration): "impress", environ_name="DB_NAME", environ_prefix=None ), "USER": values.Value("dinum", environ_name="DB_USER", environ_prefix=None), - "PASSWORD": values.Value( + "PASSWORD": SecretFileValue( "pass", environ_name="DB_PASSWORD", environ_prefix=None ), "HOST": values.Value( @@ -125,10 +126,10 @@ class Base(Configuration): AWS_S3_ENDPOINT_URL = values.Value( environ_name="AWS_S3_ENDPOINT_URL", environ_prefix=None ) - AWS_S3_ACCESS_KEY_ID = values.Value( + AWS_S3_ACCESS_KEY_ID = SecretFileValue( environ_name="AWS_S3_ACCESS_KEY_ID", environ_prefix=None ) - AWS_S3_SECRET_ACCESS_KEY = values.Value( + AWS_S3_SECRET_ACCESS_KEY = SecretFileValue( environ_name="AWS_S3_SECRET_ACCESS_KEY", environ_prefix=None ) AWS_S3_REGION_NAME = values.Value( @@ -393,7 +394,7 @@ class Base(Configuration): EMAIL_BRAND_NAME = values.Value(None) EMAIL_HOST = values.Value(None) EMAIL_HOST_USER = values.Value(None) - EMAIL_HOST_PASSWORD = values.Value(None) + EMAIL_HOST_PASSWORD = SecretFileValue(None) EMAIL_LOGO_IMG = values.Value(None) EMAIL_PORT = values.PositiveIntegerValue(None) EMAIL_USE_TLS = values.BooleanValue(False) @@ -416,7 +417,7 @@ class Base(Configuration): COLLABORATION_API_URL = values.Value( None, environ_name="COLLABORATION_API_URL", environ_prefix=None ) - COLLABORATION_SERVER_SECRET = values.Value( + COLLABORATION_SERVER_SECRET = SecretFileValue( None, environ_name="COLLABORATION_SERVER_SECRET", environ_prefix=None ) COLLABORATION_WS_URL = values.Value( @@ -491,7 +492,7 @@ class Base(Configuration): OIDC_RP_CLIENT_ID = values.Value( "impress", environ_name="OIDC_RP_CLIENT_ID", environ_prefix=None ) - OIDC_RP_CLIENT_SECRET = values.Value( + OIDC_RP_CLIENT_SECRET = SecretFileValue( None, environ_name="OIDC_RP_CLIENT_SECRET", environ_prefix=None, @@ -606,7 +607,7 @@ class Base(Configuration): AI_FEATURE_ENABLED = values.BooleanValue( default=False, environ_name="AI_FEATURE_ENABLED", environ_prefix=None ) - AI_API_KEY = values.Value(None, environ_name="AI_API_KEY", environ_prefix=None) + AI_API_KEY = SecretFileValue(None, environ_name="AI_API_KEY", environ_prefix=None) AI_BASE_URL = values.Value(None, environ_name="AI_BASE_URL", environ_prefix=None) AI_MODEL = values.Value(None, environ_name="AI_MODEL", environ_prefix=None) AI_ALLOW_REACH_FROM = values.Value( @@ -627,7 +628,7 @@ class Base(Configuration): } # Y provider microservice - Y_PROVIDER_API_KEY = values.Value( + Y_PROVIDER_API_KEY = SecretFileValue( environ_name="Y_PROVIDER_API_KEY", environ_prefix=None, )