VaultAPI 0.1.1__py3-none-any.whl

VaultAPI-0.1.1.dist-info/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Vignesh Rao
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

VaultAPI-0.1.1.dist-info/METADATA

@@ -0,0 +1,240 @@
+Metadata-Version: 2.2
+Name: VaultAPI
+Version: 0.1.1
+Summary: Lightweight API to store/retrieve secrets to/from an encrypted Database
+Author-email: Vignesh Rao <svignesh1793@gmail.com>
+License: MIT License
+        
+        Copyright (c) 2024 Vignesh Rao
+        
+        Permission is hereby granted, free of charge, to any person obtaining a copy
+        of this software and associated documentation files (the "Software"), to deal
+        in the Software without restriction, including without limitation the rights
+        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+        copies of the Software, and to permit persons to whom the Software is
+        furnished to do so, subject to the following conditions:
+        
+        The above copyright notice and this permission notice shall be included in all
+        copies or substantial portions of the Software.
+        
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+        SOFTWARE.
+        
+Project-URL: Homepage, https://github.com/thevickypedia/VaultAPI
+Project-URL: Docs, https://thevickypedia.github.io/VaultAPI
+Project-URL: Source, https://github.com/thevickypedia/VaultAPI
+Project-URL: Bug Tracker, https://github.com/thevickypedia/VaultAPI/issues
+Project-URL: Release Notes, https://github.com/thevickypedia/VaultAPI/blob/main/release_notes.rst
+Keywords: vaultapi,vault,fastapi,sqlite3,fernet
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Operating System :: MacOS :: MacOS X
+Classifier: Operating System :: Microsoft :: Windows
+Classifier: Operating System :: POSIX :: Linux
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: click==8.1.8
+Requires-Dist: cryptography==44.0.0
+Requires-Dist: fastapi==0.115.6
+Requires-Dist: pydantic==2.10.5
+Requires-Dist: pydantic-settings==2.7.1
+Requires-Dist: python-dotenv==1.0.1
+Requires-Dist: PyYAML==6.0.2
+Requires-Dist: uvicorn==0.34.0
+Provides-Extra: dev
+Requires-Dist: sphinx==5.1.1; extra == "dev"
+Requires-Dist: pre-commit; extra == "dev"
+Requires-Dist: recommonmark; extra == "dev"
+Requires-Dist: gitverse; extra == "dev"
+
+# VaultAPI
+Lightweight API to store/retrieve secrets to/from an encrypted Database
+
+![Python][label-pyversion]
+
+**Platform Supported**
+
+![Platform][label-platform]
+![docker-image][image-size]
+
+**Deployments**
+
+[![docker][label-docker-build]][gha_docker]
+[![pypi][label-actions-pypi]][gha_pypi]
+[![docker_desc][label-docker-desc]][gha_docker_desc]
+
+[![markdown][label-actions-markdown]][gha_md_valid]
+[![pages][label-actions-pages]][gha_pages]
+
+[![Pypi][label-pypi]][pypi]
+[![Pypi-format][label-pypi-format]][pypi-files]
+[![Pypi-status][label-pypi-status]][pypi]
+
+## Kick off
+
+**Recommendations**
+
+- Install `python` [3.10] or [3.11]
+- Use a dedicated [virtual environment]
+
+**Install VaultAPI**
+```shell
+python -m pip install vaultapi
+```
+
+**Initiate - IDE**
+```python
+import vaultapi.server
+
+
+if __name__ == '__main__':
+    vaultapi.server.start()
+```
+
+**Initiate - CLI**
+```shell
+vaultapi start
+```
+
+> Use `vaultapi --help` for usage instructions.
+
+## Environment Variables
+
+<details>
+<summary><strong>Sourcing environment variables from an env file</strong></summary>
+
+> _By default, `VaultAPI` will look for a `.env` file in the current working directory._
+</details>
+
+**Mandatory**
+- **APIKEY** - API Key for authentication.
+- **SECRET** - Secret access key to encode/decode the secrets in Datastore.
+
+**Optional (with defaults)**
+- **TRANSIT_KEY_LENGTH** - AES key length for transit encryption. Defaults to `32`
+- **TRANSIT_TIME_BUCKET** - Interval for which the transit epoch should remain constant. Defaults to `60`
+- **DATABASE** - FilePath to store the secrets' database. Defaults to `secrets.db`
+- **HOST** - Hostname for the API server. Defaults to `0.0.0.0` [OR] `localhost`
+- **PORT** - Port number for the API server. Defaults to `9010`
+- **WORKERS** - Number of workers for the uvicorn server. Defaults to `1`
+- **RATE_LIMIT** - List of dictionaries with `max_requests` and `seconds` to apply as rate limit.
+Defaults to 5req/2s [AND] 10req/30s
+
+**Optional (without defaults)**
+- **LOG_CONFIG** - FilePath or dictionary of key-value pairs for log config.
+- **ALLOWED_ORIGINS** - Origins that are allowed to retrieve secrets.
+- **ALLOWED_IP_RANGE** - IP range that is allowed to retrieve secrets. _(eg: `10.112.8.10-210`)_
+
+> Checkout [decryptors][decryptors] for more information about decrypting the retrieved secret from the server.
+
+<details>
+<summary>Auto generate a <code>SECRET</code> value</summary>
+
+This value will be used to encrypt/decrypt the secrets stored in the database.
+
+**CLI**
+```shell
+vaultapi keygen
+```
+
+**IDE**
+```python
+from cryptography.fernet import Fernet
+print(Fernet.generate_key())
+```
+</details>
+
+## Coding Standards
+Docstring format: [`Google`][google-docs] <br>
+Styling conventions: [`PEP 8`][pep8] and [`isort`][isort]
+
+## [Release Notes][release-notes]
+**Requirement**
+```shell
+python -m pip install gitverse
+```
+
+**Usage**
+```shell
+gitverse-release reverse -f release_notes.rst -t 'Release Notes'
+```
+
+## Linting
+`pre-commit` will ensure linting, run pytest, generate runbook & release notes, and validate hyperlinks in ALL
+markdown files (including Wiki pages)
+
+**Requirement**
+```shell
+python -m pip install sphinx==5.1.1 pre-commit recommonmark
+```
+
+**Usage**
+```shell
+pre-commit run --all-files
+```
+
+## Pypi Package
+[![pypi-module][label-pypi-package]][pypi-repo]
+
+[https://pypi.org/project/VaultAPI/][pypi]
+
+## Docker Image
+[![made-with-docker-doc][label-docker-doc]][docker-doc]
+
+[https://hub.docker.com/r/thevickypedia/vaultapi][docker]
+
+## Runbook
+[![made-with-sphinx-doc][label-sphinx-doc]][sphinx]
+
+[https://thevickypedia.github.io/VaultAPI/][runbook]
+
+## License & copyright
+
+&copy; Vignesh Rao
+
+Licensed under the [MIT License][license]
+
+[label-actions-markdown]: https://github.com/thevickypedia/VaultAPI/actions/workflows/markdown.yaml/badge.svg
+[label-docker-build]: https://github.com/thevickypedia/VaultAPI/actions/workflows/docker-publish.yaml/badge.svg
+[label-docker-desc]: https://github.com/thevickypedia/VaultAPI/actions/workflows/docker-description.yaml/badge.svg
+[label-pypi-package]: https://img.shields.io/badge/Pypi%20Package-VaultAPI-blue?style=for-the-badge&logo=Python
+[label-sphinx-doc]: https://img.shields.io/badge/Made%20with-Sphinx-blue?style=for-the-badge&logo=Sphinx
+[label-docker-doc]: https://img.shields.io/badge/Made%20with-Docker-blue?style=for-the-badge&logo=Docker
+[label-pyversion]: https://img.shields.io/badge/python-3.10%20%7C%203.11-blue
+[label-platform]: https://img.shields.io/badge/Platform-Linux|macOS|Windows-1f425f.svg
+[label-actions-pages]: https://github.com/thevickypedia/VaultAPI/actions/workflows/pages/pages-build-deployment/badge.svg
+[label-actions-pypi]: https://github.com/thevickypedia/VaultAPI/actions/workflows/python-publish.yaml/badge.svg
+[label-pypi]: https://img.shields.io/pypi/v/VaultAPI
+[label-pypi-format]: https://img.shields.io/pypi/format/VaultAPI
+[label-pypi-status]: https://img.shields.io/pypi/status/VaultAPI
+
+[3.10]: https://docs.python.org/3/whatsnew/3.10.html
+[3.11]: https://docs.python.org/3/whatsnew/3.11.html
+[virtual environment]: https://docs.python.org/3/tutorial/venv.html
+[release-notes]: https://github.com/thevickypedia/VaultAPI/blob/main/release_notes.rst
+[decryptors]: https://github.com/thevickypedia/VaultAPI/blob/main/decryptors
+[gha_pages]: https://github.com/thevickypedia/VaultAPI/actions/workflows/pages/pages-build-deployment
+[gha_docker]: https://github.com/thevickypedia/VaultAPI/actions/workflows/docker-publish.yaml
+[gha_docker_desc]: https://github.com/thevickypedia/VaultAPI/actions/workflows/docker-description.yaml
+[gha_pypi]: https://github.com/thevickypedia/VaultAPI/actions/workflows/python-publish.yaml
+[gha_md_valid]: https://github.com/thevickypedia/VaultAPI/actions/workflows/markdown.yaml
+[google-docs]: https://google.github.io/styleguide/pyguide.html#38-comments-and-docstrings
+[pep8]: https://www.python.org/dev/peps/pep-0008/
+[isort]: https://pycqa.github.io/isort/
+[docker]: https://hub.docker.com/r/thevickypedia/vaultapi
+[docker-doc]: https://docs.docker.com/
+[sphinx]: https://www.sphinx-doc.org/en/master/man/sphinx-autogen.html
+[image-size]: https://img.shields.io/docker/image-size/thevickypedia/vaultapi/latest
+[pypi]: https://pypi.org/project/VaultAPI
+[pypi-files]: https://pypi.org/project/VaultAPI/#files
+[pypi-repo]: https://packaging.python.org/tutorials/packaging-projects/
+[license]: https://github.com/thevickypedia/VaultAPI/blob/main/LICENSE
+[runbook]: https://thevickypedia.github.io/VaultAPI/

VaultAPI-0.1.1.dist-info/RECORD

@@ -0,0 +1,19 @@
+vaultapi/__init__.py,sha256=iONd8B1j24jfIthkiMZH-WO0C55_NfNAWDnkHjtu84U,2634
+vaultapi/api.py,sha256=fm2ZG9M892GKEAbu30FYSXISKHZfPxBe0xluU2PaAxA,1744
+vaultapi/auth.py,sha256=SQjByRiztCREf9mjIoGetiEMqigwfsT1HlbfitYIqQc,1799
+vaultapi/database.py,sha256=B0GG1ewR3BLHDNjx8zbwzpHkCfb83cS0vRs7Be4MAf4,3815
+vaultapi/exceptions.py,sha256=99R9L2vmimS68RLt5bpw1QT3C2WELHvKNRDWRDwBKi4,185
+vaultapi/models.py,sha256=qnmFbCefP_OOdNmgPptg3wGusNz562ObD84WPw8nrv8,8496
+vaultapi/payload.py,sha256=jOBNA9EWeSVRuvX_Y8V3E56iIdAuKonXv9rrB6fS-cE,529
+vaultapi/rate_limit.py,sha256=oOcwmVmPcWYgtGr6MXrpRfr_i3iKinp_E1RjW8LlR5g,2198
+vaultapi/routes.py,sha256=6X2jEw25dbleeEhB5AD9R7T80Op-7zXvuRPqW3lOLps,12991
+vaultapi/server.py,sha256=-sgtEhOXdlEsWMr2aUeE4SokxSYA5_7Mpw-QAv1Vu-M,545
+vaultapi/transit.py,sha256=s25NWKW_CmnV3HBJgR8C96gBzeWftwwWL09EXgPhnac,2614
+vaultapi/util.py,sha256=UFeE4r68Ma8ws7loEYieEKR846gUIFeYukaUde9cBY8,2959
+vaultapi/version.py,sha256=rnObPjuBcEStqSO0S6gsdS_ot8ITOQjVj_-P1LUUYpg,22
+VaultAPI-0.1.1.dist-info/LICENSE,sha256=xnHdLNCLt4RW3vtnE_TfN_cjViUHyIv0m8024fS4bws,1068
+VaultAPI-0.1.1.dist-info/METADATA,sha256=zVqYkfZya626QiMik8ymyZUfQ8jbfscqUmByes8RNbk,9229
+VaultAPI-0.1.1.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
+VaultAPI-0.1.1.dist-info/entry_points.txt,sha256=MKe6sVDEAHC3YBZoYWLMvgwupRE_QJ_iHK0umfgGOzs,50
+VaultAPI-0.1.1.dist-info/top_level.txt,sha256=17jtNvOOJqazNgWn2ZTmJqfQau5jan_xF82NAJOINQg,9
+VaultAPI-0.1.1.dist-info/RECORD,,

VaultAPI-0.1.1.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (75.8.0)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

VaultAPI-0.1.1.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+vaultapi = vaultapi:commandline

VaultAPI-0.1.1.dist-info/top_level.txt

@@ -0,0 +1 @@
+vaultapi

vaultapi/__init__.py

@@ -0,0 +1,77 @@
+import os
+import sys
+
+import click
+from cryptography.fernet import Fernet
+
+from . import version
+
+
+@click.command()
+@click.argument("run", required=False)
+@click.argument("start", required=False)
+@click.argument("keygen", required=False)
+@click.option("--version", "-V", is_flag=True, help="Prints the version.")
+@click.option("--help", "-H", is_flag=True, help="Prints the help section.")
+@click.option(
+    "--env",
+    "-E",
+    type=click.Path(exists=True),
+    help="Environment configuration filepath.",
+)
+def commandline(*args, **kwargs) -> None:
+    """Starter function to invoke VaultAPI via CLI commands.
+
+    **Flags**
+        - ``--version | -V``: Prints the version.
+        - ``--help | -H``: Prints the help section.
+        - ``--env | -E``: Environment configuration filepath.
+    """
+    assert sys.argv[0].lower().endswith("vaultapi"), "Invalid commandline trigger!!"
+    options = {
+        "--version | -V": "Prints the version.",
+        "--help | -H": "Prints the help section.",
+        "--env | -E": "Environment configuration filepath.",
+        "start | run": "Initiates the API server.",
+    }
+    # weird way to increase spacing to keep all values monotonic
+    _longest_key = len(max(options.keys()))
+    _pretext = "\n\t* "
+    choices = _pretext + _pretext.join(
+        f"{k} {'·' * (_longest_key - len(k) + 8)}→ {v}".expandtabs()
+        for k, v in options.items()
+    )
+    if kwargs.get("help"):
+        click.echo(
+            f"\nUsage: vaultapi [arbitrary-command]\nOptions (and corresponding behavior):{choices}"
+        )
+        sys.exit(0)
+    if kwargs.get("version"):
+        click.secho(f"VaultAPI v{version.__version__}", fg="green")
+        sys.exit(0)
+
+    # Store 'env' key's value as the env var 'env_file' - with default to '.env'
+    os.environ["env_file"] = kwargs.get("env") or ".env"
+    from .server import start
+
+    trigger = (
+        kwargs.get("start") or kwargs.get("run") or kwargs.get("keygen") or ""
+    ).lower()
+    if trigger in ("start", "run"):
+        start()
+        sys.exit(0)
+    elif trigger == "keygen":
+        key = Fernet.generate_key()
+        click.secho(
+            "\nStore this as an env var named 'secret' or the choice of env_file\n"
+            "This secret will be required to decrypt the secrets retrieved from the API\n",
+            fg="green",
+        )
+        click.secho(key.decode() + "\n", bold=True)
+        sys.exit(0)
+    else:
+        click.secho(f"\n{kwargs}\nNo command provided", fg="red")
+    click.echo(
+        f"Usage: vaultapi [arbitrary-command]\nOptions (and corresponding behavior):{choices}"
+    )
+    sys.exit(1)

vaultapi/api.py

@@ -0,0 +1,53 @@
+import logging
+from multiprocessing.process import current_process
+
+from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
+
+from . import models, routes, version
+
+VaultAPI = FastAPI(
+    title="VaultAPI",
+    description="Lightweight service to serve secrets and environment variables",
+    version=version.__version__,
+)
+
+
+def enable_cors() -> None:
+    """Enables CORS policy."""
+    origins = [
+        "http://localhost.com",
+        "https://localhost.com",
+    ]
+    for website in models.env.allowed_origins:
+        origins.append(f"http://{website.host}")  # noqa: HttpUrlsUsage
+        origins.append(f"https://{website.host}")
+    # Log the IP info
+    if current_process().name in ("SpawnProcess-1", "MainProcess"):
+        logger = logging.getLogger("uvicorn.default")
+        logger.info("Setting CORS policy")
+        logger.info("Allowed default origins: %s", ", ".join(models.DEFAULT_ALLOWED))
+        if models.env.allowed_origins:
+            logger.info(
+                "Allowed origins: %s",
+                ", ".join(str(url) for url in models.env.allowed_origins),
+            )
+        if models.env.allowed_ip_range:
+            logger.info("Allowed IP range: %s", ", ".join(models.env.allowed_ip_range))
+        logger.debug("Overall allowed origins: %s", models.session.allowed_origins)
+    VaultAPI.add_middleware(
+        CORSMiddleware,  # noqa: PyTypeChecker
+        allow_origins=origins,
+        allow_credentials=True,
+        allow_methods=["GET", "POST", "PUT", "DELETE"],
+        allow_headers=[
+            # Default headers
+            "host",
+            "user-agent",
+            "authorization",
+        ],
+    )
+
+
+enable_cors()
+VaultAPI.routes.extend(routes.get_all_routes())

vaultapi/auth.py

@@ -0,0 +1,51 @@
+import logging
+import secrets
+from http import HTTPStatus
+
+from fastapi import Request
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+
+from . import exceptions, models
+
+LOGGER = logging.getLogger("uvicorn.default")
+SECURITY = HTTPBearer()
+
+
+async def validate(request: Request, apikey: HTTPAuthorizationCredentials) -> None:
+    """Validates the auth request using HTTPBearer.
+
+    Args:
+        request: Takes the authorization header token as an argument.
+        apikey: Basic APIKey required for all the routes.
+
+    Raises:
+        APIResponse:
+        - 401: If authorization is invalid.
+        - 403: If host address is forbidden.
+    """
+    if request.client.host not in models.session.allowed_origins:
+        LOGGER.info(
+            "Host: %s has been blocked since it is not added to allowed list",
+            request.client.host,
+        )
+        LOGGER.info(models.session.allowed_origins)
+        raise exceptions.APIResponse(
+            status_code=HTTPStatus.FORBIDDEN.real, detail=HTTPStatus.FORBIDDEN.phrase
+        )
+    if apikey.credentials.startswith("\\"):
+        auth = bytes(apikey.credentials, "utf-8").decode(encoding="unicode_escape")
+    else:
+        auth = apikey.credentials
+    if secrets.compare_digest(auth, models.env.apikey):
+        LOGGER.debug(
+            "Connection received from client-host: %s, host-header: %s, x-fwd-host: %s",
+            request.client.host,
+            request.headers.get("host"),
+            request.headers.get("x-forwarded-host"),
+        )
+        if user_agent := request.headers.get("user-agent"):
+            LOGGER.debug("User agent: %s", user_agent)
+        return
+    raise exceptions.APIResponse(
+        status_code=HTTPStatus.UNAUTHORIZED.real, detail=HTTPStatus.UNAUTHORIZED.phrase
+    )

vaultapi/database.py

@@ -0,0 +1,122 @@
+from typing import List, Tuple
+
+from . import models
+
+
+def table_exists(table_name: str) -> bool:
+    """Function to check if a table exists in the database.
+
+    Args:
+        table_name: Name of the table to check.
+    """
+    with models.database.connection:
+        cursor = models.database.connection.cursor()
+        cursor.execute(
+            "SELECT name FROM sqlite_master WHERE type='table' AND name=?",
+            (table_name,),
+        )
+        result = cursor.fetchone()
+    if result:
+        return True
+
+
+def list_tables() -> List[str]:
+    """Function to list all available tables in the database."""
+    with models.database.connection:
+        cursor = models.database.connection.cursor()
+        cursor.execute("SELECT name FROM sqlite_master WHERE type='table';")
+        tables = cursor.fetchall()
+    return [table[0] for table in tables]
+
+
+def create_table(table_name: str, columns: List[str] | Tuple[str]) -> None:
+    """Creates the table with the required columns.
+
+    Args:
+        table_name: Name of the table that has to be created.
+        columns: List of columns that has to be created.
+    """
+    with models.database.connection:
+        cursor = models.database.connection.cursor()
+        # Use f-string or %s as table names cannot be parametrized
+        cursor.execute(
+            f"CREATE TABLE IF NOT EXISTS {table_name!r} ({', '.join(columns)})"
+        )
+
+
+def get_secret(key: str, table_name: str) -> str | None:
+    """Function to retrieve secret from database.
+
+    Args:
+        key: Name of the secret to retrieve.
+        table_name: Name of the table where the secret is stored.
+
+    Returns:
+        str:
+        Returns the secret value.
+    """
+    with models.database.connection:
+        cursor = models.database.connection.cursor()
+        state = cursor.execute(
+            f'SELECT value FROM "{table_name}" WHERE key=(?)', (key,)
+        ).fetchone()
+    if state and state[0]:
+        return state[0]
+
+
+def get_table(table_name: str) -> List[Tuple[str, str]]:
+    """Function to retrieve all key-value pairs from a particular table in the database.
+
+    Args:
+        table_name: Name of the table where the secrets are stored.
+
+    Returns:
+        str:
+        Returns the secret value.
+    """
+    with models.database.connection:
+        cursor = models.database.connection.cursor()
+        state = cursor.execute(f'SELECT * FROM "{table_name}"').fetchall()
+    return state
+
+
+def put_secret(key: str, value: str, table_name: str) -> None:
+    """Function to add secret to the database.
+
+    Args:
+        key: Name of the secret to be stored.
+        value: Value of the secret to be stored
+        table_name: Name of the table where the secret is stored.
+    """
+    with models.database.connection:
+        cursor = models.database.connection.cursor()
+        cursor.execute(
+            f'INSERT INTO "{table_name}" (key, value) VALUES (?,?)',
+            (key, value),
+        )
+        models.database.connection.commit()
+
+
+def remove_secret(key: str, table_name: str) -> None:
+    """Function to remove a secret from the database.
+
+    Args:
+        key: Name of the secret to be removed.
+        table_name: Name of the table where the secret is stored.
+    """
+    with models.database.connection:
+        cursor = models.database.connection.cursor()
+        cursor.execute(f'DELETE FROM "{table_name}" WHERE key=(?)', (key,))
+        models.database.connection.commit()
+
+
+def drop_table(table_name: str) -> None:
+    """Function to drop a table from the database.
+
+    Args:
+        table_name: Name of the table to be dropped.
+    """
+    with models.database.connection:
+        cursor = models.database.connection.cursor()
+        cursor.execute(f'DROP TABLE IF EXISTS "{table_name}"')
+        models.database.connection.commit()

vaultapi/exceptions.py

@@ -0,0 +1,9 @@
+from fastapi.exceptions import HTTPException
+
+
+class APIResponse(HTTPException):
+    """Custom ``HTTPException`` from ``FastAPI`` to wrap an API response.
+
+    >>> APIResponse
+
+    """