StaticSecrets¶
- pydantic model phalanx.models.secrets.StaticSecrets¶
Model for the YAML file containing static secrets.
This doubles as the model used to pass static secrets around internally, in which case the description fields of the
StaticSecret
members are ignored.- Parameters:
data (
Any
)
Show JSON schema
{ "title": "StaticSecrets", "description": "Model for the YAML file containing static secrets.\n\nThis doubles as the model used to pass static secrets around internally,\nin which case the description fields of the `StaticSecret` members are\nignored.", "type": "object", "properties": { "applications": { "additionalProperties": { "additionalProperties": { "$ref": "#/$defs/StaticSecret" }, "type": "object" }, "default": {}, "description": "Mapping of application to secret key to that static secret", "title": "Secrets by application and key", "type": "object" }, "pull-secret": { "anyOf": [ { "$ref": "#/$defs/PullSecret" }, { "type": "null" } ], "default": null, "description": "Pull secret for this environment, if any is needed", "title": "Pull secret" }, "vault-write-token": { "anyOf": [ { "format": "password", "type": "string", "writeOnly": true }, { "type": "null" } ], "default": null, "description": "Vault write token for this environment", "title": "Vault write token" } }, "$defs": { "PullSecret": { "additionalProperties": false, "description": "Specification for a Docker pull secret.", "properties": { "description": { "default": "Pull secrets for Docker registries. Each key under registries is the name of a Docker registry that needs a pull secret. The value should have two keys, username and password, that provide the HTTP Basic Auth credentials for that registry.", "description": "Description of the pull secret for humans reading the YAML file", "title": "Description of pull secret", "type": "string" }, "registries": { "additionalProperties": { "$ref": "#/$defs/RegistryPullSecret" }, "default": {}, "description": "Pull secrets for each registry that needs one", "title": "Pull secret by registry", "type": "object" } }, "title": "PullSecret", "type": "object" }, "RegistryPullSecret": { "additionalProperties": false, "description": "Pull secret for a specific Docker Repository.", "properties": { "username": { "description": "HTTP Basic Auth username", "title": "Username", "type": "string" }, "password": { "description": "HTTP Basic Auth password", "format": "password", "title": "Password", "type": "string", "writeOnly": true } }, "required": [ "username", "password" ], "title": "RegistryPullSecret", "type": "object" }, "StaticSecret": { "additionalProperties": false, "description": "Value of a static secret provided in a YAML file.", "properties": { "description": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "Intended for human writers and ignored by tools", "title": "Description of secret" }, "warning": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "Any warnings humans need to know about when filling out this secret", "title": "Warning for humans" }, "value": { "anyOf": [ { "format": "password", "type": "string", "writeOnly": true }, { "type": "null" } ], "default": null, "description": "Value of the secret, or `None` if it's not known", "title": "Value of secret" } }, "title": "StaticSecret", "type": "object" } }, "additionalProperties": false }
- Config:
populate_by_name: bool = True
extra: str = forbid
- Fields:
- field applications: dict[str, dict[str, StaticSecret]] = {}¶
Mapping of application to secret key to that static secret
- field pull_secret: PullSecret | None = None (alias 'pull-secret')¶
Pull secret for this environment, if any is needed
- field vault_write_token: SecretStr | None = None (alias 'vault-write-token')¶
Vault write token for this environment
- for_application(application)¶
Return any known secrets for an application.
- Parameters:
application (
str
) – Name of the application.- Returns:
Mapping of secret keys to
StaticSecret
objects. If the application has no static secrets, returns an empty dictionary.- Return type:
dict of StaticSecret
- classmethod from_path(path)¶
Load static secrets from a file on disk.
- Parameters:
path (
Path
) – Path to the file.- Returns:
Parsed static secrets.
- Return type:
- to_template()¶
Export the model in a suitable form for the template.
The static secrets template should always include the
value
field even though it will beNone
, should not includewarning
if it is unset, and should always include thePullSecret
fields even though they are defaults. The parameters tomodel_dict
aren’t up to specifying this, hence this custom serializer.- Returns:
Dictionary suitable for dumping as YAML to make a template.
- Return type: