A Python secrets system using Google Firestore. Removes the need for configs that expose sensitive data or even environment variables.

firestore_secrets.py

from google.cloud import firestore
# Imports go here.

db = firestore.Client()
# Defines the Firestore client.


class SecretsManager:
    """Handles secrets from the Firestore DB."""
    def __getitem__(self, key):
        doc = db.collection("secrets").document(key).get()

        if not doc.exists:
            raise KeyError(key)

        return doc.to_dict()['result']

    def __setitem__(self, key, item):
        db.collection("secrets").document(key).set({
            "result": item
        })

secrets = SecretsManager()
# The initialised secrets manager.

# ================== USAGE EXAMPLES ===================
# Getting from the DB: item_name = secrets['ITEM_NAME']
#  Setting in the DB: secrets['ITEM_NAME'] = item_name
# =====================================================