studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(backend) support _FILE environment variables for secrets

Browse Source 
Allow configuration variables that handles secrets, like
`DJANGO_SECRET_KEY` to be able to read from a file which is given
through an environment file.

For example, if `DJANGO_SECRET_KEY_FILE` is set to
`/var/lib/docs/django-secret-key`, the value of `DJANGO_SECRET_KEY` will
be the content of `/var/lib/docs/django-secret-key`.
This commit is contained in:
soyouzpanda
2025-04-28 18:18:39 +02:00
parent 7e63e9e460
commit 31e8ed3a00
2 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -33,6 +33,7 @@ and this project adheres to
- 🐛(frontend) fix meta title #1017 - 🐛(frontend) fix meta title #1017
- 🔧(git) set LF line endings for all text files #1032 - 🔧(git) set LF line endings for all text files #1032
- 📝(docs) minor fixes to docs/env.md - 📝(docs) minor fixes to docs/env.md
- ✨(backend) support `_FILE` environment variables for secrets #912
### Removed ### Removed

19
src/backend/impress/settings.py
View File

@@ -19,6 +19,7 @@ from django.utils.translation import gettext_lazy as _
import sentry_sdk import sentry_sdk
from configurations import Configuration, values from configurations import Configuration, values
from csp.constants import NONE from csp.constants import NONE
from lasuite.configuration.values import SecretFileValue
from sentry_sdk.integrations.django import DjangoIntegration from sentry_sdk.integrations.django import DjangoIntegration
from sentry_sdk.integrations.logging import ignore_logger from sentry_sdk.integrations.logging import ignore_logger
@@ -68,7 +69,7 @@ class Base(Configuration):
# Security # Security
ALLOWED_HOSTS = values.ListValue([]) ALLOWED_HOSTS = values.ListValue([])
SECRET_KEY = values.Value(None) SECRET_KEY = SecretFileValue(None)
SERVER_TO_SERVER_API_TOKENS = values.ListValue([]) SERVER_TO_SERVER_API_TOKENS = values.ListValue([])
# Application definition # Application definition
@@ -87,7 +88,7 @@ class Base(Configuration):
"impress", environ_name="DB_NAME", environ_prefix=None "impress", environ_name="DB_NAME", environ_prefix=None
), ),
"USER": values.Value("dinum", environ_name="DB_USER", environ_prefix=None), "USER": values.Value("dinum", environ_name="DB_USER", environ_prefix=None),
"PASSWORD": values.Value( "PASSWORD": SecretFileValue(
"pass", environ_name="DB_PASSWORD", environ_prefix=None "pass", environ_name="DB_PASSWORD", environ_prefix=None
), ),
"HOST": values.Value( "HOST": values.Value(
@@ -125,10 +126,10 @@ class Base(Configuration):
AWS_S3_ENDPOINT_URL = values.Value( AWS_S3_ENDPOINT_URL = values.Value(
environ_name="AWS_S3_ENDPOINT_URL", environ_prefix=None environ_name="AWS_S3_ENDPOINT_URL", environ_prefix=None
) )
AWS_S3_ACCESS_KEY_ID = values.Value( AWS_S3_ACCESS_KEY_ID = SecretFileValue(
environ_name="AWS_S3_ACCESS_KEY_ID", environ_prefix=None environ_name="AWS_S3_ACCESS_KEY_ID", environ_prefix=None
) )
AWS_S3_SECRET_ACCESS_KEY = values.Value( AWS_S3_SECRET_ACCESS_KEY = SecretFileValue(
environ_name="AWS_S3_SECRET_ACCESS_KEY", environ_prefix=None environ_name="AWS_S3_SECRET_ACCESS_KEY", environ_prefix=None
) )
AWS_S3_REGION_NAME = values.Value( AWS_S3_REGION_NAME = values.Value(
@@ -393,7 +394,7 @@ class Base(Configuration):
EMAIL_BRAND_NAME = values.Value(None) EMAIL_BRAND_NAME = values.Value(None)
EMAIL_HOST = values.Value(None) EMAIL_HOST = values.Value(None)
EMAIL_HOST_USER = values.Value(None) EMAIL_HOST_USER = values.Value(None)
EMAIL_HOST_PASSWORD = values.Value(None) EMAIL_HOST_PASSWORD = SecretFileValue(None)
EMAIL_LOGO_IMG = values.Value(None) EMAIL_LOGO_IMG = values.Value(None)
EMAIL_PORT = values.PositiveIntegerValue(None) EMAIL_PORT = values.PositiveIntegerValue(None)
EMAIL_USE_TLS = values.BooleanValue(False) EMAIL_USE_TLS = values.BooleanValue(False)
@@ -416,7 +417,7 @@ class Base(Configuration):
COLLABORATION_API_URL = values.Value( COLLABORATION_API_URL = values.Value(
None, environ_name="COLLABORATION_API_URL", environ_prefix=None None, environ_name="COLLABORATION_API_URL", environ_prefix=None
) )
COLLABORATION_SERVER_SECRET = values.Value( COLLABORATION_SERVER_SECRET = SecretFileValue(
None, environ_name="COLLABORATION_SERVER_SECRET", environ_prefix=None None, environ_name="COLLABORATION_SERVER_SECRET", environ_prefix=None
) )
COLLABORATION_WS_URL = values.Value( COLLABORATION_WS_URL = values.Value(
@@ -491,7 +492,7 @@ class Base(Configuration):
OIDC_RP_CLIENT_ID = values.Value( OIDC_RP_CLIENT_ID = values.Value(
"impress", environ_name="OIDC_RP_CLIENT_ID", environ_prefix=None "impress", environ_name="OIDC_RP_CLIENT_ID", environ_prefix=None
) )
OIDC_RP_CLIENT_SECRET = values.Value( OIDC_RP_CLIENT_SECRET = SecretFileValue(
None, None,
environ_name="OIDC_RP_CLIENT_SECRET", environ_name="OIDC_RP_CLIENT_SECRET",
environ_prefix=None, environ_prefix=None,
@@ -606,7 +607,7 @@ class Base(Configuration):
AI_FEATURE_ENABLED = values.BooleanValue( AI_FEATURE_ENABLED = values.BooleanValue(
default=False, environ_name="AI_FEATURE_ENABLED", environ_prefix=None default=False, environ_name="AI_FEATURE_ENABLED", environ_prefix=None
) )
AI_API_KEY = values.Value(None, environ_name="AI_API_KEY", environ_prefix=None) AI_API_KEY = SecretFileValue(None, environ_name="AI_API_KEY", environ_prefix=None)
AI_BASE_URL = values.Value(None, environ_name="AI_BASE_URL", environ_prefix=None) AI_BASE_URL = values.Value(None, environ_name="AI_BASE_URL", environ_prefix=None)
AI_MODEL = values.Value(None, environ_name="AI_MODEL", environ_prefix=None) AI_MODEL = values.Value(None, environ_name="AI_MODEL", environ_prefix=None)
AI_ALLOW_REACH_FROM = values.Value( AI_ALLOW_REACH_FROM = values.Value(
@@ -627,7 +628,7 @@ class Base(Configuration):
} }
# Y provider microservice # Y provider microservice
Y_PROVIDER_API_KEY = values.Value( Y_PROVIDER_API_KEY = SecretFileValue(
environ_name="Y_PROVIDER_API_KEY", environ_name="Y_PROVIDER_API_KEY",
environ_prefix=None, environ_prefix=None,
) )