akiatoji/encrypted_flask_config.py

## encrypted_flask_config.py
def load_from_encrypted(app):
    tempname = str(uuid.uuid4())
    encrypted_file_name = "secrets-%s.cfg.encrypted" % tempname
    decrypted_file_name = "secrets-%s.cfg.decrypted" % tempname

    storage_client = storage.Client()
    bucket = storage_client.get_bucket('vault')
    blob = bucket.blob('secrets.cfg.encrypted')
    blob.download_to_filename(encrypted_file_name)

    client = kms_v1.KeyManagementServiceClient()
    key_name = client.crypto_key_path('app', 'global', 'keyring', 'secrets')

    try:
        with open(encrypted_file_name, 'rb') as content_file:
            cipher_text = content_file.read()
            decrypted = client.decrypt(key_name, cipher_text)
            with open(decrypted_file_name, 'w') as decrypted_file:
            	decrypted_file.write(\
 							decrypted.plaintext.decode("utf-8"))
        		app.config.from_pyfile(decrypted_file_name)

    finally:
        os.remove(encrypted_file_name)
        os.remove(decrypted_file_name)
	def load_from_encrypted(app):
	tempname = str(uuid.uuid4())
	encrypted_file_name = "secrets-%s.cfg.encrypted" % tempname
	decrypted_file_name = "secrets-%s.cfg.decrypted" % tempname

	storage_client = storage.Client()
	bucket = storage_client.get_bucket('vault')
	blob = bucket.blob('secrets.cfg.encrypted')
	blob.download_to_filename(encrypted_file_name)

	client = kms_v1.KeyManagementServiceClient()
	key_name = client.crypto_key_path('app', 'global', 'keyring', 'secrets')

	try:
	with open(encrypted_file_name, 'rb') as content_file:
	cipher_text = content_file.read()
	decrypted = client.decrypt(key_name, cipher_text)
	with open(decrypted_file_name, 'w') as decrypted_file:
	decrypted_file.write(\
	decrypted.plaintext.decode("utf-8"))
	app.config.from_pyfile(decrypted_file_name)

	finally:
	os.remove(encrypted_file_name)
	os.remove(decrypted_file_name)