Skip to main content

Environment variable secret adapter for Fujin

Project description

Fujin Secrets - Environment Variable

Environment variable secret adapter for Fujin deployment tool. Reads secrets from a JSON-formatted environment variable, making it ideal for CI systems like GitHub Actions.

Installation

pip install fujin-secrets-env

Or with uv:

uv pip install fujin-secrets-env

Configuration

Add the following to your fujin.toml file:

[secrets]
adapter = "env"

[secrets.options]
source = "FUJIN_SECRETS"

The source option specifies the name of the environment variable containing the JSON-formatted secrets.

Usage

GitHub Actions

In your workflow file, pass all secrets as JSON using toJSON(secrets):

- name: Deploy
  run: uvx --from fujin-cli --with fujin-secrets-env fujin deploy
  env:
    FUJIN_SECRETS: ${{ toJSON(secrets) }}

Environment File

In your environment configuration (via env in fujin.toml), prefix secret values with $:

DEBUG=False
SECRET_KEY=$SECRET_KEY
DATABASE_URL=$DATABASE_URL
AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID

The $ prefix indicates to Fujin that the value should be resolved from the secrets source.

How it Works

The adapter:

  1. Reads the JSON string from the configured environment variable
  2. Parses the JSON into a dictionary
  3. For each secret reference (prefixed with $), looks up the value in the parsed JSON
  4. Returns the resolved environment variables

Example

Given this GitHub Actions secret setup:

  • SECRET_KEY: my-secret-key
  • DATABASE_URL: postgres://...

And this fujin.toml env configuration:

[[hosts]]
env = """
DEBUG=False
SECRET_KEY=$SECRET_KEY
DATABASE_URL=$DATABASE_URL
"""

The adapter will resolve $SECRET_KEY and $DATABASE_URL from the JSON passed via FUJIN_SECRETS.

Related

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fujin_secrets_env-0.26.0.tar.gz (2.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

fujin_secrets_env-0.26.0-py3-none-any.whl (3.6 kB view details)

Uploaded Python 3

File details

Details for the file fujin_secrets_env-0.26.0.tar.gz.

File metadata

  • Download URL: fujin_secrets_env-0.26.0.tar.gz
  • Upload date:
  • Size: 2.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fujin_secrets_env-0.26.0.tar.gz
Algorithm Hash digest
SHA256 4cfacc44837fa132740af9aa5f102cc561e9a3a9225376396d855194f7125809
MD5 f4ec03c7e2644c8b4978484ada363303
BLAKE2b-256 5c4a64956ea94a8373261fd7d76f484dd78bd25a4c71a90a5d3e2efcf64377e2

See more details on using hashes here.

Provenance

The following attestation bundles were made for fujin_secrets_env-0.26.0.tar.gz:

Publisher: publish.yml on Tobi-De/fujin

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fujin_secrets_env-0.26.0-py3-none-any.whl.

File metadata

File hashes

Hashes for fujin_secrets_env-0.26.0-py3-none-any.whl
Algorithm Hash digest
SHA256 fea47e164c8fc50be230e9ea1696ed2dec9054b5cf5074e9998bdaf21555f8c1
MD5 45a85516964aa26cf297fb7023525d20
BLAKE2b-256 8f2624958968a34b9138a56a8f21d47e55632209048320b6a6ef1b1050e7d668

See more details on using hashes here.

Provenance

The following attestation bundles were made for fujin_secrets_env-0.26.0-py3-none-any.whl:

Publisher: publish.yml on Tobi-De/fujin

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page