Skip to main content

Mirrored key provider for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_keyproviders_mirrored Discord

Swarmauri Mirrored Key Provider

An asynchronous failover key provider that keeps a primary provider as the system of record while best-effort mirroring material to a secondary provider for redundancy.

Features

  • Write operations (create, import, rotate, destroy) execute on the primary provider first and then mirror to the secondary provider when possible.
  • mirror_mode governs what is replicated: public_only (default) mirrors only public material, full attempts to replicate private material when export policy allows, and none disables replication while retaining read failover.
  • Read operations (get_key, get_public_jwk, jwks, list_versions, random_bytes, hkdf) favor the primary provider and fail over to the secondary provider when fail_open_reads is enabled.
  • JWKS responses merge keys from both providers, preferring primary entries when the same kid appears in both sets.
  • Maintains an in-memory mapping of mirrored key identifiers to coordinate destroy operations and failover reads?persist or rebuild this mapping if you need cross-process continuity.
  • Optional extras add canonical JSON (jsoncanon) and CBOR (cbor) support for consumers that require deterministic encodings.

Installation

Install the package with your preferred Python packaging tool:

pip install swarmauri_keyproviders_mirrored
poetry add swarmauri_keyproviders_mirrored
uv pip install swarmauri_keyproviders_mirrored

Enable extras for canonicalization when needed:

pip install swarmauri_keyproviders_mirrored[jsoncanon]
pip install swarmauri_keyproviders_mirrored[cbor]

Usage

The provider mirrors newly created keys to the secondary provider and fails open on reads when the primary becomes unavailable.

import asyncio

from swarmauri_keyproviders_mirrored import MirroredKeyProvider
from swarmauri_keyprovider_local import LocalKeyProvider
from swarmauri_core.key_providers.types import KeySpec, KeyAlg, KeyClass, ExportPolicy
from swarmauri_core.crypto.types import KeyUse


async def main() -> None:
    primary = LocalKeyProvider()
    secondary = LocalKeyProvider()
    provider = MirroredKeyProvider(
        primary,
        secondary,
        mirror_mode="public_only",
        fail_open_reads=True,
    )

    spec = KeySpec(
        klass=KeyClass.asymmetric,
        alg=KeyAlg.ED25519,
        uses=(KeyUse.SIGN, KeyUse.VERIFY),
        export_policy=ExportPolicy.SECRET_WHEN_ALLOWED,
    )

    created = await provider.create_key(spec)
    jwk = await provider.get_public_jwk(created.kid, created.version)

    await primary.destroy_key(created.kid, created.version)
    mirrored = await provider.get_public_jwk(created.kid, created.version)

    assert mirrored["x"] == jwk["x"]
    print(f"Failover retrieved Ed25519 key from secondary provider: {mirrored['kid']}")


if __name__ == "__main__":
    asyncio.run(main())

In the example above the primary key is destroyed after mirroring, forcing MirroredKeyProvider to serve the public key from the secondary provider. Although mirrored keys may have different kid values, the public material remains identical and ready for verification.

Mirror Modes

  • public_only (default) ? Mirrors public key material and JWKS entries when available.
  • full ? Attempts to mirror private material when export policy permits, falling back to public-only replication otherwise.
  • none ? Disables replication while still permitting read failover to the secondary provider.

Failover Semantics

The fail_open_reads flag controls whether read operations fall back to the secondary provider when the primary raises an exception. Disable it to surface primary errors immediately.

Entry Point

The provider registers under the swarmauri.key_providers entry point as MirroredKeyProvider.

Want to help?

If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_keyproviders_mirrored-0.11.0.dev1.tar.gz (10.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_keyproviders_mirrored-0.11.0.dev1.tar.gz.

File metadata

  • Download URL: swarmauri_keyproviders_mirrored-0.11.0.dev1.tar.gz
  • Upload date:
  • Size: 10.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_keyproviders_mirrored-0.11.0.dev1.tar.gz
Algorithm Hash digest
SHA256 9a21764fb76c10b8f202de9271fa2f8b8f8b7a6c0b5e3194ff3a4f482a3547fe
MD5 fc92dc67417faf063c21a52a9bee2e77
BLAKE2b-256 169d7c5c486510df5c97693e1914d0ece2ae754fd4480e6d9af0618ae7541965

See more details on using hashes here.

File details

Details for the file swarmauri_keyproviders_mirrored-0.11.0.dev1-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_keyproviders_mirrored-0.11.0.dev1-py3-none-any.whl
  • Upload date:
  • Size: 11.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_keyproviders_mirrored-0.11.0.dev1-py3-none-any.whl
Algorithm Hash digest
SHA256 987bf5ec66e710fa6ccfa54a82cdd810bf9b9ef6db55ce06f202373d373df29d
MD5 3c661aff0226a4736e5024ad4316b969
BLAKE2b-256 344d2870a4b406f13220feee8874ca1ab5e0e315261e68fc0f96a045b28f7dab

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page