Added lib-secret-manager which consumes secrets after application launch

2025-11-05 22:39:35 +01:00 · 2025-11-05 22:39:35 +01:00 · 18042a8ff5
commit 18042a8ff5
parent d7c820e8fb
6 changed files with 11 additions and 17 deletions
--- a/requirements.txt
+++ b/requirements.txt
@ -7,6 +7,7 @@ fastapi==0.118.2
 feedparser==6.0.12
 h11==0.16.0
 idna==3.10
+lib-secret-manager @ git+https://git.gansejunge.com/notifier/lib-secret-manager.git@main
 lib-uvicorn-config @ git+https://git.gansejunge.com/notifier/lib-uvicorn-config.git@main
 mysql-connector-python==9.4.0
 prometheus_client==0.23.1
--- a/src/db.py
+++ b/src/db.py
@ -1,6 +1,6 @@
 from mysql.connector import pooling, Error
 import threading
-from secret_handler import return_credentials
+from secret_manager import return_credentials
 import os
 import time
 from simple_logger_handler import setup_logger
--- a/src/feed_handler.py
+++ b/src/feed_handler.py
@ -1,5 +1,4 @@
 import feedparser
-import re
 from simple_logger_handler import setup_logger
 import time
 from urllib.error import URLError
--- a/src/main.py
+++ b/src/main.py
@ -8,6 +8,7 @@ from send_notification import send_notification
 from metrics_server import REQUEST_COUNTER
 import asyncio
 from uvicorn_logger_config import LOGGING_CONFIG
+from secret_manager import cleanup_secret_files

 logger = setup_logger(__name__)

@ -22,6 +23,13 @@ async def lifespan(app: FastAPI):
 	start_healthcheck_thread()
 	logger.info("[DB] MySQL healthcheck thread started.")

+	SECRET_PATHS = frozenset({
+		"/etc/secrets/api_key",
+		"/etc/secrets/db_username",
+		"/etc/secrets/db_password"
+	})
+	cleanup_secret_files(SECRET_PATHS)
+
 	yield
 	logger.info("[App] Closing MySQL connection pool...")
 	close_connection_pool()
--- a/src/secret_handler.py
+++ b/src/secret_handler.py
@ -1,14 +0,0 @@
-from simple_logger_handler import setup_logger
-
-logger = setup_logger(__name__)
-
-def return_credentials(path: str)->str:
-	try:
-		with open (path) as file:
-			return file.read().strip()
-	except FileNotFoundError:
-		logger.fatal(f"[FATAL] Secret file not found: {path}")
-		raise
-	except Exception as e:
-		logger.fatal(f"[FATAL] Failed to read secret file {path}: {e}")
-		raise
--- a/src/send_notification.py
+++ b/src/send_notification.py
@ -1,7 +1,7 @@
 import requests
 from requests.exceptions import RequestException, Timeout, ConnectionError, HTTPError
 from fastapi import HTTPException
-from secret_handler import return_credentials
+from secret_manager import return_credentials
 import os
 import time
 from simple_logger_handler import setup_logger