GitLocker: The Coding Marketplace

Description:

djangoopfield 0.1.1

django-opfield

A custom Django field that integrates with the 1Password op CLI to securely access secrets via the op:// secret reference URI.
Requirements

Python 3.8, 3.9, 3.10, 3.11, 3.12
Django 4.2, 5.0
1Password CLI and a 1Password Service Account

Getting Started

Install the package from PyPI:
python -m pip install django-opfield

Install the 1Password op CLI tool, making sure it is callable from wherever your application is running.

Create a 1Password service account and make the service account's token available to your application.
Choose one option:

Set the OP_SERVICE_ACCOUNT_TOKEN environment variable

Configure in your application's settings.py:
# settings.py
DJANGO_OPFIELD = {
# Explicitly set here only as an example
# Use whatever configuration/environment library you prefer
# (`python-dotenv`, `django-environs`, `environs`, etc.)
"OP_SERVICE_ACCOUNT_TOKEN": "super-secret-token",
}

Usage
OPField allows Django models to securely access secrets stored in a 1Password vault, enabling the integration of sensitive data without exposing it directly in your codebase. Secrets are stored using the op:// URI scheme and can be retrieved dynamically using a corresponding model attribute, <field_name>_secret.
Defining a model
First, let's define a model that includes the OPField. This field will store the reference to the secret in 1Password, not the secret itself.
from django.db import models

from django_opfield.fields import OPField

class APIService(models.Model):
name = models.CharField(max_length=255)
api_key = OPField()

def __str__(self):
return self.name

Accessing the secret
Assume you have a secret API key stored in a 1Password vault named "my_vault" under the item "my_api" with the field "api_key". Here's how you can store and access this secret within your Django project:
>>> from example.models import APIService
>>> my_api = APIService.objects.create(
... name="My API", api_key="op://my_vault/my_api/api_key"
... )
>>> print(my_api)
<APIService: My API>
>>> print(my_api.name)
'My API'
>>> print(my_api.api_key)
'op://my_vault/my_api/api_key'
>>> # Retrieving the actual secret value is done using the automatically generated '_secret' attribute
>>> print(my_api.api_key_secret)
'your_super_secret_api_token_here'

Storing references, not secrets
Only the URI reference to the secret is ever stored and exposed in the Django admin interface and the database. The actual secret itself is never stored and is only retrieved dynamically when accessed. This approach enables secure management and access to secrets throughout your Django application, safeguarding against potential security vulnerabilities associated with direct exposure.
Documentation
Please refer to the documentation for more information.
License
django-opfield is licensed under the MIT license. See the LICENSE file for more information.