vendor_fabric.secrets_sync.stores¶
Secret tree stores used by native SecretSync pipelines.
Module Contents¶
Classes¶
Summary of a store write operation. |
|
Read/write interface for tree-shaped secret stores. |
|
In-memory secret tree store for dry-runs, tests, and ephemeral merges. |
|
Vault KV2-backed secret tree store. |
|
AWS Secrets Manager tree store. |
|
S3-backed JSON object store for merged secret bundles. |
|
Explicit store injection for tests and custom vendor wiring. |
Functions¶
Join secret path parts without duplicate separators. |
|
Return |
|
Return a dict payload from connector values. |
Data¶
API¶
- vendor_fabric.secrets_sync.stores.SecretPayload = None¶
- vendor_fabric.secrets_sync.stores.SecretTree = None¶
- class vendor_fabric.secrets_sync.stores.WriteSummary¶
Summary of a store write operation.
- processed: int = 0¶
- added: int = 0¶
- modified: int = 0¶
- removed: int = 0¶
- unchanged: int = 0¶
- class vendor_fabric.secrets_sync.stores.SecretTreeStore¶
Bases:
typing.ProtocolRead/write interface for tree-shaped secret stores.
- read_tree(root: str = '') vendor_fabric.secrets_sync.stores.SecretTree¶
Read secrets under a root path keyed by relative secret path.
- write_tree(secrets: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]], root: str = '', *, dry_run: bool = False) vendor_fabric.secrets_sync.stores.WriteSummary¶
Write a tree of secrets under a root path.
- vendor_fabric.secrets_sync.stores.join_secret_path(*parts: str) str¶
Join secret path parts without duplicate separators.
- vendor_fabric.secrets_sync.stores.relative_secret_path(path: str, root: str) str¶
Return
pathrelative toroot.
- vendor_fabric.secrets_sync.stores.normalize_secret_payload(value: Any) vendor_fabric.secrets_sync.stores.SecretPayload¶
Return a dict payload from connector values.
- class vendor_fabric.secrets_sync.stores.InMemorySecretStore(secrets: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]] | None = None)¶
In-memory secret tree store for dry-runs, tests, and ephemeral merges.
Initialization
- read_tree(root: str = '') vendor_fabric.secrets_sync.stores.SecretTree¶
Read secrets under a root path.
- write_tree(secrets: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]], root: str = '', *, dry_run: bool = False) vendor_fabric.secrets_sync.stores.WriteSummary¶
Write secrets under a root path.
- class vendor_fabric.secrets_sync.stores.VaultSecretStore(connector: vendor_fabric.vault.VaultConnector | None = None, *, mount: str = 'secret')¶
Vault KV2-backed secret tree store.
Initialization
- read_tree(root: str = '') vendor_fabric.secrets_sync.stores.SecretTree¶
Read secrets from Vault under
root.
- write_tree(secrets: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]], root: str = '', *, dry_run: bool = False) vendor_fabric.secrets_sync.stores.WriteSummary¶
Write secrets to Vault under
root.
- class vendor_fabric.secrets_sync.stores.AWSSecretsManagerStore(connector: vendor_fabric.aws.AWSConnector | None = None, *, prefix: str = '', execution_role_arn: str | None = None, role_session_name: str | None = None)¶
AWS Secrets Manager tree store.
Initialization
- read_tree(root: str = '') vendor_fabric.secrets_sync.stores.SecretTree¶
Read secrets under a prefix.
- write_tree(secrets: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]], root: str = '', *, dry_run: bool = False) vendor_fabric.secrets_sync.stores.WriteSummary¶
Write JSON secret payloads to AWS Secrets Manager.
- class vendor_fabric.secrets_sync.stores.S3SecretStore(connector: vendor_fabric.aws.AWSConnector | None = None, *, bucket: str, prefix: str = 'secrets-sync', execution_role_arn: str | None = None)¶
S3-backed JSON object store for merged secret bundles.
Initialization
- read_tree(root: str = '') vendor_fabric.secrets_sync.stores.SecretTree¶
Read one JSON bundle object from S3.
- write_tree(secrets: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]], root: str = '', *, dry_run: bool = False) vendor_fabric.secrets_sync.stores.WriteSummary¶
Write one JSON bundle object to S3.
- class vendor_fabric.secrets_sync.stores.StoreRegistry¶
Explicit store injection for tests and custom vendor wiring.
- sources: collections.abc.MutableMapping[str, vendor_fabric.secrets_sync.stores.SecretTreeStore] = 'field(...)'¶
- targets: collections.abc.MutableMapping[str, vendor_fabric.secrets_sync.stores.SecretTreeStore] = 'field(...)'¶
- merge_store: vendor_fabric.secrets_sync.stores.SecretTreeStore | None = None¶