envv 1.0.0__tar.gz

envv-1.0.0/PKG-INFO

@@ -0,0 +1,80 @@
+Metadata-Version: 2.4
+Name: envv
+Version: 1.0.0
+Summary: Official EnvVault Python SDK — centralized secrets management
+Author: EnvVault Team
+License: MIT
+Project-URL: Homepage, https://git.netsphere360.com/envvault/envvault-sdk
+Project-URL: Repository, https://git.netsphere360.com/envvault/envvault-sdk
+Keywords: envvault,secrets,management,sdk,vault
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Requires-Dist: requests>=2.28.0
+
+# envvault (Python SDK)
+
+Official Python SDK for [EnvVault](https://git.netsphere360.com/envvault) — centralized secrets management.
+
+## Installation
+
+```bash
+pip install envvault
+```
+
+**Requires Python >= 3.10.**
+
+## Quick Start
+
+```python
+from envvault import EnvVaultClient
+
+client = EnvVaultClient(
+    api_url="https://api.envvault.example.com",
+    token="your-token",
+)
+
+# Or rely on env vars: ENVVAULT_API_URL, ENVVAULT_TOKEN
+# Or config file: ~/.envv/config.json
+
+value = client.get_secret("DATABASE_URL")
+secrets = client.list_secrets()
+client.set_secret("API_KEY", "sk-...")
+client.delete_secret("OLD_KEY")
+```
+
+## Configuration Priority
+
+| Priority | Source |
+|----------|--------|
+| 1 (highest) | Constructor args (`api_url`, `token`) |
+| 2 | Environment variables (`ENVVAULT_API_URL`, `ENVVAULT_TOKEN`) |
+| 3 (lowest) | Config file (`~/.envv/config.json`) |
+
+## Error Handling
+
+```python
+from envvault import EnvVaultClient, AuthenticationError, NotFoundError
+
+client = EnvVaultClient(api_url="...", token="...")
+
+try:
+    value = client.get_secret("MY_KEY")
+except AuthenticationError:
+    print("Invalid token")
+except NotFoundError:
+    print("Secret not found")
+```
+
+## License
+
+[MIT](../../LICENSE)

envv-1.0.0/README.md

@@ -0,0 +1,57 @@
+# envvault (Python SDK)
+
+Official Python SDK for [EnvVault](https://git.netsphere360.com/envvault) — centralized secrets management.
+
+## Installation
+
+```bash
+pip install envvault
+```
+
+**Requires Python >= 3.10.**
+
+## Quick Start
+
+```python
+from envvault import EnvVaultClient
+
+client = EnvVaultClient(
+    api_url="https://api.envvault.example.com",
+    token="your-token",
+)
+
+# Or rely on env vars: ENVVAULT_API_URL, ENVVAULT_TOKEN
+# Or config file: ~/.envv/config.json
+
+value = client.get_secret("DATABASE_URL")
+secrets = client.list_secrets()
+client.set_secret("API_KEY", "sk-...")
+client.delete_secret("OLD_KEY")
+```
+
+## Configuration Priority
+
+| Priority | Source |
+|----------|--------|
+| 1 (highest) | Constructor args (`api_url`, `token`) |
+| 2 | Environment variables (`ENVVAULT_API_URL`, `ENVVAULT_TOKEN`) |
+| 3 (lowest) | Config file (`~/.envv/config.json`) |
+
+## Error Handling
+
+```python
+from envvault import EnvVaultClient, AuthenticationError, NotFoundError
+
+client = EnvVaultClient(api_url="...", token="...")
+
+try:
+    value = client.get_secret("MY_KEY")
+except AuthenticationError:
+    print("Invalid token")
+except NotFoundError:
+    print("Secret not found")
+```
+
+## License
+
+[MIT](../../LICENSE)

envv-1.0.0/envv.egg-info/PKG-INFO

@@ -0,0 +1,80 @@
+Metadata-Version: 2.4
+Name: envv
+Version: 1.0.0
+Summary: Official EnvVault Python SDK — centralized secrets management
+Author: EnvVault Team
+License: MIT
+Project-URL: Homepage, https://git.netsphere360.com/envvault/envvault-sdk
+Project-URL: Repository, https://git.netsphere360.com/envvault/envvault-sdk
+Keywords: envvault,secrets,management,sdk,vault
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Requires-Dist: requests>=2.28.0
+
+# envvault (Python SDK)
+
+Official Python SDK for [EnvVault](https://git.netsphere360.com/envvault) — centralized secrets management.
+
+## Installation
+
+```bash
+pip install envvault
+```
+
+**Requires Python >= 3.10.**
+
+## Quick Start
+
+```python
+from envvault import EnvVaultClient
+
+client = EnvVaultClient(
+    api_url="https://api.envvault.example.com",
+    token="your-token",
+)
+
+# Or rely on env vars: ENVVAULT_API_URL, ENVVAULT_TOKEN
+# Or config file: ~/.envv/config.json
+
+value = client.get_secret("DATABASE_URL")
+secrets = client.list_secrets()
+client.set_secret("API_KEY", "sk-...")
+client.delete_secret("OLD_KEY")
+```
+
+## Configuration Priority
+
+| Priority | Source |
+|----------|--------|
+| 1 (highest) | Constructor args (`api_url`, `token`) |
+| 2 | Environment variables (`ENVVAULT_API_URL`, `ENVVAULT_TOKEN`) |
+| 3 (lowest) | Config file (`~/.envv/config.json`) |
+
+## Error Handling
+
+```python
+from envvault import EnvVaultClient, AuthenticationError, NotFoundError
+
+client = EnvVaultClient(api_url="...", token="...")
+
+try:
+    value = client.get_secret("MY_KEY")
+except AuthenticationError:
+    print("Invalid token")
+except NotFoundError:
+    print("Secret not found")
+```
+
+## License
+
+[MIT](../../LICENSE)

envv-1.0.0/envv.egg-info/SOURCES.txt

@@ -0,0 +1,12 @@
+README.md
+pyproject.toml
+envv.egg-info/PKG-INFO
+envv.egg-info/SOURCES.txt
+envv.egg-info/dependency_links.txt
+envv.egg-info/requires.txt
+envv.egg-info/top_level.txt
+envvault/__init__.py
+envvault/client.py
+envvault/config.py
+envvault/errors.py
+tests/test_validation.py

envv-1.0.0/envv.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

envv-1.0.0/envv.egg-info/requires.txt

@@ -0,0 +1 @@
+requests>=2.28.0

envv-1.0.0/envv.egg-info/top_level.txt

@@ -0,0 +1 @@
+envvault

envv-1.0.0/envvault/__init__.py

@@ -0,0 +1,24 @@
+"""EnvVault Python SDK — centralized secrets management."""
+
+from envvault.client import EnvVaultClient
+from envvault.errors import (
+    EnvVaultError,
+    AuthenticationError,
+    AuthorizationError,
+    NotFoundError,
+    NetworkError,
+    ConfigurationError,
+    ValidationError,
+)
+
+__version__ = "1.0.0"
+__all__ = [
+    "EnvVaultClient",
+    "EnvVaultError",
+    "AuthenticationError",
+    "AuthorizationError",
+    "NotFoundError",
+    "NetworkError",
+    "ConfigurationError",
+    "ValidationError",
+]

envv-1.0.0/envvault/client.py

@@ -0,0 +1,163 @@
+"""EnvVault HTTP client with typed error handling."""
+
+from __future__ import annotations
+
+from typing import Any, Optional
+from urllib.parse import quote
+
+import requests
+
+from envvault.config import resolve_config
+from envvault.errors import (
+    AuthenticationError,
+    AuthorizationError,
+    ConfigurationError,
+    EnvVaultError,
+    NetworkError,
+    NotFoundError,
+    ValidationError,
+)
+
+_DEFAULT_TIMEOUT = 30  # seconds
+
+
+class EnvVaultClient:
+    """EnvVault SDK client for managing secrets.
+
+    Args:
+        api_url: The EnvVault API base URL.
+        token: Bearer authentication token.
+        timeout: Request timeout in seconds (default 30).
+
+    Configuration priority: constructor args > env vars > ~/.envv/config.json
+    """
+
+    def __init__(
+        self,
+        api_url: Optional[str] = None,
+        token: Optional[str] = None,
+        timeout: int = _DEFAULT_TIMEOUT,
+    ):
+        config = resolve_config(api_url=api_url, token=token)
+        self._api_url = (config["api_url"] or "").rstrip("/")
+        self._token = config["token"]
+        self._timeout = timeout
+
+        if not self._api_url:
+            raise ConfigurationError(
+                "API URL is not configured. Provide it via constructor, "
+                "ENVVAULT_API_URL, or ~/.envv/config.json."
+            )
+
+        self._session = requests.Session()
+        self._session.headers.update({
+            "Content-Type": "application/json",
+        })
+        if self._token:
+            self._session.headers["Authorization"] = f"Bearer {self._token}"
+
+    # ── Public API ──────────────────────────────────────────────
+
+    def get_secret(self, key: str) -> str | None:
+        """Fetch a single secret's decrypted value.
+
+        Args:
+            key: The secret key.
+
+        Returns:
+            The decrypted secret value, or None if not present in response.
+        """
+        _validate_key(key)
+        data = self._request("GET", f"/cli/secrets/{quote(key, safe='')}")
+        return (data.get("data") or {}).get("value") or data.get("value")
+
+    def list_secrets(self) -> list[dict[str, Any]]:
+        """List all secrets (metadata only, values not included).
+
+        Returns:
+            List of secret metadata dicts.
+        """
+        data = self._request("GET", "/cli/secrets")
+        return data.get("data", data) if isinstance(data, dict) else data
+
+    def set_secret(self, key: str, value: str) -> bool:
+        """Create or update a secret.
+
+        Args:
+            key: The secret key.
+            value: The secret value.
+
+        Returns:
+            True on success.
+        """
+        _validate_key(key)
+        _validate_value(value)
+        data = self._request("POST", "/cli/secrets", json={"key": key, "value": value})
+        return data.get("success", False)
+
+    def delete_secret(self, key: str) -> bool:
+        """Delete a secret by key.
+
+        Args:
+            key: The secret key.
+
+        Returns:
+            True on success.
+        """
+        _validate_key(key)
+        data = self._request("DELETE", f"/cli/secrets/{quote(key, safe='')}")
+        return data.get("success", False)
+
+    # ── Internal ────────────────────────────────────────────────
+
+    def _request(self, method: str, path: str, **kwargs) -> dict:
+        """Execute an HTTP request and handle errors."""
+        url = f"{self._api_url}{path}"
+        try:
+            resp = self._session.request(
+                method, url, timeout=self._timeout, **kwargs
+            )
+        except requests.ConnectionError as exc:
+            raise NetworkError(str(exc)) from exc
+        except requests.Timeout as exc:
+            raise NetworkError(f"Request timed out: {exc}") from exc
+        except requests.RequestException as exc:
+            raise NetworkError(str(exc)) from exc
+
+        if resp.status_code >= 400:
+            self._raise_for_status(resp)
+
+        return resp.json()
+
+    @staticmethod
+    def _raise_for_status(resp: requests.Response) -> None:
+        """Map HTTP error responses to typed SDK errors."""
+        try:
+            body = resp.json()
+        except ValueError:
+            body = {}
+
+        message = body.get("error") or body.get("message") or resp.text
+        status = resp.status_code
+
+        if status == 401:
+            raise AuthenticationError(message)
+        if status == 403:
+            raise AuthorizationError(message)
+        if status == 404:
+            raise NotFoundError(message)
+
+        raise EnvVaultError(f"API Error ({status}): {message}", "API_ERROR", status)
+
+
+# ── Validators ──────────────────────────────────────────────────
+
+
+def _validate_key(key: Any) -> None:
+    if not isinstance(key, str) or not key.strip():
+        raise ValidationError("Secret key must be a non-empty string.")
+
+
+def _validate_value(value: Any) -> None:
+    if not isinstance(value, str):
+        raise ValidationError("Secret value must be a string.")

envv-1.0.0/envvault/config.py

@@ -0,0 +1,59 @@
+"""Configuration resolution for the EnvVault SDK.
+
+Priority: Programmatic (constructor) > Environment Variables > Config File (~/.envv/config.json)
+"""
+
+import json
+import os
+from pathlib import Path
+from typing import Optional
+
+
+def resolve_config(
+    api_url: Optional[str] = None,
+    token: Optional[str] = None,
+) -> dict:
+    """Resolve SDK configuration from multiple sources.
+
+    Args:
+        api_url: Programmatic API URL override (highest priority).
+        token: Programmatic token override (highest priority).
+
+    Returns:
+        dict with 'api_url' and 'token' keys.
+    """
+    resolved_api_url = ""
+    resolved_token = None
+
+    # 1. Config file (lowest priority)
+    config_path = Path.home() / ".envv" / "config.json"
+    try:
+        if config_path.is_file():
+            with open(config_path, "r", encoding="utf-8") as f:
+                file_config = json.load(f)
+
+            resolved_token = (
+                file_config.get("token")
+                or (file_config.get("config") or {}).get("token")
+            )
+            if file_config.get("api_base_url"):
+                resolved_api_url = file_config["api_base_url"]
+    except (json.JSONDecodeError, OSError):
+        pass
+
+    # 2. Environment variables override config file
+    env_token = os.environ.get("ENVVAULT_TOKEN")
+    if env_token:
+        resolved_token = env_token
+
+    env_api_url = os.environ.get("ENVVAULT_API_URL")
+    if env_api_url:
+        resolved_api_url = env_api_url
+
+    # 3. Programmatic overrides (highest priority)
+    if token:
+        resolved_token = token
+    if api_url:
+        resolved_api_url = api_url
+
+    return {"api_url": resolved_api_url, "token": resolved_token}

envv-1.0.0/envvault/errors.py

@@ -0,0 +1,53 @@
+"""Typed error hierarchy for the EnvVault SDK."""
+
+
+class EnvVaultError(Exception):
+    """Base error for all EnvVault SDK errors."""
+
+    def __init__(self, message: str, code: str, status_code: int | None = None):
+        super().__init__(message)
+        self.message = message
+        self.code = code
+        self.status_code = status_code
+
+
+class AuthenticationError(EnvVaultError):
+    """Raised when authentication fails (HTTP 401)."""
+
+    def __init__(self, message: str = "Invalid or expired token."):
+        super().__init__(message, "UNAUTHORIZED", 401)
+
+
+class AuthorizationError(EnvVaultError):
+    """Raised when access is denied (HTTP 403)."""
+
+    def __init__(self, message: str = "You do not have access to this resource."):
+        super().__init__(message, "FORBIDDEN", 403)
+
+
+class NotFoundError(EnvVaultError):
+    """Raised when the requested resource is not found (HTTP 404)."""
+
+    def __init__(self, message: str = "The requested resource was not found."):
+        super().__init__(message, "NOT_FOUND", 404)
+
+
+class NetworkError(EnvVaultError):
+    """Raised on network-level failures."""
+
+    def __init__(self, message: str = "A network error occurred."):
+        super().__init__(message, "NETWORK_ERROR")
+
+
+class ConfigurationError(EnvVaultError):
+    """Raised when required SDK configuration is missing."""
+
+    def __init__(self, message: str = "SDK is not configured. Provide api_url and token."):
+        super().__init__(message, "CONFIGURATION_ERROR")
+
+
+class ValidationError(EnvVaultError):
+    """Raised when a function receives invalid arguments."""
+
+    def __init__(self, message: str):
+        super().__init__(message, "VALIDATION_ERROR")

envv-1.0.0/pyproject.toml

@@ -0,0 +1,37 @@
+[build-system]
+requires = ["setuptools>=68.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "envv"
+version = "1.0.0"
+description = "Official EnvVault Python SDK — centralized secrets management"
+readme = "README.md"
+license = {text = "MIT"}
+requires-python = ">=3.10"
+authors = [
+    {name = "EnvVault Team"},
+]
+keywords = ["envvault", "secrets", "management", "sdk", "vault"]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Topic :: Security",
+    "Topic :: Software Development :: Libraries :: Python Modules",
+]
+dependencies = [
+    "requests>=2.28.0",
+]
+
+[project.urls]
+Homepage = "https://git.netsphere360.com/envvault/envvault-sdk"
+Repository = "https://git.netsphere360.com/envvault/envvault-sdk"
+
+[tool.setuptools.packages.find]
+include = ["envvault*"]

envv-1.0.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

envv-1.0.0/tests/test_validation.py

@@ -0,0 +1,78 @@
+"""Tests for input validation and SDK exports."""
+
+import pytest
+
+from envvault import (
+    EnvVaultClient,
+    EnvVaultError,
+    AuthenticationError,
+    AuthorizationError,
+    NotFoundError,
+    NetworkError,
+    ConfigurationError,
+    ValidationError,
+)
+
+
+class TestExports:
+    """Verify all expected symbols are importable."""
+
+    def test_client_class_exists(self):
+        assert callable(EnvVaultClient)
+
+    def test_error_classes_exist(self):
+        for cls in (
+            EnvVaultError,
+            AuthenticationError,
+            AuthorizationError,
+            NotFoundError,
+            NetworkError,
+            ConfigurationError,
+            ValidationError,
+        ):
+            assert issubclass(cls, Exception)
+
+    def test_error_hierarchy(self):
+        assert issubclass(AuthenticationError, EnvVaultError)
+        assert issubclass(AuthorizationError, EnvVaultError)
+        assert issubclass(NotFoundError, EnvVaultError)
+        assert issubclass(NetworkError, EnvVaultError)
+        assert issubclass(ConfigurationError, EnvVaultError)
+        assert issubclass(ValidationError, EnvVaultError)
+
+
+class TestValidation:
+    """Verify input validation raises ValidationError."""
+
+    def _make_client(self):
+        """Create a client that will fail on HTTP but pass validation."""
+        return EnvVaultClient(api_url="http://localhost:9999", token="test")
+
+    def test_get_secret_empty_key(self):
+        client = self._make_client()
+        with pytest.raises(ValidationError):
+            client.get_secret("")
+
+    def test_get_secret_non_string_key(self):
+        client = self._make_client()
+        with pytest.raises(ValidationError):
+            client.get_secret(123)
+
+    def test_set_secret_empty_key(self):
+        client = self._make_client()
+        with pytest.raises(ValidationError):
+            client.set_secret("", "value")
+
+    def test_set_secret_non_string_value(self):
+        client = self._make_client()
+        with pytest.raises(ValidationError):
+            client.set_secret("key", 123)
+
+    def test_delete_secret_whitespace_key(self):
+        client = self._make_client()
+        with pytest.raises(ValidationError):
+            client.delete_secret("   ")
+
+    def test_missing_api_url_raises_config_error(self):
+        with pytest.raises(ConfigurationError):
+            EnvVaultClient(api_url="", token="t")