search

datasette / datasette-secrets

Manage secrets such as API keys for use with other Datasette plugins
Apache License 2.0
6 stars 0 forks source link

Static configuration option #2

Closed simonw closed 7 months ago

simonw commented 7 months ago

The main goal of this plugin is to enable user-editable secrets stored encrypted in the database.

It's also designed to work as a dependency for other plugins that need access to stored secrets, such as datasette-enrichments-opencage.

As such, it would be useful for this plugin to optionally support reading secrets from static configuration. That way plugins that depend on this could outsource their configuration entirely to it, whether or not the user is storing their secrets in the database.

simonw commented 7 months ago

I am going to go for the simplest version of this at first: every named secret automatically gets a corresponding environment variable called something like:

DATASETTE_SECRETS_ANTHROPIC_API_KEY

If that is set, the secret is always read from that and the secret cannot be edited. It shows in the UI as coming from the environment.

simonw commented 7 months ago

The global nav menu item for managing secrets will not be displayed if every secret has already been configured via an environment variable.

simonw commented 7 months ago

Prototype looks like this:

CleanShot 2024-04-22 at 18 22 09@2x