Python wrapper for fnox

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for fullerzz from gravatar.com fullerzz

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

fnox-py

fnox-py is a thin Python wrapper around the fnox secrets management tool.

It does not reimplement fnox behavior in Python. Instead, it:

  • locates a real fnox binary
  • builds argv for common commands
  • runs the binary
  • returns parsed results or typed errors

Python requirement: >=3.12

[!NOTE] Official fnox project links:

Installation

uv

uv tool install fnox-py

pip

pip install fnox-py

Bundled binary vs source install

Platform wheels are intended to bundle the fnox binary.

If you install from source instead of a platform wheel, fnox-py requires a real fnox executable to be available via:

  • PATH, or
  • FNOX_PY_BINARY=/absolute/path/to/fnox

Examples:

pip install --no-binary fnox-py fnox-py

FNOX_PY_BINARY=/usr/local/bin/fnox python -c "import fnox_py; print(fnox_py.version())"

Binary Resolution

At runtime, fnox-py resolves the fnox binary in this order:

  1. FNOX_PY_BINARY
  2. bundled/installed locations in the current environment
  3. bundled/installed fallback locations associated with the base or target install
  4. user scheme script location
  5. PATH

If FNOX_PY_BINARY is set but points to a missing file, fnox-py raises FnoxNotFoundError.

Python API

from fnox_py import (
    config_files,
    export_json,
    get,
    lease_create,
    profiles,
    providers,
    schema,
    version,
)

value = get("MY_SECRET")
all_values = export_json()
schema_doc = schema()
profile_names = profiles()
provider_names = providers()
config_paths = config_files()
lease = lease_create("vault", duration="1h", label="local-dev")
fnox_version = version()

Common examples

Get a single value:

from fnox_py import get

token = get("API_TOKEN")

Get a value from a specific profile:

from fnox_py import get

token = get("API_TOKEN", profile="prod")

Decode base64 output:

from fnox_py import get

decoded = get("TLS_CERT", base64_decode=True)

Export all secrets as JSON:

from fnox_py import export_json

data = export_json(profile="dev")

Inspect schema, profiles, providers, and config files:

from fnox_py import config_files, profiles, providers, schema

print(schema())
print(profiles())
print(providers())
print(config_files())

Create a lease:

from fnox_py import lease_create

lease = lease_create("vault", duration="30m", label="ci-job")

Get the underlying fnox version:

from fnox_py import version

print(version())

CLI

The package installs the fnox-py console script.

Built-in subcommands

Locate the resolved binary:

fnox-py which

Show the wrapper version and attempt to print the underlying fnox version:

fnox-py version

Print basic environment diagnostics:

fnox-py doctor

Passthrough behavior

Any arguments other than which, version, and doctor are passed directly through to fnox.

For example:

fnox-py get MY_SECRET
fnox-py profiles
fnox-py export --format json

With no arguments, fnox-py runs fnox with no extra argv.

Public API

fnox-py currently exports:

  • config_files
  • export_json
  • get
  • lease_create
  • profiles
  • providers
  • schema
  • version
  • find_fnox_bin
  • run
  • FnoxResult
  • FnoxCommandError
  • FnoxError
  • FnoxNotFoundError
  • FnoxTimeoutError

Errors

Library calls raise typed exceptions:

  • FnoxNotFoundError when the binary cannot be found
  • FnoxCommandError when fnox exits non-zero
  • FnoxTimeoutError on subprocess timeout
  • FnoxError as the base exception type

Development

This project uses uv, pytest, ruff, and mypy.

Install dependencies:

uv sync

Run tests:

uv run pytest -v

Run a single test:

uv run pytest tests/test_api.py::test_get -q

Lint:

uv run ruff check src tests scripts

Type-check:

uv run mypy src

Build distributions:

uv build

Release / Platform Wheel Build

scripts/build_platform_wheel.py builds platform-specific wheels by:

  1. building a pure Python wheel
  2. downloading upstream fnox release binaries
  3. injecting the binary into the wheel
  4. rewriting wheel metadata
  5. building an sdist

The upstream fnox version to bundle is read from FNOX_VERSION.txt at the repo root by default. To override it, pass --fnox-version:

uv run python scripts/build_platform_wheel.py --fnox-version 1.0.0 --output dist/

Expected upstream archive and extracted binary SHA256 values are pinned in FNOX_HASHES.json and verified during release builds.

To bump the bundled version, update FNOX_VERSION.txt, refresh FNOX_HASHES.json, and commit both changes.

Notes

  • fnox-py is intentionally small and wrapper-focused.
  • For behavior, flags, and command semantics, prefer the upstream fnox documentation.
  • If you need lower-level control, use run() directly and inspect FnoxResult.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for fullerzz from gravatar.com fullerzz

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

This version

1.23.1

1.23.0

1.22.0

1.20.0

1.19.0

1.0.3

1.0.2

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fnox_py-1.23.1.tar.gz (6.6 kB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

fnox_py-1.23.1-py3-none-win_arm64.whl (14.6 MB view details)

Uploaded Python 3Windows ARM64

fnox_py-1.23.1-py3-none-win_amd64.whl (15.5 MB view details)

Uploaded Python 3Windows x86-64

fnox_py-1.23.1-py3-none-manylinux_2_17_x86_64.whl (22.5 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

fnox_py-1.23.1-py3-none-manylinux_2_17_aarch64.whl (21.8 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ ARM64

fnox_py-1.23.1-py3-none-macosx_11_0_arm64.whl (17.6 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

fnox_py-1.23.1-py3-none-macosx_10_12_x86_64.whl (18.8 MB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file fnox_py-1.23.1.tar.gz.

File metadata

  • Download URL: fnox_py-1.23.1.tar.gz
  • Upload date:
  • Size: 6.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fnox_py-1.23.1.tar.gz
Algorithm Hash digest
SHA256 3ade25b82cac530a3c43e1f4ea9ccdee240c8e452a5d07560291af9131656086
MD5 43840a82e4e10d1fe2399d879ea170c3
BLAKE2b-256 04c1c38dd8434627fc7057207c002d359e9fae9d6eaa4f1cdd6d96aaa76c0151

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.23.1.tar.gz:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.23.1-py3-none-win_arm64.whl.

File metadata

  • Download URL: fnox_py-1.23.1-py3-none-win_arm64.whl
  • Upload date:
  • Size: 14.6 MB
  • Tags: Python 3, Windows ARM64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fnox_py-1.23.1-py3-none-win_arm64.whl
Algorithm Hash digest
SHA256 47e5a4977fb8d8a58935ddf22963b283766eb812db12fd4f45267cd14a18123f
MD5 327f89d65de21521e21cd1819e2bfedb
BLAKE2b-256 2ee3fb7c9142a5cd7dcd32ed90f8be99ea2df300342439d3fea810c21fd74cad

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.23.1-py3-none-win_arm64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.23.1-py3-none-win_amd64.whl.

File metadata

  • Download URL: fnox_py-1.23.1-py3-none-win_amd64.whl
  • Upload date:
  • Size: 15.5 MB
  • Tags: Python 3, Windows x86-64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fnox_py-1.23.1-py3-none-win_amd64.whl
Algorithm Hash digest
SHA256 55c330de2c85e8c51de0f662438302ac592242db5e6ae058c4d2f5e08f4c45f1
MD5 d3e0360afcfeb6cc65c3258c1400fd14
BLAKE2b-256 3bda66caaa3da6b422958ba9e0e41cc148cc2e98fe54e6200d4410eb32e34d8e

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.23.1-py3-none-win_amd64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.23.1-py3-none-manylinux_2_17_x86_64.whl.

File metadata

File hashes

Hashes for fnox_py-1.23.1-py3-none-manylinux_2_17_x86_64.whl
Algorithm Hash digest
SHA256 ac64ad673ff0c75b5b14909baf3b2cbea5afd36453ab5b3120d90cfff03005db
MD5 b78ad8efcd60e98ec9b7aeeb58d0ad90
BLAKE2b-256 e5917eb39d252156dd17109cab64019c6d60cbe00bebcf13b272d47cbe725e59

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.23.1-py3-none-manylinux_2_17_x86_64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.23.1-py3-none-manylinux_2_17_aarch64.whl.

File metadata

File hashes

Hashes for fnox_py-1.23.1-py3-none-manylinux_2_17_aarch64.whl
Algorithm Hash digest
SHA256 5bb63cc4ddc1279dd4b55445e63b9e69561552cb58a5feca0bdf68282cb28e45
MD5 39172579ced0ce296a42c4c3d24cc92e
BLAKE2b-256 af836125ddecca004e7b3f1a4e96fc39343b17279a85b17c43d273fa4ecc339d

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.23.1-py3-none-manylinux_2_17_aarch64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.23.1-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for fnox_py-1.23.1-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 b103e20d700f4a564c21e9722374433082b978a8eb6a43845c7b03c4feb17500
MD5 fbb1aceffa5bf30e372556a4c4e0a866
BLAKE2b-256 53563e514176d285d651683836b5fbb1ee116298207dbf8dbfc1f1778d3e501f

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.23.1-py3-none-macosx_11_0_arm64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.23.1-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for fnox_py-1.23.1-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 bb4258aa9e84bc8a490d1be55c8cdd315135225762b4c7c69011e7cdafb9bc23
MD5 b615eea29331a403aceb4e7ad5523503
BLAKE2b-256 c427a5df4650d5572d30a969f634cff126944d6c67a3ca9b7fba9468627f1b73

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.23.1-py3-none-macosx_10_12_x86_64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page