Secrets: Enable separate secrets settings file

Enable a separate secrets settings file to be provided where necessary. The secrets settings file will hold security-critical configuration values that should not be exposed in the repository.
author: Frederick Muriuki Muriithi 2023-11-13 07:28:39 +0300
committer: Frederick Muriuki Muriithi 2023-11-13 07:28:39 +0300
commit: 839ce6560089bd25b483a2588703a813f92160af (patch)
tree: 5aeba627b523684ad58165df85c9d6bcedd8dc99
parent: 55ba3554d10a61ab038e4ab3c85ec2e1684503fc (diff)
download: genenetwork2-839ce6560089bd25b483a2588703a813f92160af.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/wqflask/wqflask/__init__.py b/wqflask/wqflask/__init__.py
index 0313e24e..6de02bfc 100644
--- a/wqflask/wqflask/__init__.py
+++ b/wqflask/wqflask/__init__.py
@@ -1,5 +1,6 @@
 """Entry point for flask app"""
 # pylint: disable=C0413,E0611
+import os
 import time
 import datetime
 from typing import Tuple
@@ -63,6 +64,12 @@ app.jinja_env.globals.update(
 
 app.config["SESSION_REDIS"] = redis.from_url(app.config["REDIS_URL"])
 
+## BEGIN: SECRETS -- Should be the last of the settings to load
+secrets_file = os.environ.get("GN2_SECRETS")
+if secrets_file and Path(secrets_file).exists():
+    app.config.from_envvar("GN2_SECRETS")
+## END: SECRETS
+
 
 # Registering blueprints
 app.register_blueprint(glossary_blueprint, url_prefix="/glossary")
author	Frederick Muriuki Muriithi	2023-11-13 07:28:39 +0300
committer	Frederick Muriuki Muriithi	2023-11-13 07:28:39 +0300
commit	839ce6560089bd25b483a2588703a813f92160af (patch)
tree	5aeba627b523684ad58165df85c9d6bcedd8dc99
parent	55ba3554d10a61ab038e4ab3c85ec2e1684503fc (diff)
download	genenetwork2-839ce6560089bd25b483a2588703a813f92160af.tar.gz