Skip to main content

Environment variable secret adapter for Fujin

Project description

Fujin Secrets - Environment Variable

Environment variable secret adapter for Fujin deployment tool. Reads secrets from a JSON-formatted environment variable, making it ideal for CI systems like GitHub Actions.

Installation

pip install fujin-secrets-env

Or with uv:

uv pip install fujin-secrets-env

Configuration

Add the following to your fujin.toml file:

[secrets]
adapter = "env"

[secrets.options]
source = "FUJIN_SECRETS"

The source option specifies the name of the environment variable containing the JSON-formatted secrets.

Usage

GitHub Actions

In your workflow file, pass all secrets as JSON using toJSON(secrets):

- name: Deploy
  run: uvx --from fujin-cli --with fujin-secrets-env fujin deploy
  env:
    FUJIN_SECRETS: ${{ toJSON(secrets) }}

Environment File

In your environment configuration (via env in fujin.toml), prefix secret values with $:

DEBUG=False
SECRET_KEY=$SECRET_KEY
DATABASE_URL=$DATABASE_URL
AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID

The $ prefix indicates to Fujin that the value should be resolved from the secrets source.

How it Works

The adapter:

  1. Reads the JSON string from the configured environment variable
  2. Parses the JSON into a dictionary
  3. For each secret reference (prefixed with $), looks up the value in the parsed JSON
  4. Returns the resolved environment variables

Example

Given this GitHub Actions secret setup:

  • SECRET_KEY: my-secret-key
  • DATABASE_URL: postgres://...

And this fujin.toml env configuration:

[[hosts]]
env = """
DEBUG=False
SECRET_KEY=$SECRET_KEY
DATABASE_URL=$DATABASE_URL
"""

The adapter will resolve $SECRET_KEY and $DATABASE_URL from the JSON passed via FUJIN_SECRETS.

Related

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fujin_secrets_env-0.26.1.tar.gz (2.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

fujin_secrets_env-0.26.1-py3-none-any.whl (3.6 kB view details)

Uploaded Python 3

File details

Details for the file fujin_secrets_env-0.26.1.tar.gz.

File metadata

  • Download URL: fujin_secrets_env-0.26.1.tar.gz
  • Upload date:
  • Size: 2.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fujin_secrets_env-0.26.1.tar.gz
Algorithm Hash digest
SHA256 2bed05d32fa6670bb442ad594344b59fb5157ceb85952654761b1b0c105800f6
MD5 b09a8840236ba6b6c10279ee309c00e9
BLAKE2b-256 3b13b1f9cd34ac70f592b68ba4f0cdf7847b4eba7b304b7b4fe937caf36d8998

See more details on using hashes here.

Provenance

The following attestation bundles were made for fujin_secrets_env-0.26.1.tar.gz:

Publisher: publish.yml on Tobi-De/fujin

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fujin_secrets_env-0.26.1-py3-none-any.whl.

File metadata

File hashes

Hashes for fujin_secrets_env-0.26.1-py3-none-any.whl
Algorithm Hash digest
SHA256 b8be8aeea19c758f1109e7493b5f12568beaa3e11284772ce78fb726883e40c8
MD5 3059995391f8be446bcdb814efb6a9e2
BLAKE2b-256 4063a01f77f197f6afe2e9c88bf85e965e8f7c729ccbc0ea29af6b061a1e0eac

See more details on using hashes here.

Provenance

The following attestation bundles were made for fujin_secrets_env-0.26.1-py3-none-any.whl:

Publisher: publish.yml on Tobi-De/fujin

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page