From 839ce6560089bd25b483a2588703a813f92160af Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Mon, 13 Nov 2023 07:28:39 +0300
Subject: Secrets: Enable separate secrets settings file

Enable a separate secrets settings file to be provided where
necessary. The secrets settings file will hold security-critical
configuration values that should not be exposed in the repository.
---
 wqflask/wqflask/__init__.py | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'wqflask')

diff --git a/wqflask/wqflask/__init__.py b/wqflask/wqflask/__init__.py
index 0313e24e..6de02bfc 100644
--- a/wqflask/wqflask/__init__.py
+++ b/wqflask/wqflask/__init__.py
@@ -1,5 +1,6 @@
 """Entry point for flask app"""
 # pylint: disable=C0413,E0611
+import os
 import time
 import datetime
 from typing import Tuple
@@ -63,6 +64,12 @@ app.jinja_env.globals.update(
 
 app.config["SESSION_REDIS"] = redis.from_url(app.config["REDIS_URL"])
 
+## BEGIN: SECRETS -- Should be the last of the settings to load
+secrets_file = os.environ.get("GN2_SECRETS")
+if secrets_file and Path(secrets_file).exists():
+    app.config.from_envvar("GN2_SECRETS")
+## END: SECRETS
+
 
 # Registering blueprints
 app.register_blueprint(glossary_blueprint, url_prefix="/glossary")
-- 
cgit 1.4.1