Python wrapper for fnox

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for fullerzz from gravatar.com fullerzz

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

fnox-py

fnox-py is a thin Python wrapper around the fnox secrets management tool.

It does not reimplement fnox behavior in Python. Instead, it:

  • locates a real fnox binary
  • builds argv for common commands
  • runs the binary
  • returns parsed results or typed errors

Python requirement: >=3.12

[!NOTE] Official fnox project links:

Installation

uv

uv tool install fnox-py

pip

pip install fnox-py

Bundled binary vs source install

Platform wheels are intended to bundle the fnox binary.

If you install from source instead of a platform wheel, fnox-py requires a real fnox executable to be available via:

  • PATH, or
  • FNOX_PY_BINARY=/absolute/path/to/fnox

Examples:

pip install --no-binary fnox-py fnox-py

FNOX_PY_BINARY=/usr/local/bin/fnox python -c "import fnox_py; print(fnox_py.version())"

Binary Resolution

At runtime, fnox-py resolves the fnox binary in this order:

  1. FNOX_PY_BINARY
  2. bundled/installed locations in the current environment
  3. bundled/installed fallback locations associated with the base or target install
  4. user scheme script location
  5. PATH

If FNOX_PY_BINARY is set but points to a missing file, fnox-py raises FnoxNotFoundError.

Python API

from fnox_py import (
    config_files,
    export_json,
    get,
    lease_create,
    profiles,
    providers,
    schema,
    version,
)

value = get("MY_SECRET")
all_values = export_json()
schema_doc = schema()
profile_names = profiles()
provider_names = providers()
config_paths = config_files()
lease = lease_create("vault", duration="1h", label="local-dev")
fnox_version = version()

Common examples

Get a single value:

from fnox_py import get

token = get("API_TOKEN")

Get a value from a specific profile:

from fnox_py import get

token = get("API_TOKEN", profile="prod")

Decode base64 output:

from fnox_py import get

decoded = get("TLS_CERT", base64_decode=True)

Export all secrets as JSON:

from fnox_py import export_json

data = export_json(profile="dev")

Inspect schema, profiles, providers, and config files:

from fnox_py import config_files, profiles, providers, schema

print(schema())
print(profiles())
print(providers())
print(config_files())

Create a lease:

from fnox_py import lease_create

lease = lease_create("vault", duration="30m", label="ci-job")

Get the underlying fnox version:

from fnox_py import version

print(version())

CLI

The package installs the fnox-py console script.

Built-in subcommands

Locate the resolved binary:

fnox-py which

Show the wrapper version and attempt to print the underlying fnox version:

fnox-py version

Print basic environment diagnostics:

fnox-py doctor

Passthrough behavior

Any arguments other than which, version, and doctor are passed directly through to fnox.

For example:

fnox-py get MY_SECRET
fnox-py profiles
fnox-py export --format json

With no arguments, fnox-py runs fnox with no extra argv.

Public API

fnox-py currently exports:

  • config_files
  • export_json
  • get
  • lease_create
  • profiles
  • providers
  • schema
  • version
  • find_fnox_bin
  • run
  • FnoxResult
  • FnoxCommandError
  • FnoxError
  • FnoxNotFoundError
  • FnoxTimeoutError

Errors

Library calls raise typed exceptions:

  • FnoxNotFoundError when the binary cannot be found
  • FnoxCommandError when fnox exits non-zero
  • FnoxTimeoutError on subprocess timeout
  • FnoxError as the base exception type

Development

This project uses uv, pytest, ruff, and mypy.

Install dependencies:

uv sync

Run tests:

uv run pytest -v

Run a single test:

uv run pytest tests/test_api.py::test_get -q

Lint:

uv run ruff check src tests scripts

Type-check:

uv run mypy src

Build distributions:

uv build

Release / Platform Wheel Build

scripts/build_platform_wheel.py builds platform-specific wheels by:

  1. building a pure Python wheel
  2. downloading upstream fnox release binaries
  3. injecting the binary into the wheel
  4. rewriting wheel metadata
  5. building an sdist

The upstream fnox version to bundle is read from FNOX_VERSION.txt at the repo root by default. To override it, pass --fnox-version:

uv run python scripts/build_platform_wheel.py --fnox-version 1.0.0 --output dist/

Expected upstream archive and extracted binary SHA256 values are pinned in FNOX_HASHES.json and verified during release builds.

To bump the bundled version, update FNOX_VERSION.txt, refresh FNOX_HASHES.json, and commit both changes.

Notes

  • fnox-py is intentionally small and wrapper-focused.
  • For behavior, flags, and command semantics, prefer the upstream fnox documentation.
  • If you need lower-level control, use run() directly and inspect FnoxResult.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for fullerzz from gravatar.com fullerzz

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

1.23.1

1.23.0

1.22.0

1.20.0

This version

1.19.0

1.0.3

1.0.2

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fnox_py-1.19.0.tar.gz (6.6 kB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

fnox_py-1.19.0-py3-none-win_arm64.whl (13.9 MB view details)

Uploaded Python 3Windows ARM64

fnox_py-1.19.0-py3-none-win_amd64.whl (14.5 MB view details)

Uploaded Python 3Windows x86-64

fnox_py-1.19.0-py3-none-manylinux_2_17_x86_64.whl (21.4 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

fnox_py-1.19.0-py3-none-manylinux_2_17_aarch64.whl (20.8 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ ARM64

fnox_py-1.19.0-py3-none-macosx_11_0_arm64.whl (16.8 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

fnox_py-1.19.0-py3-none-macosx_10_12_x86_64.whl (17.9 MB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file fnox_py-1.19.0.tar.gz.

File metadata

  • Download URL: fnox_py-1.19.0.tar.gz
  • Upload date:
  • Size: 6.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for fnox_py-1.19.0.tar.gz
Algorithm Hash digest
SHA256 7ee56a543f66d4bed23d3cc6b05221efd6b08a9df69238c82b30ae06de063b19
MD5 337239a5e364f6ac8f84eda605275180
BLAKE2b-256 4872757f9d464001c2d33ba10fd0b0af0a0ea7552de61b608c49e4066aff08d8

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.19.0.tar.gz:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.19.0-py3-none-win_arm64.whl.

File metadata

  • Download URL: fnox_py-1.19.0-py3-none-win_arm64.whl
  • Upload date:
  • Size: 13.9 MB
  • Tags: Python 3, Windows ARM64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for fnox_py-1.19.0-py3-none-win_arm64.whl
Algorithm Hash digest
SHA256 142c093b90cd5b8525b0962534206b637f7f89420088c7cefc2a66b1c0fc9462
MD5 fca40e58a7d7649227d24d221e34cb6a
BLAKE2b-256 94e9a591a058425e973c0da19b045fc99164d532e325fbf2c642b2686592e0b4

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.19.0-py3-none-win_arm64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.19.0-py3-none-win_amd64.whl.

File metadata

  • Download URL: fnox_py-1.19.0-py3-none-win_amd64.whl
  • Upload date:
  • Size: 14.5 MB
  • Tags: Python 3, Windows x86-64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for fnox_py-1.19.0-py3-none-win_amd64.whl
Algorithm Hash digest
SHA256 4192d9eaae7a04ad0a7da07b65958bfdbd6f72e48ffba24f9be5869e117dc04d
MD5 0887572fe7e582e928454f37f579f344
BLAKE2b-256 9c4139b886b28be287f695ed37ba499987fb158dbc26dd8081b6318be3b74960

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.19.0-py3-none-win_amd64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.19.0-py3-none-manylinux_2_17_x86_64.whl.

File metadata

File hashes

Hashes for fnox_py-1.19.0-py3-none-manylinux_2_17_x86_64.whl
Algorithm Hash digest
SHA256 a41bbbb4f9dcd4a3950a16fdeb4cabfad36e8f345a47dd34e6f004742d64de4f
MD5 05b3da4f41820051ee782fa3ecc38971
BLAKE2b-256 42902b7a9ebc52203f254345e6117309fd15e04c62570ed07ed8a53fa79153b0

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.19.0-py3-none-manylinux_2_17_x86_64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.19.0-py3-none-manylinux_2_17_aarch64.whl.

File metadata

File hashes

Hashes for fnox_py-1.19.0-py3-none-manylinux_2_17_aarch64.whl
Algorithm Hash digest
SHA256 3aaa3cdce30432414ea971c1aff19735b447083e05e9c9645b3b98681bcec90e
MD5 c2bf5c8f610b2142c5995d53a4323baa
BLAKE2b-256 a1bfc58c933fd0f66813a16510c53da80360f19cd12b4cb2d9bb5d992cb4b4eb

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.19.0-py3-none-manylinux_2_17_aarch64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.19.0-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for fnox_py-1.19.0-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 59bb96135f4ed3d9c31e59146370bcb6714aeab15fce2ff84785b04622b22161
MD5 a2b18b2ece273e81d5eef9a554519d9f
BLAKE2b-256 af239bca7b1a607a5cf382ae49402e07b9024b4fed081f5ddcbb39d78058ccf9

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.19.0-py3-none-macosx_11_0_arm64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.19.0-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for fnox_py-1.19.0-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 0304147314315c981e805b818b1bc82bb01b202ba26dcbc238de9f1d2ea17739
MD5 3307a85413133efc192c985fcfc0bcc6
BLAKE2b-256 e78b98a11b42e497665aa6ce316eb31c28826352c081b5ad7a2678ff087fc609

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.19.0-py3-none-macosx_10_12_x86_64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page