vendor_fabric.secrets_sync.stores

Secret tree stores used by native SecretSync pipelines.

Module Contents

Classes

WriteSummary

Summary of a store write operation.

SecretTreeStore

Read/write interface for tree-shaped secret stores.

InMemorySecretStore

In-memory secret tree store for dry-runs, tests, and ephemeral merges.

VaultSecretStore

Vault KV2-backed secret tree store.

AWSSecretsManagerStore

AWS Secrets Manager tree store.

S3SecretStore

S3-backed JSON object store for merged secret bundles.

StoreRegistry

Explicit store injection for tests and custom vendor wiring.

Functions

join_secret_path

Join secret path parts without duplicate separators.

relative_secret_path

Return path relative to root.

normalize_secret_payload

Return a dict payload from connector values.

Data

API

vendor_fabric.secrets_sync.stores.SecretPayload = None
vendor_fabric.secrets_sync.stores.SecretTree = None
class vendor_fabric.secrets_sync.stores.WriteSummary

Summary of a store write operation.

processed: int = 0
added: int = 0
modified: int = 0
removed: int = 0
unchanged: int = 0
class vendor_fabric.secrets_sync.stores.SecretTreeStore

Bases: typing.Protocol

Read/write interface for tree-shaped secret stores.

read_tree(root: str = '') vendor_fabric.secrets_sync.stores.SecretTree

Read secrets under a root path keyed by relative secret path.

write_tree(secrets: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]], root: str = '', *, dry_run: bool = False) vendor_fabric.secrets_sync.stores.WriteSummary

Write a tree of secrets under a root path.

vendor_fabric.secrets_sync.stores.join_secret_path(*parts: str) str

Join secret path parts without duplicate separators.

vendor_fabric.secrets_sync.stores.relative_secret_path(path: str, root: str) str

Return path relative to root.

vendor_fabric.secrets_sync.stores.normalize_secret_payload(value: Any) vendor_fabric.secrets_sync.stores.SecretPayload

Return a dict payload from connector values.

class vendor_fabric.secrets_sync.stores.InMemorySecretStore(secrets: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]] | None = None)

In-memory secret tree store for dry-runs, tests, and ephemeral merges.

Initialization

read_tree(root: str = '') vendor_fabric.secrets_sync.stores.SecretTree

Read secrets under a root path.

write_tree(secrets: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]], root: str = '', *, dry_run: bool = False) vendor_fabric.secrets_sync.stores.WriteSummary

Write secrets under a root path.

class vendor_fabric.secrets_sync.stores.VaultSecretStore(connector: vendor_fabric.vault.VaultConnector | None = None, *, mount: str = 'secret')

Vault KV2-backed secret tree store.

Initialization

read_tree(root: str = '') vendor_fabric.secrets_sync.stores.SecretTree

Read secrets from Vault under root.

write_tree(secrets: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]], root: str = '', *, dry_run: bool = False) vendor_fabric.secrets_sync.stores.WriteSummary

Write secrets to Vault under root.

class vendor_fabric.secrets_sync.stores.AWSSecretsManagerStore(connector: vendor_fabric.aws.AWSConnector | None = None, *, prefix: str = '', execution_role_arn: str | None = None, role_session_name: str | None = None)

AWS Secrets Manager tree store.

Initialization

read_tree(root: str = '') vendor_fabric.secrets_sync.stores.SecretTree

Read secrets under a prefix.

write_tree(secrets: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]], root: str = '', *, dry_run: bool = False) vendor_fabric.secrets_sync.stores.WriteSummary

Write JSON secret payloads to AWS Secrets Manager.

class vendor_fabric.secrets_sync.stores.S3SecretStore(connector: vendor_fabric.aws.AWSConnector | None = None, *, bucket: str, prefix: str = 'secrets-sync', execution_role_arn: str | None = None)

S3-backed JSON object store for merged secret bundles.

Initialization

read_tree(root: str = '') vendor_fabric.secrets_sync.stores.SecretTree

Read one JSON bundle object from S3.

write_tree(secrets: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]], root: str = '', *, dry_run: bool = False) vendor_fabric.secrets_sync.stores.WriteSummary

Write one JSON bundle object to S3.

class vendor_fabric.secrets_sync.stores.StoreRegistry

Explicit store injection for tests and custom vendor wiring.

sources: collections.abc.MutableMapping[str, vendor_fabric.secrets_sync.stores.SecretTreeStore] = 'field(...)'
targets: collections.abc.MutableMapping[str, vendor_fabric.secrets_sync.stores.SecretTreeStore] = 'field(...)'
merge_store: vendor_fabric.secrets_sync.stores.SecretTreeStore | None = None