Skip to main content

Declarative secrets, every environment, any provider (Python SDK)

Project description

secretspec (Python SDK)

Python bindings for SecretSpec, a declarative secrets manager. This package is a thin client over a pyo3 extension that calls secretspec::resolve_json directly: resolution (providers, chains, profiles, generation, as_path) happens in the Rust core, so the SDK inherits every provider with no Python-side logic.

from secretspec import SecretSpec

resolved = (
    SecretSpec.builder()
    .with_provider("keyring://")
    .with_profile("production")
    .with_reason("boot web app")
    .load()
)

print(resolved.provider, resolved.profile)
db = resolved.secrets["DATABASE_URL"]
print(db.get)              # the value, or the file path for as_path secrets
resolved.set_as_env()      # export everything into os.environ

A missing required secret raises MissingRequiredError; any other failure raises SecretSpecError (with a stable .kind).

Cleanup

as_path secrets are materialized to temp files that outlive the call. Use the result as a context manager (with SecretSpec.builder()...load() as resolved:) or call resolved.close() when done so the secret files do not accumulate.

Value-free report

report() returns the inventory/preflight view: per-secret status and provenance, never a value. Unlike load(), it does not raise when a required secret is missing — it appears as a SecretReport with status "missing_required".

report = SecretSpec.builder().with_profile("production").report()
for s in report.secrets:
    print(s.name, s.status, s.required)

Native library

The Rust resolver is statically linked into a compiled pyo3 extension (secretspec._native, built from the secretspec-py-native crate) inside the installed wheel, so there is nothing to locate at runtime. The prebuilt abi3 wheels are self-contained (pip install secretspec). From a source checkout the extension is built on demand by the test harness via maturin develop, which needs maturin and a Rust toolchain on PATH.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

secretspec-0.13.0-cp39-abi3-manylinux_2_28_x86_64.whl (14.5 MB view details)

Uploaded CPython 3.9+manylinux: glibc 2.28+ x86-64

secretspec-0.13.0-cp39-abi3-manylinux_2_28_aarch64.whl (14.2 MB view details)

Uploaded CPython 3.9+manylinux: glibc 2.28+ ARM64

secretspec-0.13.0-cp39-abi3-macosx_11_0_arm64.whl (10.7 MB view details)

Uploaded CPython 3.9+macOS 11.0+ ARM64

File details

Details for the file secretspec-0.13.0-cp39-abi3-manylinux_2_28_x86_64.whl.

File metadata

File hashes

Hashes for secretspec-0.13.0-cp39-abi3-manylinux_2_28_x86_64.whl
Algorithm Hash digest
SHA256 81e92bd7d84d5b292aaacdbd6a2b2fc978631b9651463f892d5ec78717ef4a38
MD5 491792ce7875ccf1933be9e8eb82583c
BLAKE2b-256 1337c48c989eeb744aec28554e33075e8c6f8b2d8c94d16e033e1716be624f4d

See more details on using hashes here.

Provenance

The following attestation bundles were made for secretspec-0.13.0-cp39-abi3-manylinux_2_28_x86_64.whl:

Publisher: python-wheels.yml on cachix/secretspec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file secretspec-0.13.0-cp39-abi3-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for secretspec-0.13.0-cp39-abi3-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 42835331adb7e15cec8ea88fcda294fc1a980ec20a219025a8e4f20923463268
MD5 122691449ebabfbff3cc042be4f751c1
BLAKE2b-256 a4645a72c8e950a686f19e19f15ef532ef9230e58943c37e72133380df3edc69

See more details on using hashes here.

Provenance

The following attestation bundles were made for secretspec-0.13.0-cp39-abi3-manylinux_2_28_aarch64.whl:

Publisher: python-wheels.yml on cachix/secretspec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file secretspec-0.13.0-cp39-abi3-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for secretspec-0.13.0-cp39-abi3-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 296e3d2474209cb780db8d708301caaefb38d03ea23bf2775f589b18fb2bff02
MD5 51576bfd1bd88e0450a21a606c77aff8
BLAKE2b-256 8cc0f1f25cab3a9c77ba69cb7910f59af1075691570cb7a385092e46a8d83b22

See more details on using hashes here.

Provenance

The following attestation bundles were made for secretspec-0.13.0-cp39-abi3-macosx_11_0_arm64.whl:

Publisher: python-wheels.yml on cachix/secretspec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page