CubeSDK: Secure secret management client
Project description
CubeSDK
Python SDK for Cube secret management with built-in caching, environment switching, and automatic error handling.
Features
- 🔐 Secure Secret Management - Retrieve secrets from Cube with service token authentication
- ⚡ Built-in Caching - TTL-based caching to reduce API calls and improve performance
- 🌍 Environment Support - Switch between environments (development, staging, production) seamlessly
- 🔄 Auto-refresh - Automatic cache invalidation and refresh capabilities
- 🛡️ Error Handling - Comprehensive exception handling for authentication, authorization, and API errors
- 📦 Simple API - Clean and intuitive interface for secret management
Installation
Install CubeSDK using pip:
pip install cubesdk
Quick Start
from cubesdk import CubeSDK
# Initialize client with a service token and default environment
client = CubeSDK(
service_token="st_prod_xxx",
default_env="production",
cache_ttl=120, # Cache secrets for 2 minutes
)
# Get a single secret
db_password = client.get_secret("DB_PASSWORD")
# Get all secrets
secrets = client.get_secrets()
# Switch environment
client.switch_env("staging")
api_key = client.get_secret("API_KEY")
# Force refresh cache
client.refresh()
Configuration
The CubeSDK client accepts the following parameters:
service_token(str, required): Your Cube service token for authenticationapi_version(str, optional): API version to use (defaults to environment variable or configured value)default_env(str, optional): Default environment name (default:"development")base_url(str, optional): Base URL for the Cube API (defaults to environment variable or configured value)timeout(int, optional): Request timeout in seconds (default:5)cache_ttl(int, optional): Cache time-to-live in seconds (default:60)
API Reference
get_secret(key: str) -> str
Retrieve a single secret by key. The secret is cached based on the current environment and cache TTL.
password = client.get_secret("DB_PASSWORD")
get_secrets() -> Dict[str, str]
Retrieve all secrets for the current environment. All secrets are cached automatically.
all_secrets = client.get_secrets()
# Returns: {"DB_PASSWORD": "secret123", "API_KEY": "key456", ...}
switch_env(environment: str)
Switch to a different environment. This clears the cache to ensure fresh secrets are fetched.
client.switch_env("staging")
refresh()
Force refresh all cached secrets by clearing the cache.
client.refresh()
Error Handling
The SDK provides specific exception types for different error scenarios:
from cubesdk import CubeSDK
from app.exceptions import (
AuthenticationError,
AuthorizationError,
SecretNotFoundError,
APIError,
)
try:
secret = client.get_secret("MY_SECRET")
except AuthenticationError:
print("Invalid or expired service token")
except AuthorizationError:
print("Access denied for this environment")
except SecretNotFoundError:
print("Secret not found in the current environment")
except APIError as e:
print(f"API error: {e}")
Examples
Basic Usage
from cubesdk import CubeSDK
client = CubeSDK(
service_token="st_dev_xxx",
default_env="development",
cache_ttl=300, # 5 minutes
)
# Get secrets
db_host = client.get_secret("DB_HOST")
db_password = client.get_secret("DB_PASSWORD")
api_key = client.get_secret("API_KEY")
Environment Switching
# Start with production
client = CubeSDK(
service_token="st_prod_xxx",
default_env="production",
)
prod_secret = client.get_secret("SECRET_KEY")
# Switch to staging
client.switch_env("staging")
staging_secret = client.get_secret("SECRET_KEY")
Batch Secret Retrieval
# Get all secrets at once (more efficient for multiple secrets)
secrets = client.get_secrets()
db_config = {
"host": secrets["DB_HOST"],
"port": secrets["DB_PORT"],
"password": secrets["DB_PASSWORD"],
}
Custom Configuration
client = CubeSDK(
service_token="st_prod_xxx",
default_env="production",
base_url="https://api.cube.example.com",
timeout=10,
cache_ttl=600, # 10 minutes
api_version="v1",
)
Requirements
- Python 3.9+
requests>=2.31.0
License
MIT
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
cubesdk-0.1.0.tar.gz
(5.1 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cubesdk-0.1.0.tar.gz.
File metadata
- Download URL: cubesdk-0.1.0.tar.gz
- Upload date:
- Size: 5.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3be9038c216f4ecfb7c610b6deed4ef6f0dbf6ea50a38c52e4e2a35ccf8f0f5e
|
|
| MD5 |
1114e7907722d35dad1ce0347c1a6d0c
|
|
| BLAKE2b-256 |
62c9c9499ebe7803bd8fba0cca076ffc013e4527e38e0e870729c82a5e433f14
|
File details
Details for the file cubesdk-0.1.0-py3-none-any.whl.
File metadata
- Download URL: cubesdk-0.1.0-py3-none-any.whl
- Upload date:
- Size: 6.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
41314dbb6fdded7588ddee0d44a442606b8466eeb8d7909d5231c09e2cb9df04
|
|
| MD5 |
4541ce4fed9b6957bd6d57edb907dcff
|
|
| BLAKE2b-256 |
486e2776ec50cd7cb702f6eaaaad02d71353b176224a7045f155bc78664c13e9
|
