vendor_fabric.secrets_sync.models¶
Configuration and result models for native SecretSync pipelines.
Module Contents¶
Classes¶
Pipeline operation types. |
|
Diff output formats. |
|
Authenticated provider material passed through to the SecretSync binding. |
|
Options for pipeline execution. |
|
Logging configuration. |
|
Vault AppRole authentication config. |
|
Vault token authentication config. |
|
Vault Kubernetes authentication config. |
|
Vault authentication config. |
|
Vault connection config. |
|
Control Tower execution role config. |
|
AWS Control Tower config. |
|
AWS execution context config. |
|
AWS config. |
|
Vault source config. |
|
AWS Secrets Manager source config. |
|
Source config. |
|
Vault merge store config. |
|
S3 merge store config. |
|
Merge store config. |
|
Sync destination target. |
|
Dynamic target account-name routing pattern. |
|
Runtime-discovered target config. |
|
Merge phase settings. |
|
Sync phase settings. |
|
Pipeline settings. |
|
Public configuration information. |
|
Operation detail counts. |
|
Diff summary for one target. |
|
Outcome for one target and phase. |
|
Aggregate pipeline result. |
|
SecretSync pipeline configuration. |
Functions¶
Return a redacted exception string. |
Data¶
API¶
- vendor_fabric.secrets_sync.models.AWS_ACCOUNT_ID_RE = 'compile(...)'¶
- vendor_fabric.secrets_sync.models.ENV_PATTERN = 'compile(...)'¶
- vendor_fabric.secrets_sync.models.MAX_ENV_VALUE_LENGTH = 10000¶
- class vendor_fabric.secrets_sync.models.SyncOperation¶
Bases:
enum.StrEnumPipeline operation types.
Initialization
Initialize self. See help(type(self)) for accurate signature.
- MERGE = 'merge'¶
- SYNC = 'sync'¶
- PIPELINE = 'pipeline'¶
- capitalize()¶
- casefold()¶
- center()¶
- count()¶
- encode()¶
- endswith()¶
- expandtabs()¶
- find()¶
- format()¶
- format_map()¶
- index()¶
- isalnum()¶
- isalpha()¶
- isascii()¶
- isdecimal()¶
- isdigit()¶
- isidentifier()¶
- islower()¶
- isnumeric()¶
- isprintable()¶
- isspace()¶
- istitle()¶
- isupper()¶
- join()¶
- ljust()¶
- lower()¶
- lstrip()¶
- partition()¶
- removeprefix()¶
- removesuffix()¶
- replace()¶
- rfind()¶
- rindex()¶
- rjust()¶
- rpartition()¶
- rsplit()¶
- rstrip()¶
- split()¶
- splitlines()¶
- startswith()¶
- strip()¶
- swapcase()¶
- title()¶
- translate()¶
- upper()¶
- zfill()¶
- name()¶
- value()¶
- class vendor_fabric.secrets_sync.models.OutputFormat¶
Bases:
enum.StrEnumDiff output formats.
Initialization
Initialize self. See help(type(self)) for accurate signature.
- HUMAN = 'human'¶
- JSON = 'json'¶
- GITHUB = 'github'¶
- COMPACT = 'compact'¶
- SIDE_BY_SIDE = 'side-by-side'¶
- capitalize()¶
- casefold()¶
- center()¶
- count()¶
- encode()¶
- endswith()¶
- expandtabs()¶
- find()¶
- format()¶
- format_map()¶
- index()¶
- isalnum()¶
- isalpha()¶
- isascii()¶
- isdecimal()¶
- isdigit()¶
- isidentifier()¶
- islower()¶
- isnumeric()¶
- isprintable()¶
- isspace()¶
- istitle()¶
- isupper()¶
- join()¶
- ljust()¶
- lower()¶
- lstrip()¶
- partition()¶
- removeprefix()¶
- removesuffix()¶
- replace()¶
- rfind()¶
- rindex()¶
- rjust()¶
- rpartition()¶
- rsplit()¶
- rstrip()¶
- split()¶
- splitlines()¶
- startswith()¶
- strip()¶
- swapcase()¶
- title()¶
- translate()¶
- upper()¶
- zfill()¶
- name()¶
- value()¶
- class vendor_fabric.secrets_sync.models.ProviderSession¶
Authenticated provider material passed through to the SecretSync binding.
- delegate_auth: bool = False¶
- vault_address: str = <Multiline-String>¶
- vault_namespace: str = <Multiline-String>¶
- vault_token: str = <Multiline-String>¶
- aws_region: str = <Multiline-String>¶
- aws_access_key_id: str = <Multiline-String>¶
- aws_secret_access_key: str = <Multiline-String>¶
- aws_session_token: str = <Multiline-String>¶
- aws_role_arn: str = <Multiline-String>¶
- aws_endpoint_url: str = <Multiline-String>¶
- class vendor_fabric.secrets_sync.models.SyncOptions¶
Options for pipeline execution.
- dry_run: bool = False¶
- operation: vendor_fabric.secrets_sync.models.SyncOperation = None¶
- targets: list[str] = 'field(...)'¶
- continue_on_error: bool = True¶
- parallelism: int = 4¶
- compute_diff: bool = False¶
- output_format: vendor_fabric.secrets_sync.models.OutputFormat = None¶
- show_values: bool = False¶
- delete_orphans: bool = False¶
- class vendor_fabric.secrets_sync.models.LogConfig¶
Logging configuration.
- level: str = 'info'¶
- format: str = 'text'¶
- class vendor_fabric.secrets_sync.models.VaultAuthAppRole¶
Vault AppRole authentication config.
- mount: str = 'approle'¶
- role_id: str = <Multiline-String>¶
- secret_id: str = <Multiline-String>¶
- class vendor_fabric.secrets_sync.models.VaultAuthToken¶
Vault token authentication config.
- token: str = <Multiline-String>¶
- class vendor_fabric.secrets_sync.models.VaultAuthKubernetes¶
Vault Kubernetes authentication config.
- role: str = <Multiline-String>¶
- mount_path: str = 'kubernetes'¶
- class vendor_fabric.secrets_sync.models.VaultAuthConfig¶
Vault authentication config.
- approle: vendor_fabric.secrets_sync.models.VaultAuthAppRole | None = None¶
- token: vendor_fabric.secrets_sync.models.VaultAuthToken | None = None¶
- kubernetes: vendor_fabric.secrets_sync.models.VaultAuthKubernetes | None = None¶
- class vendor_fabric.secrets_sync.models.VaultConfig¶
Vault connection config.
- address: str = <Multiline-String>¶
- namespace: str = <Multiline-String>¶
- auth: vendor_fabric.secrets_sync.models.VaultAuthConfig = 'field(...)'¶
- max_traversal_depth: int | None = None¶
- max_secrets_per_mount: int | None = None¶
- queue_compaction_threshold: int | None = None¶
- class vendor_fabric.secrets_sync.models.ExecutionRoleConfig¶
Control Tower execution role config.
- name: str = 'AWSControlTowerExecution'¶
- path: str = '/'¶
- class vendor_fabric.secrets_sync.models.ControlTowerConfig¶
AWS Control Tower config.
- enabled: bool = False¶
- execution_role: vendor_fabric.secrets_sync.models.ExecutionRoleConfig = 'field(...)'¶
- class vendor_fabric.secrets_sync.models.ExecutionContextConfig¶
AWS execution context config.
- type: str = <Multiline-String>¶
- account_id: str = <Multiline-String>¶
- custom_role_pattern: str = <Multiline-String>¶
- class vendor_fabric.secrets_sync.models.AWSConfig¶
AWS config.
- region: str = 'us-east-1'¶
- execution_context: vendor_fabric.secrets_sync.models.ExecutionContextConfig = 'field(...)'¶
- control_tower: vendor_fabric.secrets_sync.models.ControlTowerConfig = 'field(...)'¶
- class vendor_fabric.secrets_sync.models.VaultSource¶
Vault source config.
- mount: str = <Multiline-String>¶
- paths: list[str] = 'field(...)'¶
- address: str = <Multiline-String>¶
- namespace: str = <Multiline-String>¶
- class vendor_fabric.secrets_sync.models.AWSSource¶
AWS Secrets Manager source config.
- account_id: str = <Multiline-String>¶
- region: str = <Multiline-String>¶
- prefix: str = <Multiline-String>¶
- tags: dict[str, str] = 'field(...)'¶
- role_arn: str = <Multiline-String>¶
- class vendor_fabric.secrets_sync.models.Source¶
Source config.
- vault: vendor_fabric.secrets_sync.models.VaultSource | None = None¶
- aws: vendor_fabric.secrets_sync.models.AWSSource | None = None¶
- class vendor_fabric.secrets_sync.models.MergeStoreVault¶
Vault merge store config.
- mount: str = 'merged-secrets'¶
- class vendor_fabric.secrets_sync.models.MergeStoreS3¶
S3 merge store config.
- bucket: str = <Multiline-String>¶
- prefix: str = 'secrets-sync'¶
- kms_key_id: str = <Multiline-String>¶
- class vendor_fabric.secrets_sync.models.MergeStoreConfig¶
Merge store config.
- vault: vendor_fabric.secrets_sync.models.MergeStoreVault | None = None¶
- s3: vendor_fabric.secrets_sync.models.MergeStoreS3 | None = None¶
- class vendor_fabric.secrets_sync.models.Target¶
Sync destination target.
- account_id: str = <Multiline-String>¶
- imports: list[str] = 'field(...)'¶
- region: str = <Multiline-String>¶
- secret_prefix: str = <Multiline-String>¶
- role_arn: str = <Multiline-String>¶
- class vendor_fabric.secrets_sync.models.AccountNamePattern¶
Dynamic target account-name routing pattern.
- pattern: str = <Multiline-String>¶
- target: str = <Multiline-String>¶
- class vendor_fabric.secrets_sync.models.DynamicTarget¶
Runtime-discovered target config.
- imports: list[str] = 'field(...)'¶
- exclude: list[str] = 'field(...)'¶
- account_name_patterns: list[vendor_fabric.secrets_sync.models.AccountNamePattern] = 'field(...)'¶
- region: str = <Multiline-String>¶
- secret_prefix: str = <Multiline-String>¶
- role_arn: str = <Multiline-String>¶
- discovery: dict[str, Any] = 'field(...)'¶
- class vendor_fabric.secrets_sync.models.SyncSettings¶
Sync phase settings.
- parallel: int = 4¶
- delete_orphans: bool = False¶
- class vendor_fabric.secrets_sync.models.PipelineSettings¶
Pipeline settings.
- merge: vendor_fabric.secrets_sync.models.MergeSettings = 'field(...)'¶
- sync: vendor_fabric.secrets_sync.models.SyncSettings = 'field(...)'¶
- dry_run: bool = False¶
- continue_on_error: bool = True¶
- class vendor_fabric.secrets_sync.models.ConfigInfo¶
Public configuration information.
- valid: bool = False¶
- error_message: str = <Multiline-String>¶
- source_count: int = 0¶
- target_count: int = 0¶
- sources: list[str] = 'field(...)'¶
- targets: list[str] = 'field(...)'¶
- has_merge_store: bool = False¶
- vault_address: str = <Multiline-String>¶
- aws_region: str = <Multiline-String>¶
- to_dict() extended_data.containers.ExtendedDict¶
Return an extended config info payload.
- class vendor_fabric.secrets_sync.models.ResultDetails¶
Operation detail counts.
- secrets_processed: int = 0¶
- secrets_added: int = 0¶
- secrets_modified: int = 0¶
- secrets_removed: int = 0¶
- secrets_unchanged: int = 0¶
- source_paths: list[str] = 'field(...)'¶
- destination_path: str = <Multiline-String>¶
- role_arn: str = <Multiline-String>¶
- failed_imports: list[str] = 'field(...)'¶
- class vendor_fabric.secrets_sync.models.TargetDiff¶
Diff summary for one target.
- target: str = None¶
- phase: str = None¶
- added: list[str] = 'field(...)'¶
- modified: list[str] = 'field(...)'¶
- removed: list[str] = 'field(...)'¶
- unchanged: list[str] = 'field(...)'¶
- property has_changes: bool¶
Return whether the target has changes.
- class vendor_fabric.secrets_sync.models.OperationResult¶
Outcome for one target and phase.
- target: str = None¶
- phase: str = None¶
- operation: str = None¶
- success: bool = False¶
- error_message: str = <Multiline-String>¶
- duration_ms: int = 0¶
- details: vendor_fabric.secrets_sync.models.ResultDetails = 'field(...)'¶
- diff: vendor_fabric.secrets_sync.models.TargetDiff | None = None¶
- class vendor_fabric.secrets_sync.models.SyncResult¶
Aggregate pipeline result.
- success: bool = False¶
- target_count: int = 0¶
- secrets_processed: int = 0¶
- secrets_added: int = 0¶
- secrets_modified: int = 0¶
- secrets_removed: int = 0¶
- secrets_unchanged: int = 0¶
- duration_ms: int = 0¶
- error_message: str = <Multiline-String>¶
- results: list[vendor_fabric.secrets_sync.models.OperationResult] = 'field(...)'¶
- diff_output: str = <Multiline-String>¶
- to_dict() extended_data.containers.ExtendedDict¶
Return an extended result payload with redacted diagnostics.
- class vendor_fabric.secrets_sync.models.SecretSyncConfig¶
SecretSync pipeline configuration.
- log: vendor_fabric.secrets_sync.models.LogConfig = 'field(...)'¶
- vault: vendor_fabric.secrets_sync.models.VaultConfig = 'field(...)'¶
- aws: vendor_fabric.secrets_sync.models.AWSConfig = 'field(...)'¶
- sources: dict[str, vendor_fabric.secrets_sync.models.Source] = 'field(...)'¶
- merge_store: vendor_fabric.secrets_sync.models.MergeStoreConfig = 'field(...)'¶
- targets: dict[str, vendor_fabric.secrets_sync.models.Target] = 'field(...)'¶
- dynamic_targets: dict[str, vendor_fabric.secrets_sync.models.DynamicTarget] = 'field(...)'¶
- pipeline: vendor_fabric.secrets_sync.models.PipelineSettings = 'field(...)'¶
- classmethod from_file(path: str | pathlib.Path, *, auto_detect: bool = True) vendor_fabric.secrets_sync.models.SecretSyncConfig¶
Load a pipeline configuration from YAML.
- classmethod from_mapping(payload: collections.abc.Mapping[str, Any] | None) vendor_fabric.secrets_sync.models.SecretSyncConfig¶
Build a config from a mapping.
- validate() None¶
Validate the configuration.
- validate_target_inheritance() None¶
Reject circular target inheritance chains.
- auto_configure() None¶
Apply safe defaults and create placeholder sources for imports.
- expand_env_vars() None¶
Expand
${VAR}placeholders in sensitive auth fields.
- apply_environment_overrides() None¶
Apply explicit SecretSync environment overrides.
- get_source_path(import_name: str) str¶
Return the deterministic source path for an import.
- role_arn_for_target(target: vendor_fabric.secrets_sync.models.Target) str¶
Return the AWS role ARN for a target.
- info() vendor_fabric.secrets_sync.models.ConfigInfo¶
Return public configuration info.
- vendor_fabric.secrets_sync.models.redacted_error(exc: BaseException) str¶
Return a redacted exception string.