Keeper Secrets Manager SDK helper for managing configurations key-value storage.
Project description
Keeper Secrets Manager Storage
The Keeper Secrets Manager Storage module for working with custom key-value storages, creating and managing configuration files. To be used with keeper-secrets-manager-core.
For more information see our official documentation page https://docs.keeper.io/secrets-manager/secrets-manager
Change Log
1.1.0
- Raised minimum Python version to 3.9.2. Python 3.9.0 and 3.9.1 are excluded by the transitive
cryptography>=46.0.5constraint pulled in viakeeper-secrets-manager-core>=17.2.0. Users on Python 3.6 – 3.8 should pin tokeeper-secrets-manager-storage<1.1.0; pip will auto-route them. - Updated minimum
keeper-secrets-manager-coredependency to 17.2.0 - Added
threading.RLockto all backends — prevents data corruption under concurrent use - Replaced MD5 with SHA-256 for change-detection hashing; fixed Azure AES-GCM nonce from 16 to 12 bytes (NIST SP 800-38D)
- Encrypt/decrypt failures now raise instead of silently corrupting storage state
delete_all()removes the backing config file instead of writing an empty encrypted blob__save_configwrites to disk before updating in-memory state — prevents divergence on write failuredecrypt_config()default changed fromautosave=Truetoautosave=False— stray calls no longer overwrite the encrypted file with plaintext__load_configcheck fixed fromif config:toif config is not None:— a plaintext{}config is now correctly re-encrypted on first load_get_instance_regionandread_config(AWS Secrets Manager provider) now raise on failure instead of silently returning empty valuesAwsSecretStorage.__init__now eagerly loads the config on construction, matching all other backendsAwsSecretStorage.__load_config()now raises when the underlying AWS Secrets Manager call fails — previously the exception fromread_configwas logged but not propagated, leavingconfig = {}with no error- Non-UTF8 bytes that are not a valid encrypted blob now raise a clear
"is not a valid encrypted config file"exception across all encrypted backends (nfast, AWS KMS, Azure KeyVault) - HsmNfast and AwsKms now raise
"is not a valid encrypted config file"when decryption produces empty output — previously HsmNfast leaked a bareJSONDecodeErrorand AwsKms logged silently without raising, unlike Azure __save_configandcreate_config_file_if_missingnow use atomic writes (write to<path>.tmp, thenos.replace) across all three encrypted file backends (Azure KeyVault, AWS KMS, HsmNfast) — a write failure no longer truncates the existing config to 0 bytes
1.0.2
- Reverted mandatory boto3 dependency; boto3 remains optional via lazy import
1.0.1
- Added new storage type storage type for AWS Secrets Manager
1.0.0
- Initial release
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file keeper_secrets_manager_storage-1.1.0.tar.gz.
File metadata
- Download URL: keeper_secrets_manager_storage-1.1.0.tar.gz
- Upload date:
- Size: 27.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
60528c43b3ec18abae2b4a1a06258e1ebd4003dbf1af7a77e0a73234a24f9de0
|
|
| MD5 |
0ca954b80623ffa33834979ece1e1712
|
|
| BLAKE2b-256 |
14bc94be34dc4297cfd60f78c27e64d41ef36fff9dba74989c4eb742808d7772
|
Provenance
The following attestation bundles were made for keeper_secrets_manager_storage-1.1.0.tar.gz:
Publisher:
publish.pypi.sdk.storage.yml on Keeper-Security/secrets-manager
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
keeper_secrets_manager_storage-1.1.0.tar.gz -
Subject digest:
60528c43b3ec18abae2b4a1a06258e1ebd4003dbf1af7a77e0a73234a24f9de0 - Sigstore transparency entry: 1694210011
- Sigstore integration time:
-
Permalink:
Keeper-Security/secrets-manager@338fa98ed124f8618d75a9779a90ea082d50e549 -
Branch / Tag:
refs/heads/release/sdk/python/storage/v1.1.0 - Owner: https://github.com/Keeper-Security
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.pypi.sdk.storage.yml@338fa98ed124f8618d75a9779a90ea082d50e549 -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file keeper_secrets_manager_storage-1.1.0-py3-none-any.whl.
File metadata
- Download URL: keeper_secrets_manager_storage-1.1.0-py3-none-any.whl
- Upload date:
- Size: 21.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
655af4569665d9cd0ed658f1684a9355d70adf03ac5b93495e40da8f9f9249b7
|
|
| MD5 |
f999cf3effa5997708ab8b19bf973f76
|
|
| BLAKE2b-256 |
4ceb244018d968d61a4ca2e9cb4f28126a5416913fc9082c213d9e403c708ec5
|
Provenance
The following attestation bundles were made for keeper_secrets_manager_storage-1.1.0-py3-none-any.whl:
Publisher:
publish.pypi.sdk.storage.yml on Keeper-Security/secrets-manager
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
keeper_secrets_manager_storage-1.1.0-py3-none-any.whl -
Subject digest:
655af4569665d9cd0ed658f1684a9355d70adf03ac5b93495e40da8f9f9249b7 - Sigstore transparency entry: 1694210075
- Sigstore integration time:
-
Permalink:
Keeper-Security/secrets-manager@338fa98ed124f8618d75a9779a90ea082d50e549 -
Branch / Tag:
refs/heads/release/sdk/python/storage/v1.1.0 - Owner: https://github.com/Keeper-Security
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.pypi.sdk.storage.yml@338fa98ed124f8618d75a9779a90ea082d50e549 -
Trigger Event:
workflow_dispatch
-
Statement type: