Open sergioisidoro opened 1 year ago
Thanks for starting this discussion. Is there some kind of standardized approach that we can fall back on? Perhaps some well-known library we could use? While your utility looks good and makes sense, it would be nice if there was a standardized approach used elsewhere in the ecosystem that we could lean on.
Oh, thanks for pointing me in this direction. After re-searching for available solutions, it seems that Django envion now supports Docker style secrets since I made my little wrapper:
Would you be open to use Django environ. It's a bit opinionated tho, and might require a bit larger refactoring, but it's a good tool
I recently discovered that passing secrets to Docker containers is discouraged, and that is the reason Docker does not support out of the shelf mounting secrets into env variables:
(https://snyk.io/blog/keeping-docker-secrets-secure/)
I've been using a utility I made for a while in my Django projects to easily get Docker secrets with fallback to Env environment, and even supporting custom environ objects:
https://gist.github.com/sergioisidoro/7972229bb5826c25f12e7a406f11e7cd
I'm wondering if you would be willing to accept a PR which uses this wrapper for most sensitive stuff (Django secret key, DB password, etc)