datasette-secrets 0.1a0__py3-none-any.whl → 0.1a2__py3-none-any.whl

datasette_secrets/__init__.py

@@ -13,7 +13,7 @@ MAX_NOTE_LENGTH = 100
 pm.add_hookspecs(hookspecs)
 
 
-async def get_secret(datasette, secret_name):
+async def get_secret(datasette, secret_name, actor_id=None):
     secrets_by_name = {secret.name: secret for secret in await get_secrets(datasette)}
     if secret_name not in secrets_by_name:
         return None
@@ -24,23 +24,40 @@ async def get_secret(datasette, secret_name):
     # Now look it up in the database
     config = get_config(datasette)
     db = get_database(datasette)
-    encrypted = (
+    db_secret = (
         await db.execute(
-            "select encrypted from datasette_secrets where name = ? order by version desc limit 1",
+            "select id, encrypted from datasette_secrets where name = ? order by version desc limit 1",
             (secret_name,),
         )
     ).first()
-    if not encrypted:
+    if not db_secret:
         return None
     key = Fernet(config["encryption_key"].encode("utf-8"))
-    decrypted = key.decrypt(encrypted["encrypted"])
+    decrypted = key.decrypt(db_secret["encrypted"])
+    # Update the last used timestamp and actor_id
+    params = (actor_id, db_secret["id"])
+    if not actor_id:
+        params = (db_secret["id"],)
+    await db.execute_write(
+        """
+        update datasette_secrets
+        set last_used_at = datetime('now'),
+            last_used_by = {}
+        where id = ?
+        """.format(
+            "?" if actor_id else "null"
+        ),
+        params,
+    )
     return decrypted.decode("utf-8")
 
 
 @dataclasses.dataclass
 class Secret:
     name: str
-    description_html: Optional[str] = None
+    description: Optional[str] = None
+    obtain_url: Optional[str] = None
+    obtain_label: Optional[str] = None
 
 
 SCHEMA = """
@@ -51,7 +68,6 @@ create table if not exists datasette_secrets (
     version integer not null default 1,
     encrypted blob,
     encryption_key_name text not null,
-    redacted text,
     created_at text,
     created_by text,
     updated_at text,
@@ -100,25 +116,20 @@ def register_permissions(datasette):
 
 async def get_secrets(datasette):
     secrets = []
+    seen = set()
     for result in pm.hook.register_secrets(datasette=datasette):
         result = await await_me_maybe(result)
-        secrets.extend(result)
+        for secret in result:
+            if secret.name in seen:
+                continue  # Skip duplicates
+            seen.add(secret.name)
+            secrets.append(secret)
     # if not secrets:
     secrets.append(Secret("EXAMPLE_SECRET", "An example secret"))
 
     return secrets
 
 
-@hookimpl
-def register_secrets():
-    return [
-        Secret(
-            "OPENAI_API_KEY",
-            'An OpenAI API key. Get them from <a href="https://platform.openai.com/api-keys">here</a>.',
-        ),
-    ]
-
-
 @hookimpl
 def register_commands(cli):
     @cli.group()
@@ -169,6 +180,16 @@ async def secrets_index(datasette, request):
         list(environment_secrets_names),
     )
     existing_secrets = {row["name"]: dict(row) for row in existing_secrets_result.rows}
+    # Try to turn updated_by into actors
+    actors = await datasette.actors_from_ids(
+        {row["updated_by"] for row in existing_secrets.values() if row["updated_by"]}
+    )
+    for secret in existing_secrets.values():
+        if secret["updated_by"]:
+            actor = actors.get(secret["updated_by"])
+            if actor:
+                display = actor.get("username") or actor.get("name") or actor.get("id")
+                secret["updated_by"] = display
     unset_secrets = [
         secret
         for secret in all_secrets

datasette_secrets/templates/secrets_index.html

@@ -25,7 +25,10 @@
 <ul>
   {% for secret in unset_secrets %}
     <li><strong><a href="{{ urls.path("/-/secrets/") }}{{ secret.name }}">{{ secret.name }}</a></strong>
-    {% if secret.description_html %} - {{ secret.description_html|safe }}{% endif %}</li>
+    {% if secret.description or secret.obtain_label %}
+      - {{ secret.description or "" }}{% if secret.description and secret.obtain_label %}, {% endif %}
+      {% if secret.obtain_label %}<a href="{{ secret.obtain_url }}">{{ secret.obtain_label }}</a>{% endif %}
+    {% endif %}</li>
   {% endfor %}
 </ul>
 {% endif %}
@@ -34,7 +37,7 @@
 <p style="margin-top: 2em">The following secret{% if environment_secrets|length == 1 %} is{% else %}s are{% endif %} set using environment variables:</p>
 <ul>
   {% for secret in environment_secrets %}
-    <li><strong>{{ secret.name }}</a></strong>- {{ secret.description_html|safe }}<br>
+    <li><strong>{{ secret.name }}</a></strong>{% if secret.description %} - {{ secret.description }}{% endif %}<br>
       <span style="font-size: 0.8 em">Set by <code>DATASETTE_SECRETS_{{ secret.name }}</code></span></li>
   {% endfor %}
 </ul>

datasette_secrets/templates/secrets_update.html

@@ -9,8 +9,10 @@
 {% block content %}
 <h1>{% if current_secret %}Update{% else %}Add{% endif %} secret: {{ secret_name }}</h1>
 
-{% if secret_details and secret_details.description_html %}
-  <p>{{ secret_details.description_html|safe }}</p>
+{% if secret_details.description or secret_details.obtain_label %}
+  <p>{{ secret_details.description or "" }}{% if secret_details.description and secret_details.obtain_label %}. {% endif %}
+  {% if secret_details.obtain_label %}<a href="{{ secret_details.obtain_url }}">{{ secret_details.obtain_label }}</a>{% endif %}
+  </p>
 {% endif %}
 
 {% if error %}

{datasette_secrets-0.1a0.dist-info → datasette_secrets-0.1a2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: datasette-secrets
-Version: 0.1a0
+Version: 0.1a2
 Summary: Manage secrets such as API keys for use with other Datasette plugins
 Author: Datasette
 License: Apache-2.0
@@ -105,6 +105,8 @@ datasette data.db --internal internal.db \
 
 users with the `manage-secrets` permission will see a new "Manage secrets" link in the Datasette navigation menu. This interface can also be accessed at `/-/secrets`.
 
+The page with the list of secrets will show the user who last updated each secret. This will use the [actors_from_ids()](https://docs.datasette.io/en/latest/plugin_hooks.html#actors-from-ids-datasette-actor-ids) mechanism, displaying the actor's `username` if available, otherwise the `name`, otherwise the `id`.
+
 ## For plugin authors
 
 Plugins can depend on this plugin if they want to implement secrets.
@@ -121,11 +123,24 @@ from datasette_secrets import Secret
 def register_secrets():
     return [
         Secret(
-            "OPENAI_API_KEY",
-            'An OpenAI API key. Get them from <a href="https://platform.openai.com/api-keys">here</a>.',
+            name="OPENAI_API_KEY",
+            description="An OpenAI API key"
+        ),
+    ]
+```
+You can also provide optional `obtain_url` and `obtain_label` fields to link to a page where a user can obtain an API key:
+```python
+@hookimpl
+def register_secrets():
+    return [
+        Secret(
+            name="OPENAI_API_KEY",
+            obtain_url="https://platform.openai.com/api-keys",
+            obtain_label="Get an OpenAI API key"
         ),
     ]
 ```
+
 The hook can take an optional `datasette` argument. It can return a list or an `async def` function that, when awaited, returns a list.
 
 The list should consist of `Secret()` instances, each with a name and an optional description. The description can contain HTML.
@@ -135,12 +150,14 @@ To obtain the current value of the secret, use the `await get_secret()` method:
 ```python
 from datasette_secrets import get_secret
 
-secret = await get_secret(datasette, "OPENAI_API_KEY")
+# Third argument is the actor_id, optional
+secret = await get_secret(datasette, "OPENAI_API_KEY", "root")
 ```
 If the Datasette administrator set a `DATASETTE_SECRETS_OPENAI_API_KEY` environment variable, that will be returned.
 
 Otherwise the encrypted value in the database table will be decrypted and returned - or `None` if there is no configured secret.
 
+The `last_used_at` column is updated every time a secret is accessed. The `last_used_by` column will be set to the actor ID passed to `get_secret()`, or `null` if no actor ID was passed.
 
 ## Development
 

datasette_secrets-0.1a2.dist-info/RECORD

@@ -0,0 +1,10 @@
+datasette_secrets/__init__.py,sha256=QFIh9c--SqVDhv-5WXfmI40-UqyyZrngdzYJ9t_hVE4,10409
+datasette_secrets/hookspecs.py,sha256=57v14e2Y4o5eZyAgCLpuzp1KZn7CjwLXeKwfq6Zvux8,205
+datasette_secrets/templates/secrets_index.html,sha256=ZgIy_huFZQfnI6GjO0qauWEkTWhkBCM5WrT73Nqq4BY,1737
+datasette_secrets/templates/secrets_update.html,sha256=qMPLVCuKKslqw_In0aSCVobB3maPw9oaYZDQQImdRIU,1678
+datasette_secrets-0.1a2.dist-info/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+datasette_secrets-0.1a2.dist-info/METADATA,sha256=h-UZ9xZYyvTXjwJBNntAqhPp90OY5Y-INqedW2iqLuU,7040
+datasette_secrets-0.1a2.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+datasette_secrets-0.1a2.dist-info/entry_points.txt,sha256=2083uWbPpGntxRulh8_hVaelQO-xdtjedG6rGzwPUH0,40
+datasette_secrets-0.1a2.dist-info/top_level.txt,sha256=ZBJKQk-DdDU9Vnwu4x79X9aaEulwGJMoLx62IZJPDaQ,18
+datasette_secrets-0.1a2.dist-info/RECORD,,

datasette_secrets-0.1a0.dist-info/RECORD

@@ -1,10 +0,0 @@
-datasette_secrets/__init__.py,sha256=0hepqbZLfwETYcTA6fU2raP3F1igb_Z5OaqwdjByCYY,9514
-datasette_secrets/hookspecs.py,sha256=57v14e2Y4o5eZyAgCLpuzp1KZn7CjwLXeKwfq6Zvux8,205
-datasette_secrets/templates/secrets_index.html,sha256=Zr8wmVngxzABB69hM052W8IOHgGIlJLM9KKnDxAYmQI,1510
-datasette_secrets/templates/secrets_update.html,sha256=SQs_TmrCw-eanePGiEnRiqH6OKy_G5iJJcEfg_z6RFg,1463
-datasette_secrets-0.1a0.dist-info/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-datasette_secrets-0.1a0.dist-info/METADATA,sha256=s_AUhTHJOv70M7vKmu-FzEy37FA5DwNpFW76Y7vs0rA,6179
-datasette_secrets-0.1a0.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-datasette_secrets-0.1a0.dist-info/entry_points.txt,sha256=2083uWbPpGntxRulh8_hVaelQO-xdtjedG6rGzwPUH0,40
-datasette_secrets-0.1a0.dist-info/top_level.txt,sha256=ZBJKQk-DdDU9Vnwu4x79X9aaEulwGJMoLx62IZJPDaQ,18
-datasette_secrets-0.1a0.dist-info/RECORD,,