dworshak-access 0.1.9__tar.gz → 0.1.13__tar.gz

{dworshak_access-0.1.9/src/dworshak_access.egg-info → dworshak_access-0.1.13}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dworshak-access
-Version: 0.1.9
+Version: 0.1.13
 Summary: **dworshak-access** is a light-weight library for local credential access. It exposes the **get_secret()** function, to allow a program to leverage credentials that have been established using the Drowshak CLI tool, which is a separate package.
 Requires-Python: >=3.9
 Description-Content-Type: text/markdown
@@ -11,9 +11,14 @@ Dynamic: license-file
 **dworshak-access** is a light-weight library for local credential access. By adding **dworshak-access** as a dependency to your Python project, you enable your program or script to leverage credentials that have been established using the Drowshak CLI tool, which is a separate package.
 
 ## Functions exposed in **dworshak-access**:
-- check_vault() # For troubleshooting automated testing.
-- get_secret() # The meat and potatoes.
+- `initialize_vault()` – Create the vault directory, encryption key, and SQLite database. Safe to call multiple times.
+- `check_vault()` – Check the health of the vault (directory, key, DB).
+- `store_secret(service: str, item: str, plaintext: str)` – Encrypt and store a credential in the vault.
+- `get_secret(service: str, item: str) -> str` – Retrieve and decrypt a credential.
+- `list_credentials() -> list[tuple[str, str]]` – List all stored service/item pairs.
 
+All secrets are stored Fernet-encrypted in the database under the secret column.
+No opaque blobs — every entry is meaningful and decryptable via the library.
 
 ### Example
 
@@ -22,17 +27,22 @@ uv add dworshak-access
 ```
 
 ```python
-from dworshak_access import get_secret
+from dworshak_access import initialize_vault, store_secret, get_secret, list_credentials
 
-service_name = "MyThirdFavoriteAPI"
-item_id_u = "username"
-item_id_p = "password"
+# Initialize the vault (create key and DB if missing)
+initialize_vault()
 
-un = get_secret(service_name,item_id_u)
-pw = get_secret(service_name,item_id_p)
+# Store credentials
+store_secret("rjn_api", "username", "admin")
+store_secret("rjn_api", "password", "s3cr3t")
 
-# Then use these in your program
+# Retrieve credentials
+username = get_secret("rjn_api", "username")
+password = get_secret("rjn_api", "password")
 
+# List stored items
+for service, item in list_credentials():
+    print(f"{service}/{item}")
 ```
 
 ---

{dworshak_access-0.1.9 → dworshak_access-0.1.13}/README.md

@@ -1,9 +1,14 @@
 **dworshak-access** is a light-weight library for local credential access. By adding **dworshak-access** as a dependency to your Python project, you enable your program or script to leverage credentials that have been established using the Drowshak CLI tool, which is a separate package.
 
 ## Functions exposed in **dworshak-access**:
-- check_vault() # For troubleshooting automated testing.
-- get_secret() # The meat and potatoes.
+- `initialize_vault()` – Create the vault directory, encryption key, and SQLite database. Safe to call multiple times.
+- `check_vault()` – Check the health of the vault (directory, key, DB).
+- `store_secret(service: str, item: str, plaintext: str)` – Encrypt and store a credential in the vault.
+- `get_secret(service: str, item: str) -> str` – Retrieve and decrypt a credential.
+- `list_credentials() -> list[tuple[str, str]]` – List all stored service/item pairs.
 
+All secrets are stored Fernet-encrypted in the database under the secret column.
+No opaque blobs — every entry is meaningful and decryptable via the library.
 
 ### Example
 
@@ -12,17 +17,22 @@ uv add dworshak-access
 ```
 
 ```python
-from dworshak_access import get_secret
+from dworshak_access import initialize_vault, store_secret, get_secret, list_credentials
 
-service_name = "MyThirdFavoriteAPI"
-item_id_u = "username"
-item_id_p = "password"
+# Initialize the vault (create key and DB if missing)
+initialize_vault()
 
-un = get_secret(service_name,item_id_u)
-pw = get_secret(service_name,item_id_p)
+# Store credentials
+store_secret("rjn_api", "username", "admin")
+store_secret("rjn_api", "password", "s3cr3t")
 
-# Then use these in your program
+# Retrieve credentials
+username = get_secret("rjn_api", "username")
+password = get_secret("rjn_api", "password")
 
+# List stored items
+for service, item in list_credentials():
+    print(f"{service}/{item}")
 ```
 
 ---

{dworshak_access-0.1.9 → dworshak_access-0.1.13}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "dworshak-access"
-version = "0.1.9"
+version = "0.1.13"
 description = "**dworshak-access** is a light-weight library for local credential access. It exposes the **get_secret()** function, to allow a program to leverage credentials that have been established using the Drowshak CLI tool, which is a separate package."
 readme = "README.md"
 requires-python = ">=3.9"
@@ -18,5 +18,10 @@ resolution = "highest"
 requires = ["setuptools>=64", "wheel"]
 build-backend = "setuptools.build_meta"
 
+[dependency-groups]
+dev = [
+    "pytest>=8.4.2",
+]
+
 [tool.setuptools.packages.find]
 where = ["src"]

dworshak_access-0.1.13/src/dworshak_access/__init__.py

@@ -0,0 +1,18 @@
+# src/dowrshak_access/__init__.py
+from __future__ import annotations
+
+from .vault import (
+    initialize_vault,
+    check_vault,
+    store_secret,
+    get_secret,
+    list_credentials,
+)
+
+__all__ = [
+    "initialize_vault",
+    "check_vault",
+    "store_secret",
+    "get_secret",
+    "list_credentials",
+]

dworshak_access-0.1.13/src/dworshak_access/paths.py

@@ -0,0 +1,8 @@
+# src/dowrshak_access/paths.py
+from __future__ import annotations
+from pathlib import Path
+
+APP_DIR = Path.home() / ".dworshak"
+DB_FILE = APP_DIR / "vault.db"
+KEY_FILE = APP_DIR / ".key"
+CONFIG_FILE = APP_DIR / "config.json"

dworshak_access-0.1.13/src/dworshak_access/security.py

@@ -0,0 +1,20 @@
+# src/dowrshak_access/security.py
+from __future__ import annotations
+from cryptography.fernet import Fernet
+from .paths import KEY_FILE
+import os
+
+def get_fernet() -> Fernet:
+    """
+    Returns a Fernet instance using the master key.
+    Generates key if missing.
+    """
+    if not KEY_FILE.exists():
+        APP_DIR = KEY_FILE.parent
+        APP_DIR.mkdir(parents=True, exist_ok=True)
+        key = Fernet.generate_key()
+        KEY_FILE.write_bytes(key)
+        os.chmod(KEY_FILE, 0o600)
+
+    key_bytes = KEY_FILE.read_bytes()
+    return Fernet(key_bytes)

dworshak_access-0.1.13/src/dworshak_access/vault.py

@@ -0,0 +1,76 @@
+# src/dowrshak_access/vault.py
+from __future__ import annotations
+import sqlite3
+from pathlib import Path
+from typing import NamedTuple, List
+from .paths import DB_FILE, APP_DIR
+from .security import get_fernet
+
+class VaultStatus(NamedTuple):
+    is_valid: bool
+    message: str
+    root_path: Path
+
+def initialize_vault() -> None:
+    """Create vault DB with encrypted secret column."""
+    APP_DIR.mkdir(parents=True, exist_ok=True)
+    conn = sqlite3.connect(DB_FILE)
+    conn.execute("""
+        CREATE TABLE IF NOT EXISTS credentials (
+            service TEXT NOT NULL,
+            item TEXT NOT NULL,
+            secret BLOB NOT NULL,
+            PRIMARY KEY(service, item)
+        )
+    """)
+    conn.execute("""
+        CREATE TABLE IF NOT EXISTS schema_version (
+            version INTEGER NOT NULL
+        )
+    """)
+    # Set version 1 if empty
+    cursor = conn.execute("SELECT COUNT(*) FROM schema_version")
+    if cursor.fetchone()[0] == 0:
+        conn.execute("INSERT INTO schema_version (version) VALUES (1)")
+    conn.commit()
+    conn.close()
+
+def check_vault() -> VaultStatus:
+    if not APP_DIR.exists():
+        return VaultStatus(False, "Vault directory missing", APP_DIR)
+    if not DB_FILE.exists():
+        return VaultStatus(False, "Vault DB missing", APP_DIR)
+    if not get_fernet():
+        return VaultStatus(False, "Encryption key missing", APP_DIR)
+    return VaultStatus(True, "Vault healthy", APP_DIR)
+
+def store_secret(service: str, item: str, plaintext: str):
+    f = get_fernet()
+    encrypted_secret = f.encrypt(plaintext.encode())
+    conn = sqlite3.connect(DB_FILE)
+    conn.execute(
+        "INSERT OR REPLACE INTO credentials (service, item, secret) VALUES (?, ?, ?)",
+        (service, item, encrypted_secret)
+    )
+    conn.commit()
+    conn.close()
+
+def get_secret(service: str, item: str) -> str:
+    f = get_fernet()
+    conn = sqlite3.connect(DB_FILE)
+    cursor = conn.execute(
+        "SELECT secret FROM credentials WHERE service = ? AND item = ?",
+        (service, item)
+    )
+    row = cursor.fetchone()
+    conn.close()
+    if not row:
+        raise KeyError(f"No credential found for {service}/{item}")
+    return f.decrypt(row[0]).decode()
+
+def list_credentials() -> List[tuple[str, str]]:
+    conn = sqlite3.connect(DB_FILE)
+    cursor = conn.execute("SELECT service, item FROM credentials")
+    rows = cursor.fetchall()
+    conn.close()
+    return rows

{dworshak_access-0.1.9 → dworshak_access-0.1.13/src/dworshak_access.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dworshak-access
-Version: 0.1.9
+Version: 0.1.13
 Summary: **dworshak-access** is a light-weight library for local credential access. It exposes the **get_secret()** function, to allow a program to leverage credentials that have been established using the Drowshak CLI tool, which is a separate package.
 Requires-Python: >=3.9
 Description-Content-Type: text/markdown
@@ -11,9 +11,14 @@ Dynamic: license-file
 **dworshak-access** is a light-weight library for local credential access. By adding **dworshak-access** as a dependency to your Python project, you enable your program or script to leverage credentials that have been established using the Drowshak CLI tool, which is a separate package.
 
 ## Functions exposed in **dworshak-access**:
-- check_vault() # For troubleshooting automated testing.
-- get_secret() # The meat and potatoes.
+- `initialize_vault()` – Create the vault directory, encryption key, and SQLite database. Safe to call multiple times.
+- `check_vault()` – Check the health of the vault (directory, key, DB).
+- `store_secret(service: str, item: str, plaintext: str)` – Encrypt and store a credential in the vault.
+- `get_secret(service: str, item: str) -> str` – Retrieve and decrypt a credential.
+- `list_credentials() -> list[tuple[str, str]]` – List all stored service/item pairs.
 
+All secrets are stored Fernet-encrypted in the database under the secret column.
+No opaque blobs — every entry is meaningful and decryptable via the library.
 
 ### Example
 
@@ -22,17 +27,22 @@ uv add dworshak-access
 ```
 
 ```python
-from dworshak_access import get_secret
+from dworshak_access import initialize_vault, store_secret, get_secret, list_credentials
 
-service_name = "MyThirdFavoriteAPI"
-item_id_u = "username"
-item_id_p = "password"
+# Initialize the vault (create key and DB if missing)
+initialize_vault()
 
-un = get_secret(service_name,item_id_u)
-pw = get_secret(service_name,item_id_p)
+# Store credentials
+store_secret("rjn_api", "username", "admin")
+store_secret("rjn_api", "password", "s3cr3t")
 
-# Then use these in your program
+# Retrieve credentials
+username = get_secret("rjn_api", "username")
+password = get_secret("rjn_api", "password")
 
+# List stored items
+for service, item in list_credentials():
+    print(f"{service}/{item}")
 ```
 
 ---

{dworshak_access-0.1.9 → dworshak_access-0.1.13}/src/dworshak_access.egg-info/SOURCES.txt

@@ -2,9 +2,13 @@ LICENSE
 README.md
 pyproject.toml
 src/dworshak_access/__init__.py
+src/dworshak_access/paths.py
+src/dworshak_access/security.py
 src/dworshak_access/vault.py
 src/dworshak_access.egg-info/PKG-INFO
 src/dworshak_access.egg-info/SOURCES.txt
 src/dworshak_access.egg-info/dependency_links.txt
 src/dworshak_access.egg-info/requires.txt
-src/dworshak_access.egg-info/top_level.txt
+src/dworshak_access.egg-info/top_level.txt
+tests/test_check_vault.py
+tests/test_get_secret.py

dworshak_access-0.1.13/tests/test_check_vault.py

@@ -0,0 +1,18 @@
+from __future__ import annotations
+from pathlib import Path
+from dworshak_access.vault import check_vault
+
+def test_check_vault_reports_missing_dir(tmp_path):
+    """
+    If the folder doesn't exist, check_vault should 
+    return a valid status object indicating it's missing.
+    """
+    # Point to a directory we know doesn't exist
+    fake_path = tmp_path / "non_existent_vault"
+    
+    status = check_vault(root=fake_path)
+    
+    # We don't want a crash/exception; we want a 'False' status
+    assert status.is_valid is False
+    assert "does not exist" in status.message
+    assert status.root_path == fake_path

dworshak_access-0.1.13/tests/test_get_secret.py

@@ -0,0 +1,27 @@
+from __future__ import annotations
+import pytest
+from unittest.mock import patch, MagicMock, mock_open
+from dworshak_access.vault import get_secret
+
+@patch("dworshak_access.vault.Fernet")
+@patch("sqlite3.connect")
+@patch("pathlib.Path.exists", return_value=True)
+@patch("pathlib.Path.read_bytes", return_value=b"fake-key-bytes")
+def test_get_secret_logic(mock_read, mock_exists, mock_connect, mock_fernet):
+    # 1. Setup the Mock Database Response
+    mock_conn = MagicMock()
+    mock_cursor = MagicMock()
+    # Simulate the DB returning an encrypted blob
+    mock_cursor.fetchone.return_value = (b"encrypted-blob",)
+    mock_conn.execute.return_value = mock_cursor
+    mock_connect.return_value.__enter__.return_value = mock_conn
+
+    # 2. Setup the Mock Decryption
+    mock_fernet_instance = mock_fernet.return_value
+    mock_fernet_instance.decrypt.return_value = b"decrypted-password"
+
+    # 3. Execution
+    result = get_secret("service", "item")
+
+    # 4. Assertion
+    assert result == "decrypted-password"

dworshak_access-0.1.9/src/dworshak_access/__init__.py

@@ -1,9 +0,0 @@
-# src/dowrshak_access/__init__.py
-from __future__ import annotations
-from dworshak_access.vault import get_secret, check_vault
-
-__all__ = [
-    "get_secret",
-    "check_vault"
-]
-

dworshak_access-0.1.9/src/dworshak_access/vault.py

@@ -1,53 +0,0 @@
-# src/dworshak-access/vault.py
-from __future__ import annotations
-import sqlite3
-import os
-from pathlib import Path
-from typing import NamedTuple, List, Tuple, Optional
-from cryptography.fernet import Fernet
-
-DEFAULT_ROOT = Path.home() / ".dworshak"
-
-class VaultStatus(NamedTuple):
-    is_valid: bool
-    message: str
-    root_path: Path
-
-def check_vault(root: Path = DEFAULT_ROOT) -> VaultStatus:
-    """Diagnose the health of the Dworshak environment."""
-    if not root.exists():
-        return VaultStatus(False, "Vault directory does not exist.", root)
-    if not (root / ".key").exists():
-        return VaultStatus(False, "Security key (.key) is missing.", root)
-    if not (root / "vault.db").exists():
-        return VaultStatus(False, "Credential database (vault.db) is missing.", root)
-    
-    try:
-        with sqlite3.connect(root / "vault.db") as conn:
-            conn.execute("SELECT 1 FROM credentials LIMIT 1")
-    except sqlite3.Error as e:
-        return VaultStatus(False, f"Database error: {e}", root)
-        
-    return VaultStatus(True, "Vault is healthy.", root)
-
-def get_secret(service: str, item: str, root: Path = DEFAULT_ROOT) -> str:
-    """Retrieve and decrypt a specific secret."""
-    key_path = root / ".key"
-    db_path = root / "vault.db"
-
-    if not key_path.exists():
-        raise FileNotFoundError(f"Dworshak key not found at {key_path}")
-
-    fernet = Fernet(key_path.read_bytes())
-
-    with sqlite3.connect(db_path) as conn:
-        cursor = conn.execute(
-            "SELECT secret FROM credentials WHERE service = ? AND item = ?",
-            (service, item)
-        )
-        row = cursor.fetchone()
-
-    if not row:
-        raise KeyError(f"No credential found for {service}/{item}")
-
-    return fernet.decrypt(row[0]).decode()