Python wrapper for fnox

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for fullerzz from gravatar.com fullerzz

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

fnox-py

fnox-py is a thin Python wrapper around the fnox secrets management tool.

It does not reimplement fnox behavior in Python. Instead, it:

  • locates a real fnox binary
  • builds argv for common commands
  • runs the binary
  • returns parsed results or typed errors

Python requirement: >=3.12

[!NOTE] Official fnox project links:

Installation

uv

uv tool install fnox-py

pip

pip install fnox-py

Bundled binary vs source install

Platform wheels are intended to bundle the fnox binary.

If you install from source instead of a platform wheel, fnox-py requires a real fnox executable to be available via:

  • PATH, or
  • FNOX_PY_BINARY=/absolute/path/to/fnox

Examples:

pip install --no-binary fnox-py fnox-py

FNOX_PY_BINARY=/usr/local/bin/fnox python -c "import fnox_py; print(fnox_py.version())"

Binary Resolution

At runtime, fnox-py resolves the fnox binary in this order:

  1. FNOX_PY_BINARY
  2. bundled/installed locations in the current environment
  3. bundled/installed fallback locations associated with the base or target install
  4. user scheme script location
  5. PATH

If FNOX_PY_BINARY is set but points to a missing file, fnox-py raises FnoxNotFoundError.

Python API

from fnox_py import (
    config_files,
    export_json,
    get,
    lease_create,
    profiles,
    providers,
    schema,
    version,
)

value = get("MY_SECRET")
all_values = export_json()
schema_doc = schema()
profile_names = profiles()
provider_names = providers()
config_paths = config_files()
lease = lease_create("vault", duration="1h", label="local-dev")
fnox_version = version()

Common examples

Get a single value:

from fnox_py import get

token = get("API_TOKEN")

Get a value from a specific profile:

from fnox_py import get

token = get("API_TOKEN", profile="prod")

Decode base64 output:

from fnox_py import get

decoded = get("TLS_CERT", base64_decode=True)

Export all secrets as JSON:

from fnox_py import export_json

data = export_json(profile="dev")

Inspect schema, profiles, providers, and config files:

from fnox_py import config_files, profiles, providers, schema

print(schema())
print(profiles())
print(providers())
print(config_files())

Create a lease:

from fnox_py import lease_create

lease = lease_create("vault", duration="30m", label="ci-job")

Get the underlying fnox version:

from fnox_py import version

print(version())

CLI

The package installs the fnox-py console script.

Built-in subcommands

Locate the resolved binary:

fnox-py which

Show the wrapper version and attempt to print the underlying fnox version:

fnox-py version

Print basic environment diagnostics:

fnox-py doctor

Passthrough behavior

Any arguments other than which, version, and doctor are passed directly through to fnox.

For example:

fnox-py get MY_SECRET
fnox-py profiles
fnox-py export --format json

With no arguments, fnox-py runs fnox with no extra argv.

Public API

fnox-py currently exports:

  • config_files
  • export_json
  • get
  • lease_create
  • profiles
  • providers
  • schema
  • version
  • find_fnox_bin
  • run
  • FnoxResult
  • FnoxCommandError
  • FnoxError
  • FnoxNotFoundError
  • FnoxTimeoutError

Errors

Library calls raise typed exceptions:

  • FnoxNotFoundError when the binary cannot be found
  • FnoxCommandError when fnox exits non-zero
  • FnoxTimeoutError on subprocess timeout
  • FnoxError as the base exception type

Development

This project uses uv, pytest, ruff, and mypy.

Install dependencies:

uv sync

Run tests:

uv run pytest -v

Run a single test:

uv run pytest tests/test_api.py::test_get -q

Lint:

uv run ruff check src tests scripts

Type-check:

uv run mypy src

Build distributions:

uv build

Release / Platform Wheel Build

scripts/build_platform_wheel.py builds platform-specific wheels by:

  1. building a pure Python wheel
  2. downloading upstream fnox release binaries
  3. injecting the binary into the wheel
  4. rewriting wheel metadata
  5. building an sdist

The upstream fnox version to bundle is read from FNOX_VERSION.txt at the repo root by default. To override it, pass --fnox-version:

uv run python scripts/build_platform_wheel.py --fnox-version 1.0.0 --output dist/

Expected upstream archive and extracted binary SHA256 values are pinned in FNOX_HASHES.json and verified during release builds.

To bump the bundled version, update FNOX_VERSION.txt, refresh FNOX_HASHES.json, and commit both changes.

Notes

  • fnox-py is intentionally small and wrapper-focused.
  • For behavior, flags, and command semantics, prefer the upstream fnox documentation.
  • If you need lower-level control, use run() directly and inspect FnoxResult.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for fullerzz from gravatar.com fullerzz

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

1.23.1

1.23.0

1.22.0

This version

1.20.0

1.19.0

1.0.3

1.0.2

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fnox_py-1.20.0.tar.gz (6.6 kB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

fnox_py-1.20.0-py3-none-win_arm64.whl (13.9 MB view details)

Uploaded Python 3Windows ARM64

fnox_py-1.20.0-py3-none-win_amd64.whl (14.6 MB view details)

Uploaded Python 3Windows x86-64

fnox_py-1.20.0-py3-none-manylinux_2_17_x86_64.whl (21.4 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

fnox_py-1.20.0-py3-none-manylinux_2_17_aarch64.whl (20.8 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ ARM64

fnox_py-1.20.0-py3-none-macosx_11_0_arm64.whl (16.7 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

fnox_py-1.20.0-py3-none-macosx_10_12_x86_64.whl (17.8 MB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file fnox_py-1.20.0.tar.gz.

File metadata

  • Download URL: fnox_py-1.20.0.tar.gz
  • Upload date:
  • Size: 6.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for fnox_py-1.20.0.tar.gz
Algorithm Hash digest
SHA256 a5841067726a0a84841a72c8ff618fbc344db1a6cdb4c669b1f58cdbc7b847de
MD5 3301efa65c1631b340736cb84614c174
BLAKE2b-256 46838f699e91b08bdc3ec173455e1ae5b0468de0e7f04b6a233bd82a5bdd673a

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.20.0.tar.gz:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.20.0-py3-none-win_arm64.whl.

File metadata

  • Download URL: fnox_py-1.20.0-py3-none-win_arm64.whl
  • Upload date:
  • Size: 13.9 MB
  • Tags: Python 3, Windows ARM64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for fnox_py-1.20.0-py3-none-win_arm64.whl
Algorithm Hash digest
SHA256 498677a9057366d28e8289bda5ee94959e4c90500b2c083d2dfc5a51465ed404
MD5 c25c482b8dbba5d940abfba4d0cdef1e
BLAKE2b-256 8504e1006530c6b82cfbdb9a1760f0764e7213aa1b9bb15d33bfcb255d0363a0

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.20.0-py3-none-win_arm64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.20.0-py3-none-win_amd64.whl.

File metadata

  • Download URL: fnox_py-1.20.0-py3-none-win_amd64.whl
  • Upload date:
  • Size: 14.6 MB
  • Tags: Python 3, Windows x86-64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for fnox_py-1.20.0-py3-none-win_amd64.whl
Algorithm Hash digest
SHA256 882c01a8c6065e1b30b2d8085853b0f1c5fd4b71110c9ef0bdc0a5d53ba61d6c
MD5 e6a795ecba1479b4ad7642612c85f3c6
BLAKE2b-256 1d76263429db2fed19c37200f53e5cd66d2cb15e5a787ebfa223a1fc8759dd2c

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.20.0-py3-none-win_amd64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.20.0-py3-none-manylinux_2_17_x86_64.whl.

File metadata

File hashes

Hashes for fnox_py-1.20.0-py3-none-manylinux_2_17_x86_64.whl
Algorithm Hash digest
SHA256 1e19dff711f447f84207556bec10d61a538c071af882aaac313a32f91931c730
MD5 18b43fa1399a65e4fe1e0bf810f1a81a
BLAKE2b-256 0ea26ecb9f6670ce13cb0f216a08157651a1156728af59c6f4b1535f7d66d763

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.20.0-py3-none-manylinux_2_17_x86_64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.20.0-py3-none-manylinux_2_17_aarch64.whl.

File metadata

File hashes

Hashes for fnox_py-1.20.0-py3-none-manylinux_2_17_aarch64.whl
Algorithm Hash digest
SHA256 f5604496ac861a04a76930bd9af889d5506c4dd342c5c91fbe43aad1fb54c0ff
MD5 826f676ec2c8a1de5fb75fa62d1e6383
BLAKE2b-256 8008d9a17ade967eea0df5b3b483e015d4cd4c64a28af673bbb742ccc1f241cb

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.20.0-py3-none-manylinux_2_17_aarch64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.20.0-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for fnox_py-1.20.0-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 39d439a20ba1c53706f0d09c0459af01bbd668373384228a5252711d3afc93cc
MD5 01781dbc0401df7ff2589e159e307069
BLAKE2b-256 ca8d30dc9203bfe9edb73f238f98b2d607516e6a4f566e26a576365aa0b03035

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.20.0-py3-none-macosx_11_0_arm64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.20.0-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for fnox_py-1.20.0-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 7484697c1d9631a5242940535d53a666766ec8832bfeae996336875643957bea
MD5 60d3ee90bb08e5bb6cec7ccf1b9a80ce
BLAKE2b-256 1fe290f30feafb23b11985e67e685c277ec67067b85b1672e2435aae4effa81a

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.20.0-py3-none-macosx_10_12_x86_64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page