5👍
You can have multiple options to load the these configuration without altering the code.
- AWS secret manager
- Dot env file from s3
- Environment variable
Secrets-manager
AWS Secrets Manager helps you protect secrets needed to access your
applications, services, and IT resources. The service enables you to
easily rotate, manage, and retrieve database credentials, API keys,
and other secrets throughout their lifecycle
Using AWS secret Manager you can change/update DB Host or your secret without changing the code. for example
secret_name = "db_password"
region_name = "us-west-2"
# Create a Secrets Manager client
session = boto3.session.Session()
client = session.client(
service_name='secretsmanager',
region_name=region_name
)
get_secret_value_response = client.get_secret_value(SecretId=secret_name)
db_password = get_secret_value_response
Dot ENV with s3
Dot ENV is Reads the key-value pair from .env file and adds them to environment variable. It is great for managing app settings during development and in production using 12-factor principles.
Create Dot ENV file with all your secret and place the file on s3, before starting application pull the file from s3 and start application.
import os
SECRET_KEY = os.getenv("EMAIL")
db_password = os.getenv("db_password")
Another option can be just using System environment variable.
db_password=os.getenv('db_password', default_pass)