Python wrapper for consuming Passbolt credentials in KNIME Python Script nodes via the knime-passbolt extension's Credential-to-Python bridge node.
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
knime-passbolt-py
Python wrapper for consuming Passbolt credentials in KNIME Python Script nodes, via the Credential to Python bridge node shipped in the knime-passbolt extension.
Install
pip install knime-passbolt-py
Usage
In a KNIME workflow, wire:
Passbolt Connector → Get Secret → Credential to Python → Python Script
In the Python Script node:
import knime.scripting.io as knio
import requests
cred = knio.input_objects[0] # PassboltSecret instance
with cred as c: # bytearray zeroed on __exit__
h = c.basic_auth_header()
resp = requests.get(url, headers={"Authorization": h.decode()})
Security model
The credential lives in the KNIME JVM, in the existing in-memory
CredentialCache owned by the upstream Get Secret node. This wrapper carries
only a loopback broker URL (http://127.0.0.1:<port>/v1/auth-header) and a
short-lived bearer token. The Authorization header is fetched on demand,
held in a bytearray, and zeroed (ctypes.memset) when the with block
exits.
__slots__prevents__dict__introspection.__repr__masks the broker URL only; never logs the token or any credential bytes.__reduce__re-pickles to the broker handshake — credential bytes are never serialized, even by accident.- Broker URL is validated to be loopback at every fetch; tampering with a saved pickle to redirect to an external host is rejected client-side.
Limits. In-process Python code can read the bytearray while the with
block is open. CPython does not provide hardware-enforced isolation. The
posture is on par with KNIME's own Credentials Configuration flow variable
combined with a disciplined helper class — better is not achievable in
CPython without sandboxing.
Compatibility
This package version (0.1.0) is compatible with the knime-passbolt KNIME extension version 0.1.1.20260520 and later. The full extension-↔-package compatibility matrix lives in CONTRACT.md.
License
Apache 2.0. See the LICENSE file shipped with this package, or
https://www.apache.org/licenses/LICENSE-2.0.
About
knime-passbolt-py is published by Datanautics GmbH
as the companion Python package for the knime-passbolt KNIME extension.
Source: https://github.com/DataNautics-GmbH/knime-passbolt-py Issues: https://github.com/DataNautics-GmbH/knime-passbolt-py/issues
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file knime_passbolt_py-0.1.0.tar.gz.
File metadata
- Download URL: knime_passbolt_py-0.1.0.tar.gz
- Upload date:
- Size: 11.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d0879fa106dba56d0fbfbefc19d4177ef9505b2704dc35b775bdf37ccdbeaaca
|
|
| MD5 |
c7bea8a4670a58a13bd64b5a9a034ab2
|
|
| BLAKE2b-256 |
8d0b57679866a9909d2d9c33494a2ea2c7c0396cde20168e0f546b01cf899a0b
|
Provenance
The following attestation bundles were made for knime_passbolt_py-0.1.0.tar.gz:
Publisher:
release.yml on DataNautics-GmbH/knime-passbolt-py
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
knime_passbolt_py-0.1.0.tar.gz -
Subject digest:
d0879fa106dba56d0fbfbefc19d4177ef9505b2704dc35b775bdf37ccdbeaaca - Sigstore transparency entry: 1587668267
- Sigstore integration time:
-
Permalink:
DataNautics-GmbH/knime-passbolt-py@1c38853937ff2a59dfe1dc1c3abb17c5d33946f1 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/DataNautics-GmbH
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@1c38853937ff2a59dfe1dc1c3abb17c5d33946f1 -
Trigger Event:
push
-
Statement type:
File details
Details for the file knime_passbolt_py-0.1.0-py3-none-any.whl.
File metadata
- Download URL: knime_passbolt_py-0.1.0-py3-none-any.whl
- Upload date:
- Size: 12.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a3c18b0d160678b1809ffd961a1c75578f5038b37ae43c53f4f421fa207a9586
|
|
| MD5 |
97277a4a6b413f23ec9093f6c7f67ab7
|
|
| BLAKE2b-256 |
3e2e5bff4180fe0d24c606ec52c3203a5d02046ab92023dce3fee8815ca22b50
|
Provenance
The following attestation bundles were made for knime_passbolt_py-0.1.0-py3-none-any.whl:
Publisher:
release.yml on DataNautics-GmbH/knime-passbolt-py
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
knime_passbolt_py-0.1.0-py3-none-any.whl -
Subject digest:
a3c18b0d160678b1809ffd961a1c75578f5038b37ae43c53f4f421fa207a9586 - Sigstore transparency entry: 1587668533
- Sigstore integration time:
-
Permalink:
DataNautics-GmbH/knime-passbolt-py@1c38853937ff2a59dfe1dc1c3abb17c5d33946f1 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/DataNautics-GmbH
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@1c38853937ff2a59dfe1dc1c3abb17c5d33946f1 -
Trigger Event:
push
-
Statement type:
