fujin-secrets-1password 0.16.0__py3-none-any.whl

fujin_secrets_1password/__init__.py

@@ -0,0 +1,95 @@
+"""1Password secret adapter for Fujin."""
+
+from __future__ import annotations
+
+import subprocess
+from concurrent.futures import ThreadPoolExecutor, as_completed
+from contextlib import closing
+from io import StringIO
+
+from dotenv import dotenv_values
+from fujin.config import SecretConfig
+from fujin.errors import SecretResolutionError
+
+__version__ = "0.1.0"
+
+
+def onepassword(env_content: str, secret_config: SecretConfig) -> str:
+    """1Password secret adapter.
+
+    Retrieves secrets from 1Password using the `op` CLI.
+    Handles concurrent resolution of multiple secrets for performance.
+
+    Requires user to be pre-authenticated with `op` CLI.
+
+    Configuration:
+        adapter = "1password"
+
+    Usage pattern in env file:
+        SECRET_KEY=$op://personal/aws-key/password
+
+    Args:
+        env_content: Raw environment file content
+        secret_config: Secret configuration (unused for 1password)
+
+    Returns:
+        Resolved environment content with secrets replaced
+
+    Raises:
+        SecretResolutionError: If secret not found or CLI fails
+    """
+    # Parse env file
+    with closing(StringIO(env_content)) as buffer:
+        env_dict = dotenv_values(stream=buffer)
+
+    # Identify secrets (values starting with $)
+    secrets = {
+        key: value for key, value in env_dict.items() if value and value.startswith("$")
+    }
+
+    if not secrets:
+        return env_content
+
+    # Resolve secrets concurrently
+    resolved_secrets = {}
+    with ThreadPoolExecutor() as executor:
+        future_to_key = {
+            executor.submit(_read_secret, secret[1:]): key
+            for key, secret in secrets.items()
+        }
+
+        for future in as_completed(future_to_key):
+            key = future_to_key[future]
+            try:
+                resolved_secrets[key] = future.result()
+            except Exception as e:
+                raise SecretResolutionError(
+                    f"Failed to retrieve secret for {key}: {e}",
+                    adapter="1password",
+                    key=key,
+                ) from e
+
+    # Merge resolved secrets back into env dict
+    env_dict.update(resolved_secrets)
+
+    return "\n".join(f'{key}="{value}"' for key, value in env_dict.items())
+
+
+def _read_secret(name: str) -> str:
+    """Read a single secret from 1Password.
+
+    Args:
+        name: Secret reference (e.g., "op://personal/aws-key/password")
+
+    Returns:
+        Secret value
+
+    Raises:
+        SecretResolutionError: If secret not found
+    """
+    result = subprocess.run(["op", "read", name], capture_output=True, text=True)
+
+    if result.returncode != 0:
+        raise SecretResolutionError(result.stderr, adapter="1password", key=name)
+
+    return result.stdout.strip()

fujin_secrets_1password-0.16.0.dist-info/METADATA

@@ -0,0 +1,75 @@
+Metadata-Version: 2.3
+Name: fujin-secrets-1password
+Version: 0.16.0
+Summary: 1Password secret adapter for Fujin
+Author: Tobi
+Author-email: Tobi <tobidegnon@proton.me>
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
+Requires-Dist: fujin-cli>=0.16
+Requires-Dist: python-dotenv>=1.0.1
+Requires-Python: >=3.10
+Project-URL: Homepage, https://github.com/Tobi-De/fujin
+Project-URL: Issues, https://github.com/Tobi-De/fujin/issues
+Project-URL: Source, https://github.com/Tobi-De/fujin
+Description-Content-Type: text/markdown
+
+# Fujin Secrets - 1Password
+
+1Password secret adapter for Fujin deployment tool.
+
+## Installation
+
+```bash
+pip install fujin-secrets-1password
+```
+
+Or with uv:
+
+```bash
+uv pip install fujin-secrets-1password
+```
+
+## Prerequisites
+
+Download and install the [1Password CLI](https://developer.1password.com/docs/cli/) and sign in to your account.
+
+You need to be actively signed in for Fujin to work with 1Password.
+
+## Configuration
+
+Add the following to your `fujin.toml` file:
+
+```toml
+[secrets]
+adapter = "1password"
+```
+
+## Usage
+
+In your environment file (`.env` or configured via `envfile` in `fujin.toml`), use 1Password secret references:
+
+```env
+DEBUG=False
+AWS_ACCESS_KEY_ID=$op://personal/aws-access-key-id/password
+AWS_SECRET_ACCESS_KEY=$op://personal/aws-secret-access-key/password
+```
+
+The secret reference format is: `$op://vault/item/field`
+
+## How it Works
+
+The adapter:
+1. Uses the existing 1Password CLI session (requires you to be signed in)
+2. Resolves all secrets concurrently using `op read <reference>`
+3. Returns the resolved environment variables
+
+## Related
+
+- [Fujin Documentation](https://github.com/Tobi-De/fujin)
+- [1Password CLI Documentation](https://developer.1password.com/docs/cli/)
+- [1Password Secret References](https://developer.1password.com/docs/cli/secret-references/)

fujin_secrets_1password-0.16.0.dist-info/RECORD

@@ -0,0 +1,6 @@
+fujin_secrets_1password/__init__.py,sha256=E8py2UCRsZ86qZS2IzmsHEDu4xAJ7keXwdSpPZcWbyY,2716
+fujin_secrets_1password/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+fujin_secrets_1password-0.16.0.dist-info/WHEEL,sha256=ZyFSCYkV2BrxH6-HRVRg3R9Fo7MALzer9KiPYqNxSbo,79
+fujin_secrets_1password-0.16.0.dist-info/entry_points.txt,sha256=dI0TfmWiIt2HEZw_CFWTrC8hxunE2sHkSwmd9HhEgcM,65
+fujin_secrets_1password-0.16.0.dist-info/METADATA,sha256=czGdxi-yAMKOCqvsmyP6ozEJsT1r1lKCHnikSHHHJ-0,2091
+fujin_secrets_1password-0.16.0.dist-info/RECORD,,

fujin_secrets_1password-0.16.0.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: uv 0.9.18
+Root-Is-Purelib: true
+Tag: py3-none-any

fujin_secrets_1password-0.16.0.dist-info/entry_points.txt

@@ -0,0 +1,3 @@
+[fujin.secrets]
+1password = fujin_secrets_1password:onepassword
+