Welcome to the “Config Sesame” manual!

logo A tool to look up secrets from a vault based on existing shareable configuration.


The config-sesame command line tool can be used as part of a continuous deployment pipeline to provide applications with runtime secrets. For this purpose, it scans already assembled application configuration (application.yml) for references to secrets stored in a “vault”, and writes resolved secrets to an additional file (secrets.yml). See Using Config Sesame for more.

Read Overview of Config Sesame to get to know the ideas behind the design of the tool.


Config Sesame can be installed from PyPI via pip install config-sesame as usual, see releases on GitHub for an overview of available versions – the project uses semantic versioning and follows PEP 440 conventions.

To get a bleeding-edge version from source, use these commands:

pip install -r "https://raw.githubusercontent.com/$repo/master/requirements.txt"
pip install -U -e "git+https://github.com/$repo.git#egg=${repo#*/}"

See Installing Config Sesame for detailed setup and configuration instructions.

To add bash completion, read the Click docs about it, or just follow these instructions:

mkdir -p ~/.bash_completion.d
( export _$(tr a-z- A-Z_ <<<"$cmdname")_COMPLETE=source ; \
  $cmdname >~/.bash_completion.d/$cmdname.sh )
grep /.bash_completion.d/$cmdname.sh ~/.bash_completion >/dev/null \
    || echo >>~/.bash_completion ". ~/.bash_completion.d/$cmdname.sh"
. "/etc/bash_completion"


To create a working directory for this project, call these commands:

git clone "https://github.com/1and1/config-sesame.git"
cd "config-sesame"
. .env --yes --develop
invoke build --docs test check

Contributing to this project is easy, and reporting an issue or adding to the documentation also improves things for every user. You don’t need to be a developer to contribute. See Contribution Guidelines for more.

Indices and Tables