Python SDK for Secrevo — pull secrets from your Secrevo workspace and hand them to OpenAI, Anthropic, Stripe, AWS, or GitHub without ever materializing them in your code.
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
secrevo-sdk
The official Python SDK for Secrevo. Pull secrets from your Secrevo workspace and hand them to OpenAI, Anthropic, Stripe, AWS, or GitHub without ever materializing them in your code.
Install
pip install secrevo-sdk
If you want a specific integration installed alongside the SDK, install one of the extras:
pip install "secrevo-sdk[openai]"
pip install "secrevo-sdk[anthropic]"
pip install "secrevo-sdk[stripe]"
pip install "secrevo-sdk[aws]"
pip install "secrevo-sdk[github]"
pip install "secrevo-sdk[all]"
The integrations are imported lazily, so the base install only depends on
httpx.
30-second example
from secrevo_sdk import SecrevoClient
# Reads SECREVO_API_BASE_URL, SECREVO_WORKSPACE_ID, SECREVO_API_TOKEN.
# Run `secrevo login` once, then any process in the shell can do this.
with SecrevoClient.from_env() as secrevo:
openai = secrevo.openai_for("OPENAI_API_KEY")
result = openai.responses.create(
model="gpt-5",
input="What is the capital of France?",
)
print(result.output_text)
If you prefer explicit construction (e.g. binding to a specific workspace inside a multi-tenant app):
with SecrevoClient(
base_url="https://api.secrevo.com",
workspace_id="workspace-...",
token="agt_...",
) as secrevo:
...
Async
For FastAPI, batch LLM calls, or anything else that lives in an event
loop, the SDK ships an AsyncSecrevoClient with the same surface but
async methods. Integration helpers return the third-party async client
where one exists (openai.AsyncOpenAI, anthropic.AsyncAnthropic):
from secrevo_sdk import AsyncSecrevoClient
async with AsyncSecrevoClient.from_env() as secrevo:
openai = await secrevo.openai_for("OPENAI_API_KEY")
result = await openai.responses.create(
model="gpt-5",
input="What is the capital of France?",
)
print(result.output_text)
The OpenAI client is the canonical openai.OpenAI object. The same pattern
works for Anthropic (anthropic_for), Stripe (stripe_for), AWS
(aws_session_for) and GitHub (github_for). Every reveal goes through
the API and lands as a secret.value.read audit event in the workspace.
Reveal a value directly
revealed = secrevo.reveal_value("OPENAI_API_KEY")
print(revealed.value) # plaintext secret — handle with care
print(revealed.secret.name) # metadata is preserved alongside
reveal_value is the lowest-level API: every integration helper is built on
top of it. Treat the returned value as sensitive — pass it directly to
the consumer and let it go out of scope.
Errors you actually want to handle
The SDK distinguishes the failure modes that matter:
| Exception | When |
|---|---|
SecretNotFoundError |
Name doesn't resolve. The list of names that do live in this workspace is attached so you can spot typos. |
AgentRevokedError |
The agent token was paused or revoked. Mint a new one. |
RateLimitedError |
Hit a 429. retry_after_seconds is parsed from the response. |
IntegrationNotInstalledError |
You called openai_for(...) but openai isn't installed. The error names the exact pip install line. |
SecrevoAPIError |
Catch-all for everything else; carries the status_code. |
All of them inherit from SecrevoError, so except SecrevoError: is a valid
top-level guard.
Integration helpers
| Helper | Returns | Optional extra |
|---|---|---|
secrevo.openai_for(name) |
openai.OpenAI(api_key=...) |
secrevo-sdk[openai] |
secrevo.anthropic_for(name) |
anthropic.Anthropic(api_key=...) |
secrevo-sdk[anthropic] |
secrevo.stripe_for(name) |
stripe module with api_key set |
secrevo-sdk[stripe] |
secrevo.aws_session_for(...) |
boto3.Session(...) |
secrevo-sdk[aws] |
secrevo.github_for(name) |
github.Github(auth=Auth.Token(...)) |
secrevo-sdk[github] |
aws_session_for takes the names of two (or three) secrets:
session = secrevo.aws_session_for(
access_key_secret="AWS_ACCESS_KEY_ID",
secret_key_secret="AWS_SECRET_ACCESS_KEY",
region_name="us-east-1",
)
s3 = session.client("s3")
Local development
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install -e ".[test]"
pytest
The tests use httpx.MockTransport, so no network or real Secrevo account is
required.
Cross-references
- Product website: https://secrevo.com
- Status page: https://secrevo.com/status
- Privacy / Terms / DPA: https://secrevo.com/privacy, https://secrevo.com/terms, https://secrevo.com/dpa
- API repo: https://github.com/getsecrevo/api
- Infrastructure: https://github.com/getsecrevo/infrastructure
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file secrevo_sdk-0.3.0.tar.gz.
File metadata
- Download URL: secrevo_sdk-0.3.0.tar.gz
- Upload date:
- Size: 17.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
915351582b9ce5ab680425317105581f408d532caa198bf0731c181a6d653b85
|
|
| MD5 |
e13c2668d04eec61ace01cf1affaf65d
|
|
| BLAKE2b-256 |
1ad45b9b05a2e23de918108900395177858ee62675166df4adc31e643537d776
|
Provenance
The following attestation bundles were made for secrevo_sdk-0.3.0.tar.gz:
Publisher:
publish.yml on getsecrevo/sdk-python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
secrevo_sdk-0.3.0.tar.gz -
Subject digest:
915351582b9ce5ab680425317105581f408d532caa198bf0731c181a6d653b85 - Sigstore transparency entry: 1523118543
- Sigstore integration time:
-
Permalink:
getsecrevo/sdk-python@69d547259934a2db4eade84ae4c0a7e7f39f71c1 -
Branch / Tag:
refs/tags/v0.3.0 - Owner: https://github.com/getsecrevo
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@69d547259934a2db4eade84ae4c0a7e7f39f71c1 -
Trigger Event:
push
-
Statement type:
File details
Details for the file secrevo_sdk-0.3.0-py3-none-any.whl.
File metadata
- Download URL: secrevo_sdk-0.3.0-py3-none-any.whl
- Upload date:
- Size: 16.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1cee6d83c5f4dd4c5148ca2c0c35b86a219c098f02b86dd306172e4666af60f6
|
|
| MD5 |
aaf0f853c0e0c5af1665aea980683968
|
|
| BLAKE2b-256 |
d9138b6c5e871f37e9ac4e17beff1dbef82832e60271f60bc6b0c345af764291
|
Provenance
The following attestation bundles were made for secrevo_sdk-0.3.0-py3-none-any.whl:
Publisher:
publish.yml on getsecrevo/sdk-python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
secrevo_sdk-0.3.0-py3-none-any.whl -
Subject digest:
1cee6d83c5f4dd4c5148ca2c0c35b86a219c098f02b86dd306172e4666af60f6 - Sigstore transparency entry: 1523118598
- Sigstore integration time:
-
Permalink:
getsecrevo/sdk-python@69d547259934a2db4eade84ae4c0a7e7f39f71c1 -
Branch / Tag:
refs/tags/v0.3.0 - Owner: https://github.com/getsecrevo
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@69d547259934a2db4eade84ae4c0a7e7f39f71c1 -
Trigger Event:
push
-
Statement type:
