Skip to main content

Environment variable secret adapter for Fujin

Project description

Fujin Secrets - Environment Variable

Environment variable secret adapter for Fujin deployment tool. Reads secrets from a JSON-formatted environment variable, making it ideal for CI systems like GitHub Actions.

Installation

pip install fujin-secrets-env

Or with uv:

uv pip install fujin-secrets-env

Configuration

Add the following to your fujin.toml file:

[secrets]
adapter = "env"

[secrets.options]
source = "FUJIN_SECRETS"

The source option specifies the name of the environment variable containing the JSON-formatted secrets.

Usage

GitHub Actions

In your workflow file, pass all secrets as JSON using toJSON(secrets):

- name: Deploy
  run: uvx --from fujin-cli --with fujin-secrets-env fujin deploy
  env:
    FUJIN_SECRETS: ${{ toJSON(secrets) }}

Environment File

In your environment configuration (via env in fujin.toml), prefix secret values with $:

DEBUG=False
SECRET_KEY=$SECRET_KEY
DATABASE_URL=$DATABASE_URL
AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID

The $ prefix indicates to Fujin that the value should be resolved from the secrets source.

How it Works

The adapter:

  1. Reads the JSON string from the configured environment variable
  2. Parses the JSON into a dictionary
  3. For each secret reference (prefixed with $), looks up the value in the parsed JSON
  4. Returns the resolved environment variables

Example

Given this GitHub Actions secret setup:

  • SECRET_KEY: my-secret-key
  • DATABASE_URL: postgres://...

And this fujin.toml env configuration:

[[hosts]]
env = """
DEBUG=False
SECRET_KEY=$SECRET_KEY
DATABASE_URL=$DATABASE_URL
"""

The adapter will resolve $SECRET_KEY and $DATABASE_URL from the JSON passed via FUJIN_SECRETS.

Related

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fujin_secrets_env-0.27.1.tar.gz (2.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

fujin_secrets_env-0.27.1-py3-none-any.whl (3.6 kB view details)

Uploaded Python 3

File details

Details for the file fujin_secrets_env-0.27.1.tar.gz.

File metadata

  • Download URL: fujin_secrets_env-0.27.1.tar.gz
  • Upload date:
  • Size: 2.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fujin_secrets_env-0.27.1.tar.gz
Algorithm Hash digest
SHA256 10ac039974ed31eedb0a702741ed435e0130114eb9cc3e08beefb158a40a8db6
MD5 e8f7461987be9dec1c2877698007f1d4
BLAKE2b-256 e4260d7b73e3f8d065ab0585a5c2bdc97cf84fe602e3370ad00efc4f4296d7bd

See more details on using hashes here.

Provenance

The following attestation bundles were made for fujin_secrets_env-0.27.1.tar.gz:

Publisher: publish.yml on Tobi-De/fujin

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fujin_secrets_env-0.27.1-py3-none-any.whl.

File metadata

File hashes

Hashes for fujin_secrets_env-0.27.1-py3-none-any.whl
Algorithm Hash digest
SHA256 9787c7438451760c88c0aa6fb84982e225e925ab8825541d5e0419f28d92281c
MD5 4d2ec6748cd56ca31f75eec50538047c
BLAKE2b-256 399926fca325af13a39ee2be587a0c151f8078f83aae980a7f378367914283b3

See more details on using hashes here.

Provenance

The following attestation bundles were made for fujin_secrets_env-0.27.1-py3-none-any.whl:

Publisher: publish.yml on Tobi-De/fujin

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page