Skip to main content

MeVault Python SDK — request secrets from the local MeVault broker

Reason this release was yanked:

no longer in use

Project description

MeVault Python SDK

Request secrets from the MeVault broker in Python — no passwords, no env-var leakage, no subprocesses.

Requirements

  • Python 3.9+
  • Windows (the broker communicates over a Windows named pipe)
  • MeVault broker running and vault unlocked

Installation

pip install mevault

Or from source:

cd sdk/python
pip install -e .

Usage

Synchronous

from mevault import get_secret, get_optional_secret
from mevault.exceptions import VaultLocked, SecretNotFound, MeVaultUnavailable

# Raises SecretNotFound if the secret doesn't exist.
db_password = get_secret("DB_PASSWORD")

# Returns None (or a custom default) if the secret doesn't exist.
api_key = get_optional_secret("OPTIONAL_API_KEY", default="")

Asynchronous

import asyncio
from mevault import async_get_secret

async def main():
    token = await async_get_secret("AUTH_TOKEN")
    # use token ...

asyncio.run(main())

Error handling

Exception When raised
MeVaultUnavailable Broker not running / pipe not found
VaultLocked Vault is locked — user must unlock MeVault
SecretNotFound No secret with that name
AccessDenied Process not permitted to read the secret
SessionExpired Broker session expired — user must re-authenticate
ProtocolError Malformed or oversized broker response

All exceptions derive from MeVaultError.

from mevault.exceptions import MeVaultError

try:
    value = get_secret("MY_SECRET")
except MeVaultError as exc:
    # Handle any MeVault error generically.
    print(f"MeVault error: {exc}")

Security notes

  • Secret values are never logged or printed by the SDK.
  • SecretValue.__repr__ and __str__ return <redacted> to prevent accidental exposure in logs or tracebacks.
  • The SDK does not accept vault passwords and does not spawn subprocesses.
  • The SDK does not place secrets in environment variables.
  • Each request uses a fresh pipe connection, closed immediately after the response is received.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mevault-0.1.0.tar.gz (9.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

mevault-0.1.0-py3-none-any.whl (8.4 kB view details)

Uploaded Python 3

File details

Details for the file mevault-0.1.0.tar.gz.

File metadata

  • Download URL: mevault-0.1.0.tar.gz
  • Upload date:
  • Size: 9.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for mevault-0.1.0.tar.gz
Algorithm Hash digest
SHA256 be5a4a7fc4d10e34e381791cad4e666b8bdd6d2af6d06b7d6eb42730d93d2a50
MD5 46c4bc535b3541433b097d3b4f07991f
BLAKE2b-256 be9fd6113a05db6f9ed425eb9554e64d5ec7e19de8d9b2d7f2382a60967d87ff

See more details on using hashes here.

File details

Details for the file mevault-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: mevault-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 8.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for mevault-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 c2434959dcf141818617f7f9d8107f67b615f718d04747caece682871e2738be
MD5 6301cd7cead24e10867294106f09d8cf
BLAKE2b-256 4b73ef8e1fdec5a2b1d2dcd8249538ede6e29cb9f1cb435fcf19a6aa43b157a5

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page