Python client for gosecrets — encrypted credentials management
Project description
gosecrets
Python client for gosecrets — encrypted credentials management. Read secrets encrypted by the Go CLI directly from your Python projects.
CLI Tool via Homebrew:
brew tap bilustek/tap
brew install gosecrets
or via go install:
go install github.com/bilustek/gosecrets/cmd/gosecrets@latest
Installation
pip install gosecrets
Quick Start
First, create your encrypted credentials using the gosecrets CLI:
gosecrets init # for development environment
gosecrets init --env production # or production environment
gosecrets edit # edit development environment
gosecrets edit --env production # or edit production environment
Then read them in Python:
from gosecrets import load
secrets = load()
print(secrets.string("database.password"))
print(secrets.integer("database.port"))
Usage
Loading Credentials
from gosecrets import load
# default: reads secrets/development.enc
secrets = load()
# specify environment
secrets = load(env="production")
# specify root directory
secrets = load(root="/app", env="production")
Environment resolution order:
envparameterGOSECRETS_ENVenvironment variable"development"(default)
Master key resolution order:
GOSECRETS_MASTER_KEYenvironment variableGOSECRETS_<ENV>_KEYenvironment variable (e.g.GOSECRETS_PRODUCTION_KEY)- Key file on disk (
secrets/<env>.key)
Accessing Values
All accessors support dot notation for nested keys:
secrets.get("database.password") # Any — raw value or None
secrets.string("api_key") # str — "" if missing
secrets.string("api_key", "default") # str — with fallback
secrets.integer("database.port") # int — 0 if missing
secrets.integer("port", 5432) # int — with fallback
secrets.floating("rate") # float — 0.0 if missing
secrets.boolean("debug") # bool — False if missing
secrets.mapping("database") # dict | None
secrets.has("api_key") # bool
secrets.keys() # list[str] — all dot-notation paths
secrets.all() # dict — entire credentials
Compatibility
This package reads credentials encrypted by the gosecrets CLI (AES-256-GCM). It is fully compatible with credentials created by the Go library.
Contributor(s)
- Uğur "vigo" Özyılmazel - Creator, maintainer
Contribute
All PR’s are welcome!
fork(https://github.com/bilustek/gosecrets-py/fork)- Create your
branch(git checkout -b my-feature) commityours (git commit -am 'add some functionality')pushyourbranch(git push origin my-feature)- Then create a new Pull Request!
License
This project is licensed under MIT
This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the code of conduct.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file gosecrets-0.1.0.tar.gz.
File metadata
- Download URL: gosecrets-0.1.0.tar.gz
- Upload date:
- Size: 8.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9015f10080ea1723db059d915918c0a479a8b6047a50704548afccf2e9b7cb4c
|
|
| MD5 |
d85e05c9f68c2e43764c767565a31e03
|
|
| BLAKE2b-256 |
bfe1c81d09dea3915c15e00b59e04e836426fb74d947afd9b5b344ba471ddf5b
|
File details
Details for the file gosecrets-0.1.0-py3-none-any.whl.
File metadata
- Download URL: gosecrets-0.1.0-py3-none-any.whl
- Upload date:
- Size: 6.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
75abe90c81db4f3c62008cf1cabb3acb8971f4566aa6b7e3e10dc40f5adecca5
|
|
| MD5 |
5f314e23f88b360c00577c5c00419f0e
|
|
| BLAKE2b-256 |
8365bb4fb205191c91fb54c8927411bed30b5aedd6f1fa93edb2d5ccd60f6b15
|
