Python wrapper for fnox

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for fullerzz from gravatar.com fullerzz

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

fnox-py

fnox-py is a thin Python wrapper around the fnox secrets management tool.

It does not reimplement fnox behavior in Python. Instead, it:

  • locates a real fnox binary
  • builds argv for common commands
  • runs the binary
  • returns parsed results or typed errors

Python requirement: >=3.12

[!NOTE] Official fnox project links:

Installation

uv

uv tool install fnox-py

pip

pip install fnox-py

Bundled binary vs source install

Platform wheels are intended to bundle the fnox binary.

If you install from source instead of a platform wheel, fnox-py requires a real fnox executable to be available via:

  • PATH, or
  • FNOX_PY_BINARY=/absolute/path/to/fnox

Examples:

pip install --no-binary fnox-py fnox-py

FNOX_PY_BINARY=/usr/local/bin/fnox python -c "import fnox_py; print(fnox_py.version())"

Binary Resolution

At runtime, fnox-py resolves the fnox binary in this order:

  1. FNOX_PY_BINARY
  2. bundled/installed locations in the current environment
  3. bundled/installed fallback locations associated with the base or target install
  4. user scheme script location
  5. PATH

If FNOX_PY_BINARY is set but points to a missing file, fnox-py raises FnoxNotFoundError.

Python API

from fnox_py import (
    config_files,
    export_json,
    get,
    lease_create,
    profiles,
    providers,
    schema,
    version,
)

value = get("MY_SECRET")
all_values = export_json()
schema_doc = schema()
profile_names = profiles()
provider_names = providers()
config_paths = config_files()
lease = lease_create("vault", duration="1h", label="local-dev")
fnox_version = version()

Common examples

Get a single value:

from fnox_py import get

token = get("API_TOKEN")

Get a value from a specific profile:

from fnox_py import get

token = get("API_TOKEN", profile="prod")

Decode base64 output:

from fnox_py import get

decoded = get("TLS_CERT", base64_decode=True)

Export all secrets as JSON:

from fnox_py import export_json

data = export_json(profile="dev")

Inspect schema, profiles, providers, and config files:

from fnox_py import config_files, profiles, providers, schema

print(schema())
print(profiles())
print(providers())
print(config_files())

Create a lease:

from fnox_py import lease_create

lease = lease_create("vault", duration="30m", label="ci-job")

Get the underlying fnox version:

from fnox_py import version

print(version())

CLI

The package installs the fnox-py console script.

Built-in subcommands

Locate the resolved binary:

fnox-py which

Show the wrapper version and attempt to print the underlying fnox version:

fnox-py version

Print basic environment diagnostics:

fnox-py doctor

Passthrough behavior

Any arguments other than which, version, and doctor are passed directly through to fnox.

For example:

fnox-py get MY_SECRET
fnox-py profiles
fnox-py export --format json

With no arguments, fnox-py runs fnox with no extra argv.

Public API

fnox-py currently exports:

  • config_files
  • export_json
  • get
  • lease_create
  • profiles
  • providers
  • schema
  • version
  • find_fnox_bin
  • run
  • FnoxResult
  • FnoxCommandError
  • FnoxError
  • FnoxNotFoundError
  • FnoxTimeoutError

Errors

Library calls raise typed exceptions:

  • FnoxNotFoundError when the binary cannot be found
  • FnoxCommandError when fnox exits non-zero
  • FnoxTimeoutError on subprocess timeout
  • FnoxError as the base exception type

Development

This project uses uv, pytest, ruff, and mypy.

Install dependencies:

uv sync

Run tests:

uv run pytest -v

Run a single test:

uv run pytest tests/test_api.py::test_get -q

Lint:

uv run ruff check src tests scripts

Type-check:

uv run mypy src

Build distributions:

uv build

Release / Platform Wheel Build

scripts/build_platform_wheel.py builds platform-specific wheels by:

  1. building a pure Python wheel
  2. downloading upstream fnox release binaries
  3. injecting the binary into the wheel
  4. rewriting wheel metadata
  5. building an sdist

The upstream fnox version to bundle is read from FNOX_VERSION.txt at the repo root by default. To override it, pass --fnox-version:

uv run python scripts/build_platform_wheel.py --fnox-version 1.0.0 --output dist/

Expected upstream archive and extracted binary SHA256 values are pinned in FNOX_HASHES.json and verified during release builds.

To bump the bundled version, update FNOX_VERSION.txt, refresh FNOX_HASHES.json, and commit both changes.

Notes

  • fnox-py is intentionally small and wrapper-focused.
  • For behavior, flags, and command semantics, prefer the upstream fnox documentation.
  • If you need lower-level control, use run() directly and inspect FnoxResult.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for fullerzz from gravatar.com fullerzz

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

1.23.1

1.23.0

This version

1.22.0

1.20.0

1.19.0

1.0.3

1.0.2

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fnox_py-1.22.0.tar.gz (6.6 kB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

fnox_py-1.22.0-py3-none-win_arm64.whl (13.9 MB view details)

Uploaded Python 3Windows ARM64

fnox_py-1.22.0-py3-none-win_amd64.whl (14.6 MB view details)

Uploaded Python 3Windows x86-64

fnox_py-1.22.0-py3-none-manylinux_2_17_x86_64.whl (21.5 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

fnox_py-1.22.0-py3-none-manylinux_2_17_aarch64.whl (20.9 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ ARM64

fnox_py-1.22.0-py3-none-macosx_11_0_arm64.whl (16.8 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

fnox_py-1.22.0-py3-none-macosx_10_12_x86_64.whl (17.9 MB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file fnox_py-1.22.0.tar.gz.

File metadata

  • Download URL: fnox_py-1.22.0.tar.gz
  • Upload date:
  • Size: 6.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fnox_py-1.22.0.tar.gz
Algorithm Hash digest
SHA256 f9f472185cc2dcc4d8618fa7b6390ffbf2942c310694859d76cc7070dba8113b
MD5 1949c427053cca9efac5c66495e08d38
BLAKE2b-256 27f8c458c884862a497cc84d0aac612829bee65e5e73b5d1ca0308d553fb319d

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.22.0.tar.gz:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.22.0-py3-none-win_arm64.whl.

File metadata

  • Download URL: fnox_py-1.22.0-py3-none-win_arm64.whl
  • Upload date:
  • Size: 13.9 MB
  • Tags: Python 3, Windows ARM64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fnox_py-1.22.0-py3-none-win_arm64.whl
Algorithm Hash digest
SHA256 4def7e4105962f2f6d3ce97d50740c5241757c8ef63406d9d37cc7bfad95e5fb
MD5 07fa3d33de8404be367033ac70f7989d
BLAKE2b-256 edbe5efd51170379c1e1c4857a8b2456d3b680d30c4d0862625e8da095f83d74

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.22.0-py3-none-win_arm64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.22.0-py3-none-win_amd64.whl.

File metadata

  • Download URL: fnox_py-1.22.0-py3-none-win_amd64.whl
  • Upload date:
  • Size: 14.6 MB
  • Tags: Python 3, Windows x86-64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fnox_py-1.22.0-py3-none-win_amd64.whl
Algorithm Hash digest
SHA256 6511346405e9c33cefe76722b44b07415302619f1dc076bfff46ed030d4b803f
MD5 8ca1918edb56aa509d653ce97f27ac9f
BLAKE2b-256 6c700c5b42ace5932b1ad9076dc611af9ac1649adb470fdc9068ea1d24895252

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.22.0-py3-none-win_amd64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.22.0-py3-none-manylinux_2_17_x86_64.whl.

File metadata

File hashes

Hashes for fnox_py-1.22.0-py3-none-manylinux_2_17_x86_64.whl
Algorithm Hash digest
SHA256 a4d05ee0b3db8b8682eb776f5da5cd7ac39d1ae7a18d7105c46cfd7b71e2d4fd
MD5 9c19d3f7c899fb625d77f059b58a1437
BLAKE2b-256 1adb7c6ca005a7c0d694c8a9ac453fb05687c9ced7a643ea1bea9aa2959d80d9

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.22.0-py3-none-manylinux_2_17_x86_64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.22.0-py3-none-manylinux_2_17_aarch64.whl.

File metadata

File hashes

Hashes for fnox_py-1.22.0-py3-none-manylinux_2_17_aarch64.whl
Algorithm Hash digest
SHA256 60a47601a7d7ff0dc2412f32ee77753cb80511b6b3db71d910caf125cb96b7da
MD5 b79ebf5fb3b8de7e8b1d8ce18adf16e7
BLAKE2b-256 b66a77930d7c090e1a4f56d4e82942ca87580189cf54c1a02ffc8a4d1b28e07e

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.22.0-py3-none-manylinux_2_17_aarch64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.22.0-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for fnox_py-1.22.0-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 893b5dd9dbb1e3e059b4453e311c9b0e2f3070f6a534935a62a55c1e3a53f073
MD5 c4d15916372171533fdc50ed38d4160a
BLAKE2b-256 f08b7c388e1998d4cbe86e430567ac5fbfab61222917d33dc4503e1ebea06691

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.22.0-py3-none-macosx_11_0_arm64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.22.0-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for fnox_py-1.22.0-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 5b33594cbe8872fc34052aab8a248e47958c73f26e0f7122341fdc9996223527
MD5 de4206be923a26a5a07359d3d0ae062e
BLAKE2b-256 fdd3dceb9cdabf3d1876c2663b23329f67bc11d2fc05b97e4994a88574a90f2b

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.22.0-py3-none-macosx_10_12_x86_64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page