Skip to main content

Keeper Secrets Manager SDK helper for managing configurations key-value storage.

Project description

Keeper Secrets Manager Storage

The Keeper Secrets Manager Storage module for working with custom key-value storages, creating and managing configuration files. To be used with keeper-secrets-manager-core.

For more information see our official documentation page https://docs.keeper.io/secrets-manager/secrets-manager

Change Log

1.1.0

  • Raised minimum Python version to 3.9.2. Python 3.9.0 and 3.9.1 are excluded by the transitive cryptography>=46.0.5 constraint pulled in via keeper-secrets-manager-core>=17.2.0. Users on Python 3.6 – 3.8 should pin to keeper-secrets-manager-storage<1.1.0; pip will auto-route them.
  • Updated minimum keeper-secrets-manager-core dependency to 17.2.0
  • Added threading.RLock to all backends — prevents data corruption under concurrent use
  • Replaced MD5 with SHA-256 for change-detection hashing; fixed Azure AES-GCM nonce from 16 to 12 bytes (NIST SP 800-38D)
  • Encrypt/decrypt failures now raise instead of silently corrupting storage state
  • delete_all() removes the backing config file instead of writing an empty encrypted blob
  • __save_config writes to disk before updating in-memory state — prevents divergence on write failure
  • decrypt_config() default changed from autosave=True to autosave=False — stray calls no longer overwrite the encrypted file with plaintext
  • __load_config check fixed from if config: to if config is not None: — a plaintext {} config is now correctly re-encrypted on first load
  • _get_instance_region and read_config (AWS Secrets Manager provider) now raise on failure instead of silently returning empty values
  • AwsSecretStorage.__init__ now eagerly loads the config on construction, matching all other backends
  • AwsSecretStorage.__load_config() now raises when the underlying AWS Secrets Manager call fails — previously the exception from read_config was logged but not propagated, leaving config = {} with no error
  • Non-UTF8 bytes that are not a valid encrypted blob now raise a clear "is not a valid encrypted config file" exception across all encrypted backends (nfast, AWS KMS, Azure KeyVault)
  • HsmNfast and AwsKms now raise "is not a valid encrypted config file" when decryption produces empty output — previously HsmNfast leaked a bare JSONDecodeError and AwsKms logged silently without raising, unlike Azure
  • __save_config and create_config_file_if_missing now use atomic writes (write to <path>.tmp, then os.replace) across all three encrypted file backends (Azure KeyVault, AWS KMS, HsmNfast) — a write failure no longer truncates the existing config to 0 bytes

1.0.2

  • Reverted mandatory boto3 dependency; boto3 remains optional via lazy import

1.0.1

  • Added new storage type storage type for AWS Secrets Manager

1.0.0

  • Initial release

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

keeper_secrets_manager_storage-1.1.0.tar.gz (27.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file keeper_secrets_manager_storage-1.1.0.tar.gz.

File metadata

File hashes

Hashes for keeper_secrets_manager_storage-1.1.0.tar.gz
Algorithm Hash digest
SHA256 60528c43b3ec18abae2b4a1a06258e1ebd4003dbf1af7a77e0a73234a24f9de0
MD5 0ca954b80623ffa33834979ece1e1712
BLAKE2b-256 14bc94be34dc4297cfd60f78c27e64d41ef36fff9dba74989c4eb742808d7772

See more details on using hashes here.

Provenance

The following attestation bundles were made for keeper_secrets_manager_storage-1.1.0.tar.gz:

Publisher: publish.pypi.sdk.storage.yml on Keeper-Security/secrets-manager

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file keeper_secrets_manager_storage-1.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for keeper_secrets_manager_storage-1.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 655af4569665d9cd0ed658f1684a9355d70adf03ac5b93495e40da8f9f9249b7
MD5 f999cf3effa5997708ab8b19bf973f76
BLAKE2b-256 4ceb244018d968d61a4ca2e9cb4f28126a5416913fc9082c213d9e403c708ec5

See more details on using hashes here.

Provenance

The following attestation bundles were made for keeper_secrets_manager_storage-1.1.0-py3-none-any.whl:

Publisher: publish.pypi.sdk.storage.yml on Keeper-Security/secrets-manager

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page