Skip to main content

MeVault Python SDK — request secrets from the local MeVault broker

Reason this release was yanked:

version mismatch with CLI binary — use 0.3.0

Project description

MeVault Python SDK

Request secrets from the MeVault broker in Python — no passwords, no env-var leakage, no subprocesses.

Requirements

  • Python 3.9+
  • Windows (the broker communicates over a Windows named pipe)
  • MeVault broker running and vault unlocked

Installation

pip install mevault

Or from source:

cd sdk/python
pip install -e .

Usage

Synchronous

from mevault import get_secret, get_optional_secret
from mevault.exceptions import VaultLocked, SecretNotFound, MeVaultUnavailable

# Raises SecretNotFound if the secret doesn't exist.
db_password = get_secret("DB_PASSWORD")

# Returns None (or a custom default) if the secret doesn't exist.
api_key = get_optional_secret("OPTIONAL_API_KEY", default="")

Asynchronous

import asyncio
from mevault import async_get_secret

async def main():
    token = await async_get_secret("AUTH_TOKEN")
    # use token ...

asyncio.run(main())

Error handling

Exception When raised
MeVaultUnavailable Broker not running / pipe not found
VaultLocked Vault is locked — user must unlock MeVault
SecretNotFound No secret with that name
AccessDenied Process not permitted to read the secret
SessionExpired Broker session expired — user must re-authenticate
ProtocolError Malformed or oversized broker response

All exceptions derive from MeVaultError.

from mevault.exceptions import MeVaultError

try:
    value = get_secret("MY_SECRET")
except MeVaultError as exc:
    # Handle any MeVault error generically.
    print(f"MeVault error: {exc}")

Security notes

  • Secret values are never logged or printed by the SDK.
  • SecretValue.__repr__ and __str__ return <redacted> to prevent accidental exposure in logs or tracebacks.
  • The SDK does not accept vault passwords and does not spawn subprocesses.
  • The SDK does not place secrets in environment variables.
  • Each request uses a fresh pipe connection, closed immediately after the response is received.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mevault-0.3.2.tar.gz (9.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

mevault-0.3.2-py3-none-win_amd64.whl (4.3 MB view details)

Uploaded Python 3Windows x86-64

File details

Details for the file mevault-0.3.2.tar.gz.

File metadata

  • Download URL: mevault-0.3.2.tar.gz
  • Upload date:
  • Size: 9.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for mevault-0.3.2.tar.gz
Algorithm Hash digest
SHA256 867657223423a4f0118a797b344b9af3b6e4703ae68bf09b06e7e9f73993ddaa
MD5 44e545683fc293532050883d09d42fc9
BLAKE2b-256 071c1ef230d8c502bb5af1c4a737cb70917c9db70faacc5fe2dbc9e9700495c3

See more details on using hashes here.

File details

Details for the file mevault-0.3.2-py3-none-win_amd64.whl.

File metadata

  • Download URL: mevault-0.3.2-py3-none-win_amd64.whl
  • Upload date:
  • Size: 4.3 MB
  • Tags: Python 3, Windows x86-64
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for mevault-0.3.2-py3-none-win_amd64.whl
Algorithm Hash digest
SHA256 402b93f86a3e9a8b64446a7ed770f969a0f883e9095ac7faea7c5eeb706fe99d
MD5 d0348e99b1319c787a73ac6f9a76e2e6
BLAKE2b-256 ca2f7deaded419f813c724d486bb10941272d7b9f5775fb63c671bea09b251cd

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page