VaultAPI 0.0.0__py3-none-any.whl

VaultAPI-0.0.0.dist-info/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Vignesh Rao
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

VaultAPI-0.0.0.dist-info/METADATA

@@ -0,0 +1,223 @@
+Metadata-Version: 2.1
+Name: VaultAPI
+Version: 0.0.0
+Summary: Lightweight API to store/retrieve secrets to/from an encrypted Database
+Author-email: Vignesh Rao <svignesh1793@gmail.com>
+License: MIT License
+        
+        Copyright (c) 2024 Vignesh Rao
+        
+        Permission is hereby granted, free of charge, to any person obtaining a copy
+        of this software and associated documentation files (the "Software"), to deal
+        in the Software without restriction, including without limitation the rights
+        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+        copies of the Software, and to permit persons to whom the Software is
+        furnished to do so, subject to the following conditions:
+        
+        The above copyright notice and this permission notice shall be included in all
+        copies or substantial portions of the Software.
+        
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+        SOFTWARE.
+        
+Project-URL: Homepage, https://github.com/thevickypedia/VaultAPI
+Project-URL: Docs, https://thevickypedia.github.io/VaultAPI
+Project-URL: Source, https://github.com/thevickypedia/VaultAPI
+Project-URL: Bug Tracker, https://github.com/thevickypedia/VaultAPI/issues
+Project-URL: Release Notes, https://github.com/thevickypedia/VaultAPI/blob/main/release_notes.rst
+Keywords: vaultapi,vault,fastapi,sqlite3,fernet
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Operating System :: MacOS :: MacOS X
+Classifier: Operating System :: Microsoft :: Windows
+Classifier: Operating System :: POSIX :: Linux
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: annotated-types==0.7.0
+Requires-Dist: anyio==4.4.0
+Requires-Dist: certifi==2024.8.30
+Requires-Dist: cffi==1.17.1
+Requires-Dist: charset-normalizer==3.3.2
+Requires-Dist: click==8.1.7
+Requires-Dist: cryptography==43.0.1
+Requires-Dist: fastapi==0.114.2
+Requires-Dist: h11==0.14.0
+Requires-Dist: idna==3.10
+Requires-Dist: pycparser==2.22
+Requires-Dist: pydantic==2.9.1
+Requires-Dist: pydantic-settings==2.5.2
+Requires-Dist: pydantic-core==2.23.3
+Requires-Dist: python-dotenv==1.0.1
+Requires-Dist: PyYAML==6.0.2
+Requires-Dist: requests==2.32.3
+Requires-Dist: sniffio==1.3.1
+Requires-Dist: starlette==0.38.5
+Requires-Dist: typing-extensions==4.12.2
+Requires-Dist: urllib3==2.2.3
+Requires-Dist: uvicorn==0.30.6
+Provides-Extra: dev
+Requires-Dist: sphinx==5.1.1; extra == "dev"
+Requires-Dist: pre-commit; extra == "dev"
+Requires-Dist: recommonmark; extra == "dev"
+Requires-Dist: gitverse; extra == "dev"
+
+# VaultAPI
+Lightweight API to store/retrieve secrets to/from an encrypted Database
+
+![Python][label-pyversion]
+
+**Platform Supported**
+
+![Platform][label-platform]
+
+**Deployments**
+
+[![pages][label-actions-pages]][gha_pages]
+[![pypi][label-actions-pypi]][gha_pypi]
+[![markdown][label-actions-markdown]][gha_md_valid]
+
+[![Pypi][label-pypi]][pypi]
+[![Pypi-format][label-pypi-format]][pypi-files]
+[![Pypi-status][label-pypi-status]][pypi]
+
+## Kick off
+
+**Recommendations**
+
+- Install `python` [3.10] or [3.11]
+- Use a dedicated [virtual environment]
+
+**Install VaultAPI**
+```shell
+python -m pip install vaultapi
+```
+
+**Initiate - IDE**
+```python
+import vaultapi
+
+
+if __name__ == '__main__':
+    vaultapi.start()
+```
+
+**Initiate - CLI**
+```shell
+vaultapi start
+```
+
+> Use `vaultapi --help` for usage instructions.
+
+## Environment Variables
+
+<details>
+<summary><strong>Sourcing environment variables from an env file</strong></summary>
+
+> _By default, `VaultAPI` will look for a `.env` file in the current working directory._
+</details>
+
+- **HOST** - Hostname for the API server.
+- **PORT** - Port number for the API server.
+- **WORKERS** - Number of workers for the uvicorn server.
+- **APIKEY** - API Key for authentication.
+- **SECRET** - Secret access key to encode/decode the secrets in Datastore.
+- **DATABASE** - FilePath to store the secrets' database.
+- **RATE_LIMIT** - List of dictionaries with `max_requests` and `seconds` to apply as rate limit.
+
+<details>
+<summary>Auto generate a <code>SECRET</code> value</summary>
+
+This value will be used to encrypt/decrypt the secrets stored in the database.
+
+**CLI**
+```shell
+vaultapi keygen
+```
+
+**IDE**
+```python
+from cryptography.fernet import Fernet
+print(Fernet.generate_key())
+```
+</details>
+
+## Coding Standards
+Docstring format: [`Google`][google-docs] <br>
+Styling conventions: [`PEP 8`][pep8] and [`isort`][isort]
+
+## [Release Notes][release-notes]
+**Requirement**
+```shell
+python -m pip install gitverse
+```
+
+**Usage**
+```shell
+gitverse-release reverse -f release_notes.rst -t 'Release Notes'
+```
+
+## Linting
+`pre-commit` will ensure linting, run pytest, generate runbook & release notes, and validate hyperlinks in ALL
+markdown files (including Wiki pages)
+
+**Requirement**
+```shell
+python -m pip install sphinx==5.1.1 pre-commit recommonmark
+```
+
+**Usage**
+```shell
+pre-commit run --all-files
+```
+
+## Pypi Package
+[![pypi-module][label-pypi-package]][pypi-repo]
+
+[https://pypi.org/project/VaultAPI/][pypi]
+
+## Runbook
+[![made-with-sphinx-doc][label-sphinx-doc]][sphinx]
+
+[https://thevickypedia.github.io/VaultAPI/][runbook]
+
+## License & copyright
+
+&copy; Vignesh Rao
+
+Licensed under the [MIT License][license]
+
+[label-actions-markdown]: https://github.com/thevickypedia/VaultAPI/actions/workflows/markdown.yaml/badge.svg
+[label-pypi-package]: https://img.shields.io/badge/Pypi%20Package-VaultAPI-blue?style=for-the-badge&logo=Python
+[label-sphinx-doc]: https://img.shields.io/badge/Made%20with-Sphinx-blue?style=for-the-badge&logo=Sphinx
+[label-pyversion]: https://img.shields.io/badge/python-3.10%20%7C%203.11-blue
+[label-platform]: https://img.shields.io/badge/Platform-Linux|macOS|Windows-1f425f.svg
+[label-actions-pages]: https://github.com/thevickypedia/VaultAPI/actions/workflows/pages/pages-build-deployment/badge.svg
+[label-actions-pypi]: https://github.com/thevickypedia/VaultAPI/actions/workflows/python-publish.yaml/badge.svg
+[label-pypi]: https://img.shields.io/pypi/v/VaultAPI
+[label-pypi-format]: https://img.shields.io/pypi/format/VaultAPI
+[label-pypi-status]: https://img.shields.io/pypi/status/VaultAPI
+
+[3.10]: https://docs.python.org/3/whatsnew/3.10.html
+[3.11]: https://docs.python.org/3/whatsnew/3.11.html
+[virtual environment]: https://docs.python.org/3/tutorial/venv.html
+[release-notes]: https://github.com/thevickypedia/VaultAPI/blob/master/release_notes.rst
+[gha_pages]: https://github.com/thevickypedia/VaultAPI/actions/workflows/pages/pages-build-deployment
+[gha_pypi]: https://github.com/thevickypedia/VaultAPI/actions/workflows/python-publish.yaml
+[gha_md_valid]: https://github.com/thevickypedia/VaultAPI/actions/workflows/markdown.yaml
+[google-docs]: https://google.github.io/styleguide/pyguide.html#38-comments-and-docstrings
+[pep8]: https://www.python.org/dev/peps/pep-0008/
+[isort]: https://pycqa.github.io/isort/
+[sphinx]: https://www.sphinx-doc.org/en/master/man/sphinx-autogen.html
+[pypi]: https://pypi.org/project/VaultAPI
+[pypi-files]: https://pypi.org/project/VaultAPI/#files
+[pypi-repo]: https://packaging.python.org/tutorials/packaging-projects/
+[license]: https://github.com/thevickypedia/VaultAPI/blob/master/LICENSE
+[runbook]: https://thevickypedia.github.io/VaultAPI/

VaultAPI-0.0.0.dist-info/RECORD

@@ -0,0 +1,17 @@
+vaultapi/__init__.py,sha256=xl6R8Mh1RIh9syQd9gVqwk64xWARNVPgyjY3zdBvkhk,2323
+vaultapi/auth.py,sha256=s9xhLuCQbO5q0vI6T15_nzYtENyw-Bbf9g3rGRlimHc,1461
+vaultapi/database.py,sha256=140YlgkRTCjD5xIzm5fggUo-yRfITIR9dI5SlfV96Fk,2101
+vaultapi/exceptions.py,sha256=99R9L2vmimS68RLt5bpw1QT3C2WELHvKNRDWRDwBKi4,185
+vaultapi/main.py,sha256=eqUwj3WFoneqovE34CXhXiwpkhn25NKDkm12INCoOko,2516
+vaultapi/models.py,sha256=gtFOzZcxhc_IMfAL6Vd_s7JySho8qVaPJUFgR5FzCb4,5504
+vaultapi/payload.py,sha256=s2kc5wUCpSoND9Hc1Tsz4sBnoJQtQdn8WBKlx31aRRI,346
+vaultapi/rate_limit.py,sha256=i4CsbJuQsGVImR_uvF5Olz7Onz8sZdsN37AqhdASfE0,2075
+vaultapi/routes.py,sha256=jNOqje_EAF3U11m_fgBKW2ZgLl0edQ9jg29twBBnTWw,11230
+vaultapi/squire.py,sha256=dipCTxwYKkI07ab-6ZaRHpNhouE8bwBppwu8s9xLQ2Y,1780
+vaultapi/version.py,sha256=ShXQBVjyiSOHxoQJS2BvNG395W4KZfqMxZWBAR0MZrE,22
+VaultAPI-0.0.0.dist-info/LICENSE,sha256=xnHdLNCLt4RW3vtnE_TfN_cjViUHyIv0m8024fS4bws,1068
+VaultAPI-0.0.0.dist-info/METADATA,sha256=hZwurinA8_kmb3zVFkmgpzagiNPGGY7mJDAjcl-g1xE,7870
+VaultAPI-0.0.0.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
+VaultAPI-0.0.0.dist-info/entry_points.txt,sha256=MKe6sVDEAHC3YBZoYWLMvgwupRE_QJ_iHK0umfgGOzs,50
+VaultAPI-0.0.0.dist-info/top_level.txt,sha256=17jtNvOOJqazNgWn2ZTmJqfQau5jan_xF82NAJOINQg,9
+VaultAPI-0.0.0.dist-info/RECORD,,

VaultAPI-0.0.0.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (75.1.0)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

VaultAPI-0.0.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+vaultapi = vaultapi:commandline

VaultAPI-0.0.0.dist-info/top_level.txt

@@ -0,0 +1 @@
+vaultapi

vaultapi/__init__.py

@@ -0,0 +1,68 @@
+import sys
+
+import click
+from cryptography.fernet import Fernet
+
+from .main import start, version
+
+
+@click.command()
+@click.argument("run", required=False)
+@click.argument("start", required=False)
+@click.argument("keygen", required=False)
+@click.option("--version", "-V", is_flag=True, help="Prints the version.")
+@click.option("--help", "-H", is_flag=True, help="Prints the help section.")
+@click.option(
+    "--env",
+    "-E",
+    type=click.Path(exists=True),
+    help="Environment configuration filepath.",
+)
+def commandline(*args, **kwargs) -> None:
+    """Starter function to invoke VaultAPI via CLI commands.
+
+    **Flags**
+        - ``--version | -V``: Prints the version.
+        - ``--help | -H``: Prints the help section.
+        - ``--env | -E``: Environment configuration filepath.
+    """
+    assert sys.argv[0].lower().endswith("vaultapi"), "Invalid commandline trigger!!"
+    options = {
+        "--version | -V": "Prints the version.",
+        "--help | -H": "Prints the help section.",
+        "--env | -E": "Environment configuration filepath.",
+        "start | run": "Initiates the API server.",
+    }
+    # weird way to increase spacing to keep all values monotonic
+    _longest_key = len(max(options.keys()))
+    _pretext = "\n\t* "
+    choices = _pretext + _pretext.join(
+        f"{k} {'·' * (_longest_key - len(k) + 8)}→ {v}".expandtabs()
+        for k, v in options.items()
+    )
+    if kwargs.get("version"):
+        click.echo(f"VaultAPI {version.__version__}")
+        sys.exit(0)
+    if kwargs.get("help"):
+        click.echo(
+            f"\nUsage: vaultapi [arbitrary-command]\nOptions (and corresponding behavior):{choices}"
+        )
+        sys.exit(0)
+    trigger = (
+        kwargs.get("start") or kwargs.get("run") or kwargs.get("keygen") or ""
+    ).lower()
+    if trigger in ("start", "run"):
+        start(env_file=kwargs.get("env"))
+        sys.exit(0)
+    elif trigger == "keygen":
+        key = Fernet.generate_key()
+        click.secho(
+            f"\nStore this as an env var named 'secret' or pass it as kwargs\n\n{key.decode()}\n"
+        )
+        sys.exit(0)
+    else:
+        click.secho(f"\n{kwargs}\nNo command provided", fg="red")
+    click.echo(
+        f"Usage: vaultapi [arbitrary-command]\nOptions (and corresponding behavior):{choices}"
+    )
+    sys.exit(1)

vaultapi/auth.py

@@ -0,0 +1,44 @@
+import logging
+import secrets
+import time
+from http import HTTPStatus
+
+from fastapi import Request
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+
+from . import exceptions, models
+
+LOGGER = logging.getLogger("uvicorn.default")
+EPOCH = lambda: int(time.time())  # noqa: E731
+SECURITY = HTTPBearer()
+
+
+async def validate(request: Request, apikey: HTTPAuthorizationCredentials) -> None:
+    """Validates the auth request using HTTPBearer.
+
+    Args:
+        request: Takes the authorization header token as an argument.
+        apikey: Basic APIKey required for all the routes.
+
+    Raises:
+        APIResponse:
+        - 401: If authorization is invalid.
+        - 403: If host address is forbidden.
+    """
+    if apikey.credentials.startswith("\\"):
+        auth = bytes(apikey.credentials, "utf-8").decode(encoding="unicode_escape")
+    else:
+        auth = apikey.credentials
+    if secrets.compare_digest(auth, models.env.apikey):
+        LOGGER.info(
+            "Connection received from client-host: %s, host-header: %s, x-fwd-host: %s",
+            request.client.host,
+            request.headers.get("host"),
+            request.headers.get("x-forwarded-host"),
+        )
+        if user_agent := request.headers.get("user-agent"):
+            LOGGER.info("User agent: %s", user_agent)
+        return
+    raise exceptions.APIResponse(
+        status_code=HTTPStatus.UNAUTHORIZED.real, detail=HTTPStatus.UNAUTHORIZED.phrase
+    )

vaultapi/database.py

@@ -0,0 +1,69 @@
+from typing import List, Tuple
+
+from . import models
+
+
+def get_secret(key: str, table_name: str) -> str | None:
+    """Function to retrieve secret from database.
+
+    Args:
+        key: Name of the secret to retrieve.
+        table_name: Name of the table where the secret is stored.
+
+    Returns:
+        str:
+        Returns the secret value.
+    """
+    with models.database.connection:
+        cursor = models.database.connection.cursor()
+        state = cursor.execute(
+            f'SELECT value FROM "{table_name}" WHERE key=(?)', (key,)
+        ).fetchone()
+    if state and state[0]:
+        return state[0]
+
+
+def get_table(table_name: str) -> List[Tuple[str, str]]:
+    """Function to retrieve all key-value pairs from a particular table in the database.
+
+    Args:
+        table_name: Name of the table where the secrets are stored.
+
+    Returns:
+        str:
+        Returns the secret value.
+    """
+    with models.database.connection:
+        cursor = models.database.connection.cursor()
+        state = cursor.execute(f'SELECT * FROM "{table_name}"').fetchall()
+    return state
+
+
+def put_secret(key: str, value: str, table_name: str) -> None:
+    """Function to add secret to the database.
+
+    Args:
+        key: Name of the secret to be stored.
+        value: Value of the secret to be stored
+        table_name: Name of the table where the secret is stored.
+    """
+    with models.database.connection:
+        cursor = models.database.connection.cursor()
+        cursor.execute(
+            f'INSERT INTO "{table_name}" (key, value) VALUES (?,?)',
+            (key, value),
+        )
+        models.database.connection.commit()
+
+
+def remove_secret(key: str, table_name: str) -> None:
+    """Function to remove a secret from the database.
+
+    Args:
+        key: Name of the secret to be removed.
+        table_name: Name of the table where the secret is stored.
+    """
+    with models.database.connection:
+        cursor = models.database.connection.cursor()
+        cursor.execute(f'DELETE FROM "{table_name}" WHERE key=(?)', (key,))
+        models.database.connection.commit()

vaultapi/exceptions.py

@@ -0,0 +1,9 @@
+from fastapi.exceptions import HTTPException
+
+
+class APIResponse(HTTPException):
+    """Custom ``HTTPException`` from ``FastAPI`` to wrap an API response.
+
+    >>> APIResponse
+
+    """

vaultapi/main.py

@@ -0,0 +1,73 @@
+import logging
+import pathlib
+
+import uvicorn
+from cryptography.fernet import Fernet
+from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
+
+from . import models, routes, squire, version
+
+LOGGER = logging.getLogger("uvicorn.default")
+VaultAPI = FastAPI(
+    title="VaultAPI",
+    description="Lightweight service to serve secrets and environment variables",
+    version=version.__version__,
+)
+
+
+def enable_cors() -> None:
+    """Enables CORS policy."""
+    LOGGER.info("Setting CORS policy")
+    origins = [
+        "http://localhost.com",
+        "https://localhost.com",
+    ]
+    for website in models.env.endpoints:
+        origins.extend(
+            [f"http://{website.host}", f"https://{website.host}"]
+        )  # noqa: HttpUrlsUsage
+    VaultAPI.add_middleware(
+        CORSMiddleware,  # noqa: PyTypeChecker
+        allow_origins=origins,
+        allow_credentials=True,
+        allow_methods=["GET", "POST", "PUT", "DELETE"],
+        allow_headers=[
+            # Default headers
+            "host",
+            "user-agent",
+            "authorization",
+        ],
+    )
+
+
+def start(**kwargs) -> None:
+    """Starter function for the API, which uses uvicorn server as trigger.
+
+    Keyword Args:
+        env_file: Env filepath to load the environment variables.
+        apikey: API Key to authenticate the server.
+        secret: Secret access key to access the secret content.
+        host: Hostname for the API server.
+        port: Port number for the API server.
+        workers: Number of workers for the uvicorn server.
+        database: FilePath to store the auth database that handles the authentication errors.
+        rate_limit: List of dictionaries with ``max_requests`` and ``seconds`` to apply as rate limit.
+        log_config: Logging configuration as a dict or a FilePath. Supports .yaml/.yml, .json or .ini formats.
+    """
+    models.env = squire.load_env(**kwargs)
+    models.session.fernet = Fernet(models.env.secret)
+    models.database = models.Database(models.env.database)
+    models.database.create_table("default", ["key", "value"])
+    module_name = pathlib.Path(__file__)
+    enable_cors()
+    VaultAPI.routes.extend(routes.get_all_routes())
+    kwargs = dict(
+        host=models.env.host,
+        port=models.env.port,
+        workers=models.env.workers,
+        app=f"{module_name.parent.stem}.{module_name.stem}:{VaultAPI.title}",
+    )
+    if models.env.log_config:
+        kwargs["log_config"] = models.env.log_config
+    uvicorn.run(**kwargs)

vaultapi/models.py

@@ -0,0 +1,205 @@
+import pathlib
+import re
+import socket
+import sqlite3
+from typing import Any, Dict, List, Set, Tuple
+
+from cryptography.fernet import Fernet
+from pydantic import (
+    BaseModel,
+    Field,
+    FilePath,
+    HttpUrl,
+    NewPath,
+    PositiveInt,
+    field_validator,
+)
+from pydantic_settings import BaseSettings
+
+
+def complexity_checker(secret: str, simple: bool = False) -> None:
+    """Verifies the strength of a secret.
+
+    Args:
+        secret: Value of the secret.
+        simple: Boolean flag to increase complexity.
+
+    See Also:
+        A secret is considered strong if it at least has:
+
+        - 32 characters
+        - 1 digit
+        - 1 symbol
+        - 1 uppercase letter
+        - 1 lowercase letter
+
+    Raises:
+        AssertionError: When at least 1 of the above conditions fail to match.
+    """
+    char_limit = 8 if simple else 32
+
+    # calculates the length
+    assert (
+        len(secret) >= char_limit
+    ), f"Minimum secret length is {char_limit}, received {len(secret)}"
+
+    # searches for digits
+    assert re.search(r"\d", secret), "secret must include an integer"
+
+    if simple:
+        return
+
+    # searches for uppercase
+    assert re.search(
+        r"[A-Z]", secret
+    ), "secret must include at least one uppercase letter"
+
+    # searches for lowercase
+    assert re.search(
+        r"[a-z]", secret
+    ), "secret must include at least one lowercase letter"
+
+    # searches for symbols
+    assert re.search(
+        r"[ !#$%&'()*+,-./[\\\]^_`{|}~" + r'"]', secret
+    ), "secret must contain at least one special character"
+
+
+class Database:
+    """Creates a connection and instantiates the cursor.
+
+    >>> Database
+
+    Args:
+        filepath: Name of the database file.
+        timeout: Timeout for the connection to database.
+    """
+
+    def __init__(self, filepath: FilePath | str, timeout: int = 10):
+        """Instantiates the class ``Database`` to create a connection and a cursor."""
+        if not filepath.endswith(".db"):
+            filepath = filepath + ".db"
+        self.connection = sqlite3.connect(
+            database=filepath, check_same_thread=False, timeout=timeout
+        )
+
+    def create_table(self, table_name: str, columns: List[str] | Tuple[str]) -> None:
+        """Creates the table with the required columns.
+
+        Args:
+            table_name: Name of the table that has to be created.
+            columns: List of columns that has to be created.
+        """
+        with self.connection:
+            cursor = self.connection.cursor()
+            # Use f-string or %s as table names cannot be parametrized
+            cursor.execute(
+                f"CREATE TABLE IF NOT EXISTS {table_name!r} ({', '.join(columns)})"
+            )
+
+
+database: Database = Database  # noqa: PyTypeChecker
+
+
+class RateLimit(BaseModel):
+    """Object to store the rate limit settings.
+
+    >>> RateLimit
+
+    """
+
+    max_requests: PositiveInt
+    seconds: PositiveInt
+
+
+class Session(BaseModel):
+    """Object to store session information.
+
+    >>> Session
+
+    """
+
+    fernet: Fernet | None = None
+    info: Dict[str, str] = {}
+    rps: Dict[str, int] = {}
+    allowed_origins: Set[str] = set()
+
+    class Config:
+        """Config to allow arbitrary types."""
+
+        arbitrary_types_allowed = True
+
+
+class EnvConfig(BaseSettings):
+    """Object to load environment variables.
+
+    >>> EnvConfig
+
+    """
+
+    apikey: str
+    secret: str
+    database: FilePath | NewPath | str = Field("secrets.db", pattern=".*.db$")
+    endpoints: HttpUrl | List[HttpUrl] = []
+    host: str = socket.gethostbyname("localhost") or "0.0.0.0"
+    port: PositiveInt = 8080
+    workers: PositiveInt = 1
+    log_config: FilePath | Dict[str, Any] | None = None
+    allowed_origins: List[str] = []
+    rate_limit: RateLimit | List[RateLimit] = []
+
+    @field_validator("endpoints", mode="after", check_fields=True)
+    def parse_endpoints(
+        cls, value: HttpUrl | List[HttpUrl]
+    ) -> List[HttpUrl]:  # noqa: PyMethodParameters
+        """Validate endpoints to enable CORS policy."""
+        if isinstance(value, list):
+            return value
+        return [value]
+
+    @field_validator("apikey", mode="after")
+    def parse_apikey(cls, value: str | None) -> str | None:  # noqa: PyMethodParameters
+        """Parse API key to validate complexity."""
+        if value:
+            try:
+                complexity_checker(value, True)
+            except AssertionError as error:
+                raise ValueError(error.__str__())
+            return value
+
+    @field_validator("secret", mode="after")
+    def parse_api_secret(
+        cls, value: str | None
+    ) -> str | None:  # noqa: PyMethodParameters
+        """Parse API secret to validate complexity."""
+        if value:
+            try:
+                complexity_checker(value)
+            except AssertionError as error:
+                raise ValueError(error.__str__())
+            return value
+
+    @classmethod
+    def from_env_file(cls, env_file: pathlib.Path) -> "EnvConfig":
+        """Create Settings instance from environment file.
+
+        Args:
+            env_file: Name of the env file.
+
+        Returns:
+            EnvConfig:
+            Loads the ``EnvConfig`` model.
+        """
+        return cls(_env_file=env_file)
+
+    class Config:
+        """Extra configuration for EnvConfig object."""
+
+        extra = "ignore"
+        hide_input_in_errors = True
+        arbitrary_types_allowed = True
+
+
+# noinspection PyTypeChecker
+env: EnvConfig = EnvConfig
+session = Session()

vaultapi/payload.py

@@ -0,0 +1,24 @@
+from pydantic import BaseModel
+
+
+class DeleteSecret(BaseModel):
+    """Payload for delete-secret API call.
+
+    >>> DeleteSecret
+
+    """
+
+    key: str
+    table_name: str = "default"
+
+
+class PutSecret(BaseModel):
+    """Payload for put-secret API call.
+
+    >>> DeleteSecret
+
+    """
+
+    key: str
+    value: str
+    table_name: str = "default"

vaultapi/rate_limit.py

@@ -0,0 +1,66 @@
+import math
+import time
+from http import HTTPStatus
+
+from fastapi import HTTPException, Request
+
+from . import models
+
+
+class RateLimiter:
+    """Object that implements the ``RateLimiter`` functionality.
+
+    >>> RateLimiter
+
+    """
+
+    def __init__(self, rps: models.RateLimit):
+        # noinspection PyUnresolvedReferences
+        """Instantiates the object with the necessary args.
+
+        Args:
+            rps: RateLimit object with ``max_requests`` and ``seconds``.
+
+        Attributes:
+            max_requests: Maximum requests to allow in a given time frame.
+            seconds: Number of seconds after which the cache is set to expire.
+        """
+        self.max_requests = rps.max_requests
+        self.seconds = rps.seconds
+        self.start_time = time.time()
+        self.exception = HTTPException(
+            status_code=HTTPStatus.TOO_MANY_REQUESTS.value,
+            detail=HTTPStatus.TOO_MANY_REQUESTS.phrase,
+            # reset headers, which will invalidate auth token
+            headers={"Retry-After": str(math.ceil(self.seconds))},
+        )
+
+    def init(self, request: Request) -> None:
+        """Checks if the number of calls exceeds the rate limit for the given identifier.
+
+        Args:
+            request: The incoming request object.
+
+        Raises:
+            429: Too many requests.
+        """
+        if forwarded := request.headers.get("x-forwarded-for"):
+            identifier = forwarded.split(",")[0]
+        else:
+            identifier = request.client.host
+        identifier += ":" + request.url.path
+
+        current_time = time.time()
+
+        # Reset if the time window has passed
+        if current_time - self.start_time > self.seconds:
+            models.session.rps[identifier] = 1
+            self.start_time = current_time
+
+        if models.session.rps.get(identifier):
+            if models.session.rps[identifier] >= self.max_requests:
+                raise self.exception
+            else:
+                models.session.rps[identifier] += 1
+        else:
+            models.session.rps[identifier] = 1

vaultapi/routes.py

@@ -0,0 +1,352 @@
+import logging
+import sqlite3
+from http import HTTPStatus
+from typing import Dict, List
+
+from fastapi import Depends, Request
+from fastapi.responses import RedirectResponse
+from fastapi.routing import APIRoute
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+
+from . import auth, database, exceptions, models, payload, rate_limit
+
+LOGGER = logging.getLogger("uvicorn.default")
+security = HTTPBearer()
+
+
+async def retrieve_secret(key: str, table_name: str) -> str | None:
+    """Retrieve an existing secret from a table in the database.
+
+    Args:
+        key: Name of the secret to retrieve.
+        table_name: Name of the table where the secret is stored.
+
+    Returns:
+        str:
+        Returns the secret value.
+    """
+    try:
+        return database.get_secret(key=key, table_name=table_name)
+    except sqlite3.OperationalError as error:
+        LOGGER.error(error)
+        raise exceptions.APIResponse(
+            status_code=HTTPStatus.BAD_REQUEST.real, detail=error.args[0]
+        )
+
+
+async def retrieve_secrets(table_name: str, keys: List[str] = None) -> Dict[str, str]:
+    """Retrieve multiple secrets from a table or retrieve the table as a whole.
+
+    Args:
+        table_name: Name of the table where the secret is stored.
+        keys: List of keys for which the values have to be retrieved.
+
+    Returns:
+        Dict[str, str]:
+        Returns the key-value pairs for secret key and it's value.
+    """
+    if keys:
+        values = {}
+        for key in keys:
+            if value := await retrieve_secret(key, table_name):
+                values[key] = value
+        return values
+    else:
+        try:
+            return dict(database.get_table(table_name))
+        except sqlite3.OperationalError as error:
+            LOGGER.error(error)
+            raise exceptions.APIResponse(
+                status_code=HTTPStatus.BAD_REQUEST.real, detail=error.args[0]
+            )
+
+
+async def get_secret(
+    request: Request,
+    key: str,
+    table_name: str = "default",
+    apikey: HTTPAuthorizationCredentials = Depends(security),
+):
+    """**API function to retrieve a secret.**
+
+    **Args:**
+
+        request: Reference to the FastAPI request object.
+        key: Name of the secret to be retrieved.
+        table_name: Name of the table where the secret is stored.
+        apikey: API Key to authenticate the request.
+
+    **Raises:**
+
+        APIResponse:
+        Raises the HTTPStatus object with a status code and detail as response.
+    """
+    await auth.validate(request, apikey)
+    if value := await retrieve_secret(key, table_name):
+        LOGGER.info("Secret value for '%s' was retrieved", key)
+        decrypted = models.session.fernet.decrypt(value).decode(encoding="UTF-8")
+        raise exceptions.APIResponse(status_code=HTTPStatus.OK.real, detail=decrypted)
+    LOGGER.info("Secret value for '%s' NOT found in the datastore", key)
+    raise exceptions.APIResponse(
+        status_code=HTTPStatus.NOT_FOUND.real, detail=HTTPStatus.NOT_FOUND.phrase
+    )
+
+
+async def get_secrets(
+    request: Request,
+    keys: str,
+    table_name: str = "default",
+    apikey: HTTPAuthorizationCredentials = Depends(security),
+):
+    """**API function to retrieve multiple secrets at a time.**
+
+    **Args:**
+
+        request: Reference to the FastAPI request object.
+        key: Comma separated list of secret names to be retrieved.
+        table_name: Name of the table where the secrets are stored.
+        apikey: API Key to authenticate the request.
+
+    **Raises:**
+
+        APIResponse:
+        Raises the HTTPStatus object with a status code and detail as response.
+    """
+    await auth.validate(request, apikey)
+    # keys = [key.strip() for key in keys.split(",") if key.strip()]
+    keys = list(filter(None, map(str.strip, keys.split(","))))
+    keys_ct = len(keys)
+    try:
+        assert keys_ct >= 1, f"Expected at least one key, received {keys_ct}"
+    except AssertionError as error:
+        LOGGER.error(error)
+        raise exceptions.APIResponse(
+            status_code=HTTPStatus.BAD_REQUEST.real, detail=error.args[0]
+        )
+    if values := await retrieve_secrets(table_name, keys):
+        values_ct = len(values)
+        try:
+            assert (
+                values_ct == keys_ct
+            ), f"Number of keys [{keys_ct}] requested didn't match the number of values [{values_ct}] retrieved."
+            LOGGER.info("Secret value for %d (%s) were retrieved", keys_ct, keys)
+            code = HTTPStatus.OK.real
+        except AssertionError as error:
+            LOGGER.warning(error)
+            code = HTTPStatus.PARTIAL_CONTENT.real
+        decrypted = {
+            key: models.session.fernet.decrypt(value).decode(encoding="UTF-8")
+            for key, value in values.items()
+        }
+        raise exceptions.APIResponse(status_code=code, detail=decrypted)
+    if keys_ct == 1:
+        LOGGER.info("Secret value for '%s' NOT found in the datastore", keys[0])
+    else:
+        LOGGER.info(
+            "Secret values for %d keys %s were NOT found in the datastore",
+            keys_ct,
+            keys,
+        )
+    raise exceptions.APIResponse(
+        status_code=HTTPStatus.NOT_FOUND.real, detail=HTTPStatus.NOT_FOUND.phrase
+    )
+
+
+async def get_table(
+    request: Request,
+    table_name: str = "default",
+    apikey: HTTPAuthorizationCredentials = Depends(security),
+):
+    """**API function to retrieve ALL the key-value pairs stored in a particular table.**
+
+    **Args:**
+
+        request: Reference to the FastAPI request object.
+        table_name: Name of the table where the secrets are stored.
+        apikey: API Key to authenticate the request.
+
+    **Raises:**
+
+        APIResponse:
+        Raises the HTTPStatus object with a status code and detail as response.
+    """
+    await auth.validate(request, apikey)
+    table_content = await retrieve_secrets(table_name)
+    decrypted = {
+        key: models.session.fernet.decrypt(value).decode(encoding="UTF-8")
+        for key, value in table_content.items()
+    }
+    raise exceptions.APIResponse(status_code=HTTPStatus.OK.real, detail=decrypted)
+
+
+async def put_secret(
+    request: Request,
+    data: payload.PutSecret,
+    apikey: HTTPAuthorizationCredentials = Depends(security),
+):
+    """**API function to add secrets to database.**
+
+    **Args:**
+
+        request: Reference to the FastAPI request object.
+        data: Payload with ``key``, ``value``, and ``table_name`` as body.
+        apikey: API Key to authenticate the request.
+
+    **Raises:**
+
+        APIResponse:
+        Raises the HTTPStatus object with a status code and detail as response.
+    """
+    await auth.validate(request, apikey)
+    if await retrieve_secret(data.key, data.table_name):
+        LOGGER.info("Secret value for '%s' will be overridden", data.key)
+    else:
+        LOGGER.info(
+            "Storing a secret value for '%s' to the table '%s' in the datastore",
+            data.key,
+            data.table_name,
+        )
+    encrypted = models.session.fernet.encrypt(data.value.encode(encoding="UTF-8"))
+    database.put_secret(key=data.key, value=encrypted, table_name=data.table_name)
+    raise exceptions.APIResponse(
+        status_code=HTTPStatus.OK.real, detail=HTTPStatus.OK.phrase
+    )
+
+
+async def delete_secret(
+    request: Request,
+    data: payload.DeleteSecret,
+    apikey: HTTPAuthorizationCredentials = Depends(security),
+):
+    """**API function to delete secrets from database.**
+
+    **Args:**
+
+        request: Reference to the FastAPI request object.
+        data: Payload with ``key`` and ``table_name`` as body.
+        apikey: API Key to authenticate the request.
+
+    **Raises:**
+
+        APIResponse:
+        Raises the HTTPStatus object with a status code and detail as response.
+    """
+    await auth.validate(request, apikey)
+    if await retrieve_secret(data.key, data.table_name):
+        LOGGER.info("Secret value for '%s' will be removed", data.key)
+    else:
+        LOGGER.warning("Secret value for '%s' NOT found", data.key)
+        raise exceptions.APIResponse(
+            status_code=HTTPStatus.NOT_FOUND.real, detail=HTTPStatus.NOT_FOUND.phrase
+        )
+    database.remove_secret(key=data.key, table_name=data.table_name)
+    raise exceptions.APIResponse(
+        status_code=HTTPStatus.OK.real, detail=HTTPStatus.OK.phrase
+    )
+
+
+async def create_table(
+    request: Request,
+    table_name: str,
+    apikey: HTTPAuthorizationCredentials = Depends(security),
+):
+    """**API function to create a new table in the database.**
+
+    **Args:**
+
+        request: Reference to the FastAPI request object.
+        table_name: Name of the table to be created.
+        apikey: API Key to authenticate the request.
+
+    **Raises:**
+
+        APIResponse:
+        Raises the HTTPStatus object with a status code and detail as response.
+    """
+    await auth.validate(request, apikey)
+    try:
+        models.database.create_table(table_name, ["key", "value"])
+    except sqlite3.OperationalError as error:
+        LOGGER.error(error)
+        raise exceptions.APIResponse(
+            status_code=HTTPStatus.EXPECTATION_FAILED.real, detail=error.args[0]
+        )
+    raise exceptions.APIResponse(
+        status_code=HTTPStatus.OK.real, detail=HTTPStatus.OK.phrase
+    )
+
+
+async def health() -> Dict[str, str]:
+    """Healthcheck endpoint.
+
+    Returns:
+        Dict[str, str]:
+        Returns the health response.
+    """
+    return {"STATUS": "OK"}
+
+
+async def docs() -> RedirectResponse:
+    """Redirect to docs page.
+
+    Returns:
+        RedirectResponse:
+        Redirects the user to ``/docs`` page.
+    """
+    return RedirectResponse("/docs")
+
+
+def get_all_routes() -> List[APIRoute]:
+    """Get all the routes to be added for the API server.
+
+    Returns:
+        List[APIRoute]:
+        Returns the routes as a list of APIRoute objects.
+    """
+    dependencies = [
+        Depends(dependency=rate_limit.RateLimiter(each_rate_limit).init)
+        for each_rate_limit in models.env.rate_limit
+    ]
+    routes = [
+        APIRoute(path="/", endpoint=docs, methods=["GET"], include_in_schema=False),
+        APIRoute(
+            path="/health", endpoint=health, methods=["GET"], include_in_schema=False
+        ),
+        APIRoute(
+            path="/get-secret",
+            endpoint=get_secret,
+            methods=["GET"],
+            dependencies=dependencies,
+        ),
+        APIRoute(
+            path="/get-secrets",
+            endpoint=get_secrets,
+            methods=["GET"],
+            dependencies=dependencies,
+        ),
+        APIRoute(
+            path="/get-table",
+            endpoint=get_table,
+            methods=["GET"],
+            dependencies=dependencies,
+        ),
+        APIRoute(
+            path="/put-secret",
+            endpoint=put_secret,
+            methods=["PUT"],
+            dependencies=dependencies,
+        ),
+        APIRoute(
+            path="/delete-secret",
+            endpoint=delete_secret,
+            methods=["DELETE"],
+            dependencies=dependencies,
+        ),
+        APIRoute(
+            path="/create-table",
+            endpoint=create_table,
+            methods=["POST"],
+            dependencies=dependencies,
+        ),
+    ]
+    return routes

vaultapi/squire.py

@@ -0,0 +1,58 @@
+import json
+import os
+import pathlib
+
+import yaml
+
+from .models import EnvConfig
+
+
+def envfile_loader(filename: str | os.PathLike) -> EnvConfig:
+    """Loads environment variables based on filetypes.
+
+    Args:
+        filename: Filename from where env vars have to be loaded.
+
+    Returns:
+        EnvConfig:
+        Returns a reference to the ``EnvConfig`` object.
+    """
+    env_file = pathlib.Path(filename)
+    if env_file.suffix.lower() == ".json":
+        with open(env_file) as stream:
+            env_data = json.load(stream)
+        return EnvConfig(**{k.lower(): v for k, v in env_data.items()})
+    elif env_file.suffix.lower() in (".yaml", ".yml"):
+        with open(env_file) as stream:
+            env_data = yaml.load(stream, yaml.FullLoader)
+        return EnvConfig(**{k.lower(): v for k, v in env_data.items()})
+    elif not env_file.suffix or env_file.suffix.lower() in (
+        ".text",
+        ".txt",
+        "",
+    ):
+        return EnvConfig.from_env_file(env_file)
+    else:
+        raise ValueError(
+            "\n\tUnsupported format for 'env_file', can be one of (.json, .yaml, .yml, .txt, .text, or null)"
+        )
+
+
+def load_env(**kwargs) -> EnvConfig:
+    """Merge env vars from env_file with kwargs, giving priority to kwargs.
+
+    See Also:
+        This function allows env vars to be loaded partially from .env files and partially through kwargs.
+
+    Returns:
+        EnvConfig:
+        Returns a reference to the ``EnvConfig`` object.
+    """
+    if env_file := kwargs.get("env_file"):
+        file_env = envfile_loader(env_file).model_dump()
+    elif os.path.isfile(".env"):
+        file_env = envfile_loader(".env").model_dump()
+    else:
+        file_env = {}
+    merged_env = {**file_env, **kwargs}
+    return EnvConfig(**merged_env)

vaultapi/version.py

@@ -0,0 +1 @@
+__version__ = "0.0.0"