Type-safe secrets management and code generation for GCloud Secret Manager.
Project description
Vaultscribe
Vaultscribe is a tool for managing secrets. It's intended for solo devs and small teams. It uses Google Cloud Secret Manager to store secrets, and can sync secrets to multiple targets (GCloud Run, Cloudflare Pages, Github Actions, etc). It also generates code so you can access the secrets in your apps.
GCloud Secret Manager offers 6 secrets for free. Vaultscribe bundles up all your secrets, and stores them in a single 'secret slot' - meaning you can practically store as many * secrets as you like.
Installation
uv add --dev vaultscribe
or
pip install vaultscribe
Quickstart
Prerequisites:
- Google Cloud SDK CLI installed, with Secret Manager set up (see below).
Quick Usage
# Scaffold a new project. This will create a vaultscribe.toml file.
vs init
# Start a time-limited authenticated session - best practice for not leaving an active gcloud session running
vs shell
# Fetch secrets from GCloud Secret Manager for 'prod' environment, store in '.secrets.prod' file. Unset secrets are left blank.
vs pull prod
# Push secrets from '.secrets.prod' to GCloud Secret Manager for 'prod' environment. Also generates code and syncs secrets to deploy targets.
vs push prod
# Fetch secrets from GCloud Secret Manager and display
vs show prod
Vaultscribe Concepts
More details here.
Vaultscribe Commands
More details here.
GCloud Secrets Manager first time setup
# Enable Secret Manager for your project
gcloud services enable secretmanager.googleapis.com --project=YOUR_PROJECT_ID
GCloud Secret Manager Quotas
Each secret 'slot' in GCloud Secret Manager has a 64KiB size limit. See here. So while, to paraphrase, "64KiB ought to be enough for anybody", you may hit this limit if you have a very large number of secrets, or if you store really big secrets. If you hit the limit, you probably need a more 'enterprise-y' secrets manager.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file vaultscribe-0.13.0.tar.gz.
File metadata
- Download URL: vaultscribe-0.13.0.tar.gz
- Upload date:
- Size: 155.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
935bb02055a6a272427e65285036a13adcdd7c5ebbb25774715267fe9d52414f
|
|
| MD5 |
5fa7fda4b3b5367ada426240c1a7a316
|
|
| BLAKE2b-256 |
577c76ca81ef97602a08daf3162c50badcdfb974b2b43f3f0157b5f953086e35
|
Provenance
The following attestation bundles were made for vaultscribe-0.13.0.tar.gz:
Publisher:
release-please.yml on lawther/vaultscribe
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
vaultscribe-0.13.0.tar.gz -
Subject digest:
935bb02055a6a272427e65285036a13adcdd7c5ebbb25774715267fe9d52414f - Sigstore transparency entry: 1576182963
- Sigstore integration time:
-
Permalink:
lawther/vaultscribe@9685c7f46d7b8dfb27a41f80fa5c64cb24d394d2 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/lawther
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release-please.yml@9685c7f46d7b8dfb27a41f80fa5c64cb24d394d2 -
Trigger Event:
push
-
Statement type:
File details
Details for the file vaultscribe-0.13.0-py3-none-any.whl.
File metadata
- Download URL: vaultscribe-0.13.0-py3-none-any.whl
- Upload date:
- Size: 72.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
65dfd785c8044c2561b95e7d95ee50a8d7e73645c23fbd4d51be69bd23b4bf5d
|
|
| MD5 |
91d870b51cf664e3335e6b2f0363e45e
|
|
| BLAKE2b-256 |
8bac4a8ff0ec62ded33c2fe2bf18b6918d9ae8afdc4ba51443295aa48061c8a7
|
Provenance
The following attestation bundles were made for vaultscribe-0.13.0-py3-none-any.whl:
Publisher:
release-please.yml on lawther/vaultscribe
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
vaultscribe-0.13.0-py3-none-any.whl -
Subject digest:
65dfd785c8044c2561b95e7d95ee50a8d7e73645c23fbd4d51be69bd23b4bf5d - Sigstore transparency entry: 1576182967
- Sigstore integration time:
-
Permalink:
lawther/vaultscribe@9685c7f46d7b8dfb27a41f80fa5c64cb24d394d2 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/lawther
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release-please.yml@9685c7f46d7b8dfb27a41f80fa5c64cb24d394d2 -
Trigger Event:
push
-
Statement type: