StaticSecrets#

pydantic model phalanx.models.secrets.StaticSecrets#

Model for the YAML file containing static secrets.

This doubles as the model used to pass static secrets around internally, in which case the description fields of the StaticSecret members are ignored.

Parameters:

data (Any) –

Show JSON schema
{
   "title": "StaticSecrets",
   "description": "Model for the YAML file containing static secrets.\n\nThis doubles as the model used to pass static secrets around internally,\nin which case the description fields of the `StaticSecret` members are\nignored.",
   "type": "object",
   "properties": {
      "applications": {
         "additionalProperties": {
            "additionalProperties": {
               "$ref": "#/$defs/StaticSecret"
            },
            "type": "object"
         },
         "default": {},
         "description": "Mapping of application to secret key to that static secret",
         "title": "Secrets by application and key",
         "type": "object"
      },
      "pull-secret": {
         "anyOf": [
            {
               "$ref": "#/$defs/PullSecret"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "Pull secret for this environment, if any is needed",
         "title": "Pull secret"
      }
   },
   "$defs": {
      "PullSecret": {
         "additionalProperties": false,
         "description": "Specification for a Docker pull secret.",
         "properties": {
            "description": {
               "default": "Pull secrets for Docker registries. Each key under registries is the name of a Docker registry that needs a pull secret. The value should have two keys, username and password, that provide the HTTP Basic Auth credentials for that registry.",
               "description": "Description of the pull secret for humans reading the YAML file",
               "title": "Description of pull secret",
               "type": "string"
            },
            "registries": {
               "additionalProperties": {
                  "$ref": "#/$defs/RegistryPullSecret"
               },
               "default": {},
               "description": "Pull secrets for each registry that needs one",
               "title": "Pull secret by registry",
               "type": "object"
            }
         },
         "title": "PullSecret",
         "type": "object"
      },
      "RegistryPullSecret": {
         "additionalProperties": false,
         "description": "Pull secret for a specific Docker Repository.",
         "properties": {
            "username": {
               "description": "HTTP Basic Auth username",
               "title": "Username",
               "type": "string"
            },
            "password": {
               "description": "HTTP Basic Auth password",
               "format": "password",
               "title": "Password",
               "type": "string",
               "writeOnly": true
            }
         },
         "required": [
            "username",
            "password"
         ],
         "title": "RegistryPullSecret",
         "type": "object"
      },
      "StaticSecret": {
         "additionalProperties": false,
         "description": "Value of a static secret provided in a YAML file.",
         "properties": {
            "description": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Intended for human writers and ignored by tools",
               "title": "Description of secret"
            },
            "value": {
               "anyOf": [
                  {
                     "format": "password",
                     "type": "string",
                     "writeOnly": true
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Value of the secret, or `None` if it's not known",
               "title": "Value of secret"
            }
         },
         "title": "StaticSecret",
         "type": "object"
      }
   },
   "additionalProperties": false
}

Config:
  • populate_by_name: bool = True

  • extra: str = forbid

Fields:
field applications: dict[str, dict[str, StaticSecret]] = {}#

Mapping of application to secret key to that static secret

field pull_secret: PullSecret | None = None (alias 'pull-secret')#

Pull secret for this environment, if any is needed

for_application(application)#

Return any known secrets for an application.

Parameters:

application (str) – Name of the application.

Returns:

Mapping of secret keys to StaticSecret objects. If the application has no static secrets, returns an empty dictionary.

Return type:

dict of StaticSecret

classmethod from_path(path)#

Load static secrets from a file on disk.

Parameters:

path (Path) – Path to the file.

Returns:

Parsed static secrets.

Return type:

StaticSecrets