Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update README #9

Merged
merged 5 commits into from
May 13, 2024
Merged

update README #9

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
22e38f0
update README
joshuadavidthomas May 13, 2024
e341c9c
get rid of extra >>>
joshuadavidthomas May 13, 2024
a96a98f
add note about storage
joshuadavidthomas May 13, 2024
f226f06
add new heading
joshuadavidthomas May 13, 2024
796c742
slight tweak
joshuadavidthomas May 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 48 additions & 7 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,13 @@
<!-- django-4.2 | 5.0-#44B78B -->
<!-- labelColor=%23092E20 -->

A custom Django field that integrates with the 1Password `op` CLI to securely access secrets via the [`op://` secret reference URI](https://developer.1password.com/docs/cli/secret-references/).

## Requirements

- Python 3.8, 3.9, 3.10, 3.11, 3.12
- Django 4.2, 5.0
- [1Password CLI](https://developer.1password.com/docs/cli) and a [1Password Service Account](https://developer.1password.com/docs/service-accounts/)

## Getting Started

Expand All @@ -20,17 +23,55 @@
python -m pip install django-opfield
```

2. Add the app to your Django project's `INSTALLED_APPS`:
2. Install the [1Password `op` CLI tool](https://developer.1password.com/docs/cli/get-started).

3. Create a [1Password service account](https://developer.1password.com/docs/service-accounts/get-started).

## Usage

`OPField` allows Django models to securely access secrets stored in a 1Password vault, enabling the integration of sensitive data without exposing it directly in your codebase. Secrets are stored using the `op://` URI scheme and can be retrieved dynamically using a corresponding model attribute, `<field_name>_secret`.

### Defining a model

First, let's define a model that includes the `OPField`. This field will store the reference to the secret in 1Password, not the secret itself.

```python
INSTALLED_APPS = [
...,
"django_opfield",
...,
]
from django.db import models

from django_opfield.fields import OPField


class APIService(models.Model):
name = models.CharField(max_length=255)
api_key = OPField()

def __str__(self):
return self.name
```

## Usage
### Accessing the secret

Assume you have a secret API key stored in a 1Password vault named "my_vault" under the item "my_api" with the field "api_key". Here's how you can store and access this secret within your Django project:

```pycon
>>> from example.models import APIService
>>> my_api = APIService.objects.create(
... name="My API", api_key="op://my_vault/my_api/api_key"
... )
>>> print(my_api)
<APIService: My API>
>>> print(my_api.name)
'My API'
>>> print(my_api.api_key)
'op://my_vault/my_api/api_key'
>>> # Retrieving the actual secret value is done using the automatically generated '_secret' attribute
>>> print(my_api.api_key_secret)
'your_super_secret_api_token_here'
```

### Storing references, not secrets

Only the URI reference to the secret is ever stored and exposed in the Django admin interface and the database. The actual secret itself is never stored and is only retrieved dynamically when accessed. This approach enables secure management and access to secrets throughout your Django application, safeguarding against potential security vulnerabilities associated with direct exposure.

## Documentation

Expand Down