pure python implimentation of the bw secrets api

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ripplefcl from gravatar.com ripplefcl

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: rippleFCL
  • Requires: Python >=3.13
Classifiers
Report project as malware

Project description

BWS SDK (Bitwarden Secrets SDK)

A pure Python implementation of the Bitwarden Secrets Manager API, allowing secure access to and management of Bitwarden secrets.

License: MIT Python Versions

Overview

BWS SDK provides a simple, Pythonic interface to interact with the Bitwarden Secrets Manager. It handles authentication, decryption, and secure communication with the Bitwarden API, allowing you to easily integrate Bitwarden Secrets into your Python applications.

Features

  • Secure authentication with Bitwarden Secrets Manager
  • Automatic decryption of secrets (encryption not yet supported)
  • Optional state persistence for improved performance
  • Support for different Bitwarden regions
  • Synchronization capabilities for efficient secret updates
  • Comprehensive error handling

Installation

# Using pip
pip install bws-sdk

# Using poetry
poetry add bws-sdk

Quick Start

from bws_sdk import BWSSecretClient, Reigon
from datetime import datetime

# Define the Bitwarden region
region = Reigon(
    api_url="https://api.bitwarden.com",
    identity_url="https://identity.bitwarden.com"
)

# Create a client instance with your access token
# Optionally provide a state file path for token persistence
client = BWSSecretClient(
    region=region,
    access_token="your-access-token",
    state_file="./path/to/state.file"  # Optional
)

# Retrieve a secret by ID
secret = client.get_by_id("your-secret-id")
print(f"Secret key: {secret.key}")
print(f"Secret value: {secret.value}")

# Sync secrets updated since a specific time
last_sync_date = datetime.fromisoformat("2025-01-01T00:00:00")
updated_secrets = client.sync(last_sync_date)
for secret in updated_secrets:
    print(f"Updated secret: {secret.key}")

API Reference

BWSSecretClient

The main client class for interacting with the Bitwarden Secrets Manager API.

Constructor

BWSSecretClient(region: Reigon, access_token: str, state_file: str | None = None)
  • region: A Reigon object specifying the API endpoints
  • access_token: Your Bitwarden access token
  • state_file: Optional path to a file for persisting authentication state

Methods

  • get_by_id(secret_id: str) -> BitwardenSecret: Retrieves a secret by its ID
  • sync(last_synced_date: datetime) -> list[BitwardenSecret]: Retrieves secrets updated since the specified date

Note: The SDK currently only supports decryption of secrets. Methods for creating and encrypting new secrets are planned for future releases.

Reigon

A class representing a Bitwarden region configuration.

Reigon(api_url: str, identity_url: str)
  • api_url: The base URL for the region's API endpoint
  • identity_url: The URL for the region's identity service

Error Types

  • UnauthorisedError: Raised when authentication fails
  • InvalidTokenError: Raised when the provided token is invalid
  • SecretParseError: Raised when a secret cannot be parsed or decrypted
  • HmacError: Raised when MAC verification fails during decryption

Examples

Using Environment Variables for Secrets

import os
from bws_sdk import BWSSecretClient, Reigon

# Get access token from environment variable
access_token = os.environ.get("BITWARDEN_ACCESS_TOKEN")

# Define the region
region = Reigon(
    api_url="https://api.bitwarden.com",
    identity_url="https://identity.bitwarden.com"
)

# Create the client
client = BWSSecretClient(region, access_token)

# Retrieve a secret
secret = client.get_by_id(os.environ.get("SECRET_ID"))
print(f"Retrieved secret: {secret.key}")

Error Handling

from bws_sdk import BWSSecretClient, Reigon, UnauthorisedError, SecretParseError

region = Reigon(
    api_url="https://api.bitwarden.com",
    identity_url="https://identity.bitwarden.com"
)

try:
    client = BWSSecretClient(region, "your-access-token")
    secret = client.get_by_id("your-secret-id")
    print(f"Secret retrieved: {secret.key}")
except UnauthorisedError:
    print("Authentication failed. Please check your access token.")
except SecretParseError:
    print("Failed to parse or decrypt the secret.")
except Exception as e:
    print(f"An unexpected error occurred: {str(e)}")

License

This project is licensed under the MIT License - see the LICENSE file for details.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Contact

References

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ripplefcl from gravatar.com ripplefcl

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: rippleFCL
  • Requires: Python >=3.13
Classifiers

Release history Release notifications | RSS feed

2.0.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.0

0.1.4

0.1.3

0.1.2

0.1.1

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bws_sdk-0.1.0.tar.gz (7.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

bws_sdk-0.1.0-py3-none-any.whl (9.3 kB view details)

Uploaded Python 3

File details

Details for the file bws_sdk-0.1.0.tar.gz.

File metadata

  • Download URL: bws_sdk-0.1.0.tar.gz
  • Upload date:
  • Size: 7.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for bws_sdk-0.1.0.tar.gz
Algorithm Hash digest
SHA256 7b1991a351706141cd3aebb47779328930fecf07aea94e32c9ce1e9ed66353ca
MD5 212ee2c2d8fde536a113871abd3a4841
BLAKE2b-256 780ffeae7c63ed86a1d00f3cd9806b9f87da9cfb8e8fdf0a23da63a05bbde375

See more details on using hashes here.

Provenance

The following attestation bundles were made for bws_sdk-0.1.0.tar.gz:

Publisher: publish.yml on Overengineers-Anonymous/bws-sdk

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file bws_sdk-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: bws_sdk-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 9.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for bws_sdk-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 6571ec15818738d93a0326257cf7fb0474f34b3a9bc89a2d429d21cea1d5befe
MD5 ae9349c4d1f575c6642aaf6df8214a95
BLAKE2b-256 8eb237f820f044a2090a878f52cf4312b9e9dba7cfc0190a9c6b6aa76b455d5d

See more details on using hashes here.

Provenance

The following attestation bundles were made for bws_sdk-0.1.0-py3-none-any.whl:

Publisher: publish.yml on Overengineers-Anonymous/bws-sdk

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page