Python wrapper for fnox

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for fullerzz from gravatar.com fullerzz

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

fnox-py

fnox-py is a thin Python wrapper around the fnox secrets management tool.

It does not reimplement fnox behavior in Python. Instead, it:

  • locates a real fnox binary
  • builds argv for common commands
  • runs the binary
  • returns parsed results or typed errors

Python requirement: >=3.12

[!NOTE] Official fnox project links:

Installation

uv

uv tool install fnox-py

pip

pip install fnox-py

Bundled binary vs source install

Platform wheels are intended to bundle the fnox binary.

If you install from source instead of a platform wheel, fnox-py requires a real fnox executable to be available via:

  • PATH, or
  • FNOX_PY_BINARY=/absolute/path/to/fnox

Examples:

pip install --no-binary fnox-py fnox-py

FNOX_PY_BINARY=/usr/local/bin/fnox python -c "import fnox_py; print(fnox_py.version())"

Binary Resolution

At runtime, fnox-py resolves the fnox binary in this order:

  1. FNOX_PY_BINARY
  2. bundled/installed locations in the current environment
  3. bundled/installed fallback locations associated with the base or target install
  4. user scheme script location
  5. PATH

If FNOX_PY_BINARY is set but points to a missing file, fnox-py raises FnoxNotFoundError.

Python API

from fnox_py import (
    config_files,
    export_json,
    get,
    lease_create,
    profiles,
    providers,
    schema,
    version,
)

value = get("MY_SECRET")
all_values = export_json()
schema_doc = schema()
profile_names = profiles()
provider_names = providers()
config_paths = config_files()
lease = lease_create("vault", duration="1h", label="local-dev")
fnox_version = version()

Common examples

Get a single value:

from fnox_py import get

token = get("API_TOKEN")

Get a value from a specific profile:

from fnox_py import get

token = get("API_TOKEN", profile="prod")

Decode base64 output:

from fnox_py import get

decoded = get("TLS_CERT", base64_decode=True)

Export all secrets as JSON:

from fnox_py import export_json

data = export_json(profile="dev")

Inspect schema, profiles, providers, and config files:

from fnox_py import config_files, profiles, providers, schema

print(schema())
print(profiles())
print(providers())
print(config_files())

Create a lease:

from fnox_py import lease_create

lease = lease_create("vault", duration="30m", label="ci-job")

Get the underlying fnox version:

from fnox_py import version

print(version())

CLI

The package installs the fnox-py console script.

Built-in subcommands

Locate the resolved binary:

fnox-py which

Show the wrapper version and attempt to print the underlying fnox version:

fnox-py version

Print basic environment diagnostics:

fnox-py doctor

Passthrough behavior

Any arguments other than which, version, and doctor are passed directly through to fnox.

For example:

fnox-py get MY_SECRET
fnox-py profiles
fnox-py export --format json

With no arguments, fnox-py runs fnox with no extra argv.

Public API

fnox-py currently exports:

  • config_files
  • export_json
  • get
  • lease_create
  • profiles
  • providers
  • schema
  • version
  • find_fnox_bin
  • run
  • FnoxResult
  • FnoxCommandError
  • FnoxError
  • FnoxNotFoundError
  • FnoxTimeoutError

Errors

Library calls raise typed exceptions:

  • FnoxNotFoundError when the binary cannot be found
  • FnoxCommandError when fnox exits non-zero
  • FnoxTimeoutError on subprocess timeout
  • FnoxError as the base exception type

Development

This project uses uv, pytest, ruff, and mypy.

Install dependencies:

uv sync

Run tests:

uv run pytest -v

Run a single test:

uv run pytest tests/test_api.py::test_get -q

Lint:

uv run ruff check src tests scripts

Type-check:

uv run mypy src

Build distributions:

uv build

Release / Platform Wheel Build

scripts/build_platform_wheel.py builds platform-specific wheels by:

  1. building a pure Python wheel
  2. downloading upstream fnox release binaries
  3. injecting the binary into the wheel
  4. rewriting wheel metadata
  5. building an sdist

The upstream fnox version to bundle is read from FNOX_VERSION.txt at the repo root by default. To override it, pass --fnox-version:

uv run python scripts/build_platform_wheel.py --fnox-version 1.0.0 --output dist/

Expected upstream archive and extracted binary SHA256 values are pinned in FNOX_HASHES.json and verified during release builds.

To bump the bundled version, update FNOX_VERSION.txt, refresh FNOX_HASHES.json, and commit both changes.

Notes

  • fnox-py is intentionally small and wrapper-focused.
  • For behavior, flags, and command semantics, prefer the upstream fnox documentation.
  • If you need lower-level control, use run() directly and inspect FnoxResult.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for fullerzz from gravatar.com fullerzz

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

1.23.1

This version

1.23.0

1.22.0

1.20.0

1.19.0

1.0.3

1.0.2

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fnox_py-1.23.0.tar.gz (6.6 kB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

fnox_py-1.23.0-py3-none-win_arm64.whl (13.9 MB view details)

Uploaded Python 3Windows ARM64

fnox_py-1.23.0-py3-none-win_amd64.whl (14.6 MB view details)

Uploaded Python 3Windows x86-64

fnox_py-1.23.0-py3-none-manylinux_2_17_x86_64.whl (21.5 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

fnox_py-1.23.0-py3-none-manylinux_2_17_aarch64.whl (20.9 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ ARM64

fnox_py-1.23.0-py3-none-macosx_11_0_arm64.whl (16.8 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

fnox_py-1.23.0-py3-none-macosx_10_12_x86_64.whl (17.8 MB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file fnox_py-1.23.0.tar.gz.

File metadata

  • Download URL: fnox_py-1.23.0.tar.gz
  • Upload date:
  • Size: 6.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fnox_py-1.23.0.tar.gz
Algorithm Hash digest
SHA256 6a8129580ca4f805985bfdfc3a687a368c53eaf251167095222701aee40435f6
MD5 eb64e4646953128b9148f126ec3f18d2
BLAKE2b-256 8ec564305c01ea042900544bedee5c99ed440f68652b0e512aa5975e786c4bef

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.23.0.tar.gz:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.23.0-py3-none-win_arm64.whl.

File metadata

  • Download URL: fnox_py-1.23.0-py3-none-win_arm64.whl
  • Upload date:
  • Size: 13.9 MB
  • Tags: Python 3, Windows ARM64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fnox_py-1.23.0-py3-none-win_arm64.whl
Algorithm Hash digest
SHA256 8b8ba0dbdd737c8c4559702bf1112b6c19f7ad71ea18c1309940aaf9f3d35b46
MD5 3bfe9ca2f39dcfe97544995b5158ae48
BLAKE2b-256 5ce77bcb2507d2f680b63022451b1544940f693cc88cec23563595cef95ee484

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.23.0-py3-none-win_arm64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.23.0-py3-none-win_amd64.whl.

File metadata

  • Download URL: fnox_py-1.23.0-py3-none-win_amd64.whl
  • Upload date:
  • Size: 14.6 MB
  • Tags: Python 3, Windows x86-64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fnox_py-1.23.0-py3-none-win_amd64.whl
Algorithm Hash digest
SHA256 5175de724f3f00ab609e7d6fb31aa9b7e005d3d283282dc584e222a0f5aeb743
MD5 e93e00faa2946f16c110651321341ec1
BLAKE2b-256 463e4a22f76d9fc92142824fd5e39f3999f4219b6648c72ad13dde44a5383750

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.23.0-py3-none-win_amd64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.23.0-py3-none-manylinux_2_17_x86_64.whl.

File metadata

File hashes

Hashes for fnox_py-1.23.0-py3-none-manylinux_2_17_x86_64.whl
Algorithm Hash digest
SHA256 405419656a147797e697975198a54598aa6df53154cfdc91dc600c93d6bb90a3
MD5 b4bdf9dd9585391bfde3d3a0818aa63b
BLAKE2b-256 8a38bf1ced0c6ac785282ad92f762be9787698c903817393b8ab70e131d69f42

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.23.0-py3-none-manylinux_2_17_x86_64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.23.0-py3-none-manylinux_2_17_aarch64.whl.

File metadata

File hashes

Hashes for fnox_py-1.23.0-py3-none-manylinux_2_17_aarch64.whl
Algorithm Hash digest
SHA256 735038af26fd89341d7484d293a6229ba379eb40e103e26c82cf3f83f45f9102
MD5 afae92e8047358301386938f7f19c08d
BLAKE2b-256 f67744e2ef08d732807e4addd735ae462c325e98ea428bc638c487e082c3a693

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.23.0-py3-none-manylinux_2_17_aarch64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.23.0-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for fnox_py-1.23.0-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 988cc72a2e368e04af55a14e476febb8d1c5fca85e90fdf330cf33d41bc7c317
MD5 20213066220141b823e70059f832460d
BLAKE2b-256 60c0cdcaaf0b040078c615349e5ffe4103f8e23a7ee241779bc11d270568dbcf

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.23.0-py3-none-macosx_11_0_arm64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.23.0-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for fnox_py-1.23.0-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 602cb38170ad880150e794f449745eccf660554842c2b154edfa2bdc5d31c1c5
MD5 1968a01fb9fb19327f15af5b592c8ab2
BLAKE2b-256 670d18788b4c10446b861a8974c2912664c17a872d8c9622e4d557e0cac8a450

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.23.0-py3-none-macosx_10_12_x86_64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page