Skip to main content

MeVault Python SDK — request secrets from the local MeVault broker

Project description

MeVault Python SDK

Request secrets from the MeVault broker in Python — no passwords, no env-var leakage, no subprocesses.

Requirements

  • Python 3.9+
  • Windows (the broker communicates over a Windows named pipe)
  • MeVault broker running and vault unlocked

Installation

pip install mevault

Or from source:

cd sdk/python
pip install -e .

Usage

Synchronous

from mevault import get_secret, get_optional_secret
from mevault.exceptions import VaultLocked, SecretNotFound, MeVaultUnavailable

# Raises SecretNotFound if the secret doesn't exist.
db_password = get_secret("DB_PASSWORD")

# Returns None (or a custom default) if the secret doesn't exist.
api_key = get_optional_secret("OPTIONAL_API_KEY", default="")

Asynchronous

import asyncio
from mevault import async_get_secret

async def main():
    token = await async_get_secret("AUTH_TOKEN")
    # use token ...

asyncio.run(main())

Error handling

Exception When raised
MeVaultUnavailable Broker not running / pipe not found
VaultLocked Vault is locked — user must unlock MeVault
SecretNotFound No secret with that name
AccessDenied Process not permitted to read the secret
SessionExpired Broker session expired — user must re-authenticate
ProtocolError Malformed or oversized broker response

All exceptions derive from MeVaultError.

from mevault.exceptions import MeVaultError

try:
    value = get_secret("MY_SECRET")
except MeVaultError as exc:
    # Handle any MeVault error generically.
    print(f"MeVault error: {exc}")

Security notes

  • Secret values are never logged or printed by the SDK.
  • SecretValue.__repr__ and __str__ return <redacted> to prevent accidental exposure in logs or tracebacks.
  • The SDK does not accept vault passwords and does not spawn subprocesses.
  • The SDK does not place secrets in environment variables.
  • Each request uses a fresh pipe connection, closed immediately after the response is received.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mevault-0.3.0.tar.gz (9.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

mevault-0.3.0-py3-none-win_amd64.whl (4.3 MB view details)

Uploaded Python 3Windows x86-64

File details

Details for the file mevault-0.3.0.tar.gz.

File metadata

  • Download URL: mevault-0.3.0.tar.gz
  • Upload date:
  • Size: 9.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for mevault-0.3.0.tar.gz
Algorithm Hash digest
SHA256 1713d0cbcd2faafe7465337eec96aa4b9587d3e08ba3f453549fef9fcb3050bd
MD5 2c12e6b4b99adaab88bccfcf867ab306
BLAKE2b-256 ea38881d782a24e24a0f472bca6653b5dab44ead11ddfc436c9e7a3304ec70b3

See more details on using hashes here.

File details

Details for the file mevault-0.3.0-py3-none-win_amd64.whl.

File metadata

  • Download URL: mevault-0.3.0-py3-none-win_amd64.whl
  • Upload date:
  • Size: 4.3 MB
  • Tags: Python 3, Windows x86-64
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for mevault-0.3.0-py3-none-win_amd64.whl
Algorithm Hash digest
SHA256 38eb19f572b5eb036633d7e984dbcd1d9ca503a39551a9d0d3d1557c2e9b397f
MD5 1bb19d8519a9031e9ada09b4ec08580f
BLAKE2b-256 c20c64a2a4ffbc38fbbc2b7487efdb26a84503f225c9ee33c8a8fde375387c13

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page