From 18042a8ff5b81b43464246132ec96b4edf2c98e1 Mon Sep 17 00:00:00 2001
From: Florian <flo@meergans.org>
Date: Wed, 5 Nov 2025 22:39:35 +0100
Subject: [PATCH] Added lib-secret-manager which consumes secrets after
 application launch

---
 requirements.txt         |  1 +
 src/db.py                |  2 +-
 src/feed_handler.py      |  1 -
 src/main.py              |  8 ++++++++
 src/secret_handler.py    | 14 --------------
 src/send_notification.py |  2 +-
 6 files changed, 11 insertions(+), 17 deletions(-)
 delete mode 100644 src/secret_handler.py

diff --git a/requirements.txt b/requirements.txt
index c8255fc..da6a3fc 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -7,6 +7,7 @@ fastapi==0.118.2
 feedparser==6.0.12
 h11==0.16.0
 idna==3.10
+lib-secret-manager @ git+https://git.gansejunge.com/notifier/lib-secret-manager.git@main
 lib-uvicorn-config @ git+https://git.gansejunge.com/notifier/lib-uvicorn-config.git@main
 mysql-connector-python==9.4.0
 prometheus_client==0.23.1
diff --git a/src/db.py b/src/db.py
index 75d7e21..983c85b 100644
--- a/src/db.py
+++ b/src/db.py
@@ -1,6 +1,6 @@
 from mysql.connector import pooling, Error
 import threading
-from secret_handler import return_credentials
+from secret_manager import return_credentials
 import os
 import time
 from simple_logger_handler import setup_logger
diff --git a/src/feed_handler.py b/src/feed_handler.py
index c33a45f..3b60c1b 100644
--- a/src/feed_handler.py
+++ b/src/feed_handler.py
@@ -1,5 +1,4 @@
 import feedparser
-import re
 from simple_logger_handler import setup_logger
 import time
 from urllib.error import URLError
diff --git a/src/main.py b/src/main.py
index 665e75c..a026578 100644
--- a/src/main.py
+++ b/src/main.py
@@ -8,6 +8,7 @@ from send_notification import send_notification
 from metrics_server import REQUEST_COUNTER
 import asyncio
 from uvicorn_logger_config import LOGGING_CONFIG
+from secret_manager import cleanup_secret_files
 
 logger = setup_logger(__name__)
 
@@ -22,6 +23,13 @@ async def lifespan(app: FastAPI):
 	start_healthcheck_thread()
 	logger.info("[DB] MySQL healthcheck thread started.")
 
+	SECRET_PATHS = frozenset({
+		"/etc/secrets/api_key",
+		"/etc/secrets/db_username",
+		"/etc/secrets/db_password"
+	})
+	cleanup_secret_files(SECRET_PATHS)
+
 	yield
 	logger.info("[App] Closing MySQL connection pool...")
 	close_connection_pool()
diff --git a/src/secret_handler.py b/src/secret_handler.py
deleted file mode 100644
index 696f176..0000000
--- a/src/secret_handler.py
+++ /dev/null
@@ -1,14 +0,0 @@
-from simple_logger_handler import setup_logger
-
-logger = setup_logger(__name__)
-
-def return_credentials(path: str)->str:
-	try:
-		with open (path) as file:
-			return file.read().strip()
-	except FileNotFoundError:
-		logger.fatal(f"[FATAL] Secret file not found: {path}")
-		raise
-	except Exception as e:
-		logger.fatal(f"[FATAL] Failed to read secret file {path}: {e}")
-		raise
diff --git a/src/send_notification.py b/src/send_notification.py
index 9a7427a..0cc2eba 100644
--- a/src/send_notification.py
+++ b/src/send_notification.py
@@ -1,7 +1,7 @@
 import requests
 from requests.exceptions import RequestException, Timeout, ConnectionError, HTTPError
 from fastapi import HTTPException
-from secret_handler import return_credentials
+from secret_manager import return_credentials
 import os
 import time
 from simple_logger_handler import setup_logger