infisicalsdk 1.0.3__py3-none-any.whl

infisical_sdk/__init__.py

@@ -0,0 +1,3 @@
+from .client import InfisicalSDKClient # noqa
+from .infisical_requests import InfisicalError # noqa
+from .api_types import SingleSecretResponse, ListSecretsResponse, BaseSecret # noqa

infisical_sdk/api_types.py

@@ -0,0 +1,127 @@
+from dataclasses import dataclass, field, fields
+from typing import Optional, List, Any, Dict
+from enum import Enum
+import json
+
+
+class ApprovalStatus(str, Enum):
+    """Enum for approval status"""
+    OPEN = "open"
+    APPROVED = "approved"
+    REJECTED = "rejected"
+
+
+class BaseModel:
+    """Base class for all models"""
+    def to_dict(self) -> Dict:
+        """Convert model to dictionary"""
+        result = {}
+        for key, value in self.__dict__.items():
+            if value is not None:  # Skip None values
+                if isinstance(value, BaseModel):
+                    result[key] = value.to_dict()
+                elif isinstance(value, list):
+                    result[key] = [
+                        item.to_dict() if isinstance(item, BaseModel) else item
+                        for item in value
+                    ]
+                elif isinstance(value, Enum):
+                    result[key] = value.value
+                else:
+                    result[key] = value
+        return result
+
+    @classmethod
+    def from_dict(cls, data: Dict) -> 'BaseModel':
+        """Create model from dictionary"""
+        # Get only the fields that exist in the dataclass
+        valid_fields = {f.name for f in fields(cls)}
+        filtered_data = {k: v for k, v in data.items() if k in valid_fields}
+        return cls(**filtered_data)
+
+    def to_json(self) -> str:
+        """Convert model to JSON string"""
+        return json.dumps(self.to_dict())
+
+    @classmethod
+    def from_json(cls, json_str: str) -> 'BaseModel':
+        """Create model from JSON string"""
+        data = json.loads(json_str)
+        return cls.from_dict(data)
+
+
+@dataclass(frozen=True)
+class SecretTag(BaseModel):
+    """Model for secret tags"""
+    id: str
+    slug: str
+    name: str
+    color: Optional[str] = None
+
+
+@dataclass
+class BaseSecret(BaseModel):
+    """Infisical Secret"""
+    id: str
+    _id: str
+    workspace: str
+    environment: str
+    version: int
+    type: str
+    secretKey: str
+    secretValue: str
+    secretComment: str
+    createdAt: str
+    updatedAt: str
+    secretMetadata: Optional[Dict[str, Any]] = None
+    secretReminderNote: Optional[str] = None
+    secretReminderRepeatDays: Optional[int] = None
+    skipMultilineEncoding: Optional[bool] = False
+    metadata: Optional[Any] = None
+    secretPath: Optional[str] = None
+    tags: List[SecretTag] = field(default_factory=list)
+
+
+@dataclass
+class Import(BaseModel):
+    """Model for imports section"""
+    secretPath: str
+    environment: str
+    folderId: Optional[str] = None
+    secrets: List[BaseSecret] = field(default_factory=list)
+
+
+@dataclass
+class ListSecretsResponse(BaseModel):
+    """Complete response model for secrets API"""
+    secrets: List[BaseSecret]
+    imports: List[Import] = field(default_factory=list)
+
+    @classmethod
+    def from_dict(cls, data: Dict) -> 'ListSecretsResponse':
+        """Create model from dictionary with camelCase keys, handling nested objects"""
+        return cls(
+            secrets=[BaseSecret.from_dict(secret) for secret in data['secrets']],
+            imports=[Import.from_dict(imp) for imp in data.get('imports', [])]
+        )
+
+
+@dataclass
+class SingleSecretResponse(BaseModel):
+    """Response model for get secret API"""
+    secret: BaseSecret
+
+    @classmethod
+    def from_dict(cls, data: Dict) -> 'ListSecretsResponse':
+        return cls(
+            secret=BaseSecret.from_dict(data['secret']),
+        )
+
+
+@dataclass
+class MachineIdentityLoginResponse(BaseModel):
+    """Response model for machine identity login API"""
+    accessToken: str
+    expiresIn: int
+    accessTokenMaxTTL: int
+    tokenType: str

infisical_sdk/client.py

@@ -0,0 +1,345 @@
+import base64
+import json
+from typing import List, Union
+import os
+import datetime
+from typing import Dict, Any
+
+import requests
+import boto3
+from botocore.auth import SigV4Auth
+from botocore.awsrequest import AWSRequest
+from botocore.exceptions import NoCredentialsError
+
+from .infisical_requests import InfisicalRequests
+from .api_types import ListSecretsResponse, MachineIdentityLoginResponse
+from .api_types import SingleSecretResponse, BaseSecret
+
+
+class InfisicalSDKClient:
+    def __init__(self, host: str, token: str = None):
+        self.host = host
+        self.access_token = token
+
+        self.api = InfisicalRequests(host=host, token=token)
+
+        self.auth = Auth(self)
+        self.secrets = V3RawSecrets(self)
+
+    def set_token(self, token: str):
+        """
+        Set the access token for future requests.
+        """
+        self.api.set_token(token)
+        self.access_token = token
+
+    def get_token(self):
+        """
+        Set the access token for future requests.
+        """
+        return self.access_token
+
+
+class UniversalAuth:
+    def __init__(self, client: InfisicalSDKClient):
+        self.client = client
+
+    def login(self, client_id: str, client_secret: str) -> MachineIdentityLoginResponse:
+        """
+        Login with Universal Auth.
+
+        Args:
+            client_id (str): Your Machine Identity Client ID.
+            client_secret (str): Your Machine Identity Client Secret.
+
+        Returns:
+            Dict: A dictionary containing the access token and related information.
+        """
+
+        requestBody = {
+            "clientId": client_id,
+            "clientSecret": client_secret
+        }
+
+        result = self.client.api.post(
+          path="/api/v1/auth/universal-auth/login",
+          json=requestBody,
+          model=MachineIdentityLoginResponse
+        )
+
+        self.client.set_token(result.data.accessToken)
+
+        return result.data
+
+
+class AWSAuth:
+    def __init__(self, client: InfisicalSDKClient) -> None:
+        self.client = client
+
+    def login(self, identity_id: str) -> MachineIdentityLoginResponse:
+        """
+        Login with AWS Authentication.
+
+        Args:
+            identity_id (str): Your Machine Identity ID that has AWS Auth configured.
+
+        Returns:
+            Dict: A dictionary containing the access token and related information.
+        """
+
+        identity_id = identity_id or os.getenv("INFISICAL_AWS_IAM_AUTH_IDENTITY_ID")
+        if not identity_id:
+            raise ValueError(
+              "Identity ID must be provided or set in the environment variable" +
+              "INFISICAL_AWS_IAM_AUTH_IDENTITY_ID."
+            )
+
+        aws_region = self.get_aws_region()
+        session = boto3.Session(region_name=aws_region)
+
+        credentials = self._get_aws_credentials(session)
+
+        iam_request_url = f"https://sts.{aws_region}.amazonaws.com/"
+        iam_request_body = "Action=GetCallerIdentity&Version=2011-06-15"
+
+        request_headers = self._prepare_aws_request(
+          iam_request_url,
+          iam_request_body,
+          credentials,
+          aws_region
+        )
+
+        requestBody = {
+          "identityId": identity_id,
+          "iamRequestBody": base64.b64encode(iam_request_body.encode()).decode(),
+          "iamRequestHeaders": base64.b64encode(json.dumps(request_headers).encode()).decode(),
+          "iamHttpRequestMethod": "POST"
+        }
+
+        result = self.client.api.post(
+          path="/api/v1/auth/aws-auth/login",
+          json=requestBody,
+          model=MachineIdentityLoginResponse
+        )
+
+        self.client.set_token(result.data.accessToken)
+
+        return result.data
+
+    def _get_aws_credentials(self, session: boto3.Session) -> Any:
+        try:
+            credentials = session.get_credentials()
+            if credentials is None:
+                raise NoCredentialsError("AWS credentials not found.")
+            return credentials.get_frozen_credentials()
+        except NoCredentialsError as e:
+            raise RuntimeError(f"AWS IAM Auth Login failed: {str(e)}")
+
+    def _prepare_aws_request(
+      self,
+      url: str,
+      body: str,
+      credentials: Any,
+      region: str) -> Dict[str, str]:
+
+        current_time = datetime.datetime.now(datetime.timezone.utc)
+        amz_date = current_time.strftime('%Y%m%dT%H%M%SZ')
+
+        request = AWSRequest(method="POST", url=url, data=body)
+        request.headers["X-Amz-Date"] = amz_date
+        request.headers["Host"] = f"sts.{region}.amazonaws.com"
+        request.headers["Content-Type"] = "application/x-www-form-urlencoded; charset=utf-8"
+        request.headers["Content-Length"] = str(len(body))
+
+        signer = SigV4Auth(credentials, "sts", region)
+        signer.add_auth(request)
+
+        return {k: v for k, v in request.headers.items() if k.lower() != "content-length"}
+
+    @staticmethod
+    def get_aws_region() -> str:
+        region = os.getenv("AWS_REGION")  # Typically found in lambda runtime environment
+        if region:
+            return region
+
+        try:
+            return AWSAuth._get_aws_ec2_identity_document_region()
+        except Exception as e:
+            raise Exception("Failed to retrieve AWS region") from e
+
+    @staticmethod
+    def _get_aws_ec2_identity_document_region(timeout: int = 5000) -> str:
+        session = requests.Session()
+        token_response = session.put(
+            "http://169.254.169.254/latest/api/token",
+            headers={"X-aws-ec2-metadata-token-ttl-seconds": "21600"},
+            timeout=timeout / 1000
+        )
+        token_response.raise_for_status()
+        metadata_token = token_response.text
+
+        identity_response = session.get(
+            "http://169.254.169.254/latest/dynamic/instance-identity/document",
+            headers={"X-aws-ec2-metadata-token": metadata_token, "Accept": "application/json"},
+            timeout=timeout / 1000
+        )
+
+        identity_response.raise_for_status()
+        return identity_response.json().get("region")
+
+
+class Auth:
+    def __init__(self, client):
+        self.client = client
+        self.aws_auth = AWSAuth(client)
+        self.universal_auth = UniversalAuth(client)
+
+
+class V3RawSecrets:
+    def __init__(self, client: InfisicalSDKClient) -> None:
+        self.client = client
+
+    def list_secrets(
+            self,
+            project_id: str,
+            environment_slug: str,
+            secret_path: str,
+            expand_secret_references: bool = True,
+            recursive: bool = False,
+            include_imports: bool = True,
+            tag_filters: List[str] = []) -> ListSecretsResponse:
+
+        params = {
+            "workspaceId": project_id,
+            "environment": environment_slug,
+            "secretPath": secret_path,
+            "expandSecretReferences": str(expand_secret_references).lower(),
+            "recursive": str(recursive).lower(),
+            "include_imports": str(include_imports).lower(),
+        }
+
+        if tag_filters:
+            params["tag_slugs"] = ",".join(tag_filters)
+
+        result = self.client.api.get(
+            path="/api/v3/secrets/raw",
+            params=params,
+            model=ListSecretsResponse
+        )
+
+        return result.data
+
+    def get_secret_by_name(
+            self,
+            secret_name: str,
+            project_id: str,
+            environment_slug: str,
+            secret_path: str,
+            expand_secret_references: bool = True,
+            include_imports: bool = True,
+            version: str = None) -> BaseSecret:
+
+        params = {
+          "workspaceId": project_id,
+          "environment": environment_slug,
+          "secretPath": secret_path,
+          "expandSecretReferences": str(expand_secret_references).lower(),
+          "include_imports": str(include_imports).lower(),
+          "version": version
+        }
+
+        result = self.client.api.get(
+            path=f"/api/v3/secrets/raw/{secret_name}",
+            params=params,
+            model=SingleSecretResponse
+        )
+
+        return result.data.secret
+
+    def create_secret_by_name(
+            self,
+            secret_name: str,
+            project_id: str,
+            secret_path: str,
+            environment_slug: str,
+            secret_value: str = None,
+            secret_comment: str = None,
+            skip_multiline_encoding: bool = False,
+            secret_reminder_repeat_days: Union[float, int] = None,
+            secret_reminder_note: str = None) -> BaseSecret:
+
+        requestBody = {
+          "workspaceId": project_id,
+          "environment": environment_slug,
+          "secretPath": secret_path,
+          "secretValue": secret_value,
+          "secretComment": secret_comment,
+          "tagIds": None,
+          "skipMultilineEncoding": skip_multiline_encoding,
+          "type": "shared",
+          "secretReminderRepeatDays": secret_reminder_repeat_days,
+          "secretReminderNote": secret_reminder_note
+        }
+        result = self.client.api.post(
+            path=f"/api/v3/secrets/raw/{secret_name}",
+            json=requestBody,
+            model=SingleSecretResponse
+        )
+
+        return result.data.secret
+
+    def update_secret_by_name(
+            self,
+            current_secret_name: str,
+            project_id: str,
+            secret_path: str,
+            environment_slug: str,
+            secret_value: str = None,
+            secret_comment: str = None,
+            skip_multiline_encoding: bool = False,
+            secret_reminder_repeat_days: Union[float, int] = None,
+            secret_reminder_note: str = None,
+            new_secret_name: str = None) -> BaseSecret:
+
+        requestBody = {
+          "workspaceId": project_id,
+          "environment": environment_slug,
+          "secretPath": secret_path,
+          "secretValue": secret_value,
+          "secretComment": secret_comment,
+          "new_secret_name": new_secret_name,
+          "tagIds": None,
+          "skipMultilineEncoding": skip_multiline_encoding,
+          "type": "shared",
+          "secretReminderRepeatDays": secret_reminder_repeat_days,
+          "secretReminderNote": secret_reminder_note
+        }
+
+        result = self.client.api.patch(
+            path=f"/api/v3/secrets/raw/{current_secret_name}",
+            json=requestBody,
+            model=SingleSecretResponse
+        )
+        return result.data.secret
+
+    def delete_secret_by_name(
+            self,
+            secret_name: str,
+            project_id: str,
+            secret_path: str,
+            environment_slug: str) -> BaseSecret:
+
+        requestBody = {
+          "workspaceId": project_id,
+          "environment": environment_slug,
+          "secretPath": secret_path,
+          "type": "shared",
+        }
+
+        result = self.client.api.delete(
+            path=f"/api/v3/secrets/raw/{secret_name}",
+            json=requestBody,
+            model=SingleSecretResponse
+        )
+
+        return result.data.secret

infisical_sdk/infisical_requests.py

@@ -0,0 +1,186 @@
+from typing import Any, Dict, Generic, Optional, TypeVar
+from urllib.parse import urljoin
+import requests
+from dataclasses import dataclass
+
+T = TypeVar("T")
+
+
+class InfisicalError(Exception):
+    """Base exception for Infisical client errors"""
+    pass
+
+
+class APIError(InfisicalError):
+    """API-specific errors"""
+    def __init__(self, message: str, status_code: int, response: Dict[str, Any]):
+        self.status_code = status_code
+        self.response = response
+        super().__init__(f"{message} (Status: {status_code})")
+
+
+@dataclass
+class APIResponse(Generic[T]):
+    """Generic API response wrapper"""
+    data: T
+    status_code: int
+    headers: Dict[str, str]
+
+    def to_dict(self) -> Dict:
+        """Convert to dictionary with camelCase keys"""
+        return {
+            'data': self.data.to_dict() if hasattr(self.data, 'to_dict') else self.data,
+            'statusCode': self.status_code,
+            'headers': self.headers
+        }
+
+    @classmethod
+    def from_dict(cls, data: Dict) -> 'APIResponse[T]':
+        """Create from dictionary with camelCase keys"""
+        return cls(
+            data=data['data'],
+            status_code=data['statusCode'],
+            headers=data['headers']
+        )
+
+
+class InfisicalRequests:
+    def __init__(self, host: str, token: Optional[str] = None):
+        self.host = host.rstrip("/")
+        self.session = requests.Session()
+
+        # Set common headers
+        self.session.headers.update({
+            "Content-Type": "application/json",
+            "Accept": "application/json",
+        })
+
+        if token:
+            self.set_token(token)
+
+    def _build_url(self, path: str) -> str:
+        """Construct full URL from path"""
+        return urljoin(self.host, path.lstrip("/"))
+
+    def set_token(self, token: str):
+        """Set authorization token"""
+        self.session.headers["Authorization"] = f"Bearer {token}"
+
+    def _handle_response(self, response: requests.Response) -> Dict[str, Any]:
+        """Handle API response and raise appropriate errors"""
+        try:
+            response.raise_for_status()
+            return response.json()
+        except requests.exceptions.HTTPError:
+            try:
+                error_data = response.json()
+            except ValueError:
+                error_data = {"message": response.text}
+
+            raise APIError(
+                message=error_data.get("message", "Unknown error"),
+                status_code=response.status_code,
+                response=error_data
+            )
+        except requests.exceptions.RequestException as e:
+            raise InfisicalError(f"Request failed: {str(e)}")
+        except ValueError:
+            raise InfisicalError("Invalid JSON response")
+
+    def get(
+            self,
+            path: str,
+            model: type[T],
+            params: Optional[Dict[str, Any]] = None
+          ) -> APIResponse[T]:
+
+        """
+        Make a GET request and parse response into given model
+
+        Args:
+            path: API endpoint path
+            model: model class to parse response into
+            params: Optional query parameters
+        """
+        response = self.session.get(self._build_url(path), params=params)
+        data = self._handle_response(response)
+
+        parsed_data = model.from_dict(data) if hasattr(model, 'from_dict') else data
+
+        return APIResponse(
+            data=parsed_data,
+            status_code=response.status_code,
+            headers=dict(response.headers)
+        )
+
+    def post(
+            self,
+            path: str,
+            model: type[T],
+            json: Optional[Dict[str, Any]] = None
+          ) -> APIResponse[T]:
+
+        """Make a POST request with JSON data"""
+
+        if json is not None:
+            # Filter out None values
+            json = {k: v for k, v in json.items() if v is not None}
+
+        response = self.session.post(self._build_url(path), json=json)
+        data = self._handle_response(response)
+
+        parsed_data = model.from_dict(data) if hasattr(model, 'from_dict') else data
+
+        return APIResponse(
+            data=parsed_data,
+            status_code=response.status_code,
+            headers=dict(response.headers)
+        )
+
+    def patch(
+            self,
+            path: str,
+            model: type[T],
+            json: Optional[Dict[str, Any]] = None
+          ) -> APIResponse[T]:
+
+        """Make a PATCH request with JSON data"""
+
+        if json is not None:
+            # Filter out None values
+            json = {k: v for k, v in json.items() if v is not None}
+
+        response = self.session.patch(self._build_url(path), json=json)
+        data = self._handle_response(response)
+
+        parsed_data = model.from_dict(data) if hasattr(model, 'from_dict') else data
+
+        return APIResponse(
+            data=parsed_data,
+            status_code=response.status_code,
+            headers=dict(response.headers)
+        )
+
+    def delete(
+            self,
+            path: str,
+            model: type[T],
+            json: Optional[Dict[str, Any]] = None
+          ) -> APIResponse[T]:
+
+        """Make a PATCH request with JSON data"""
+
+        if json is not None:
+            # Filter out None values
+            json = {k: v for k, v in json.items() if v is not None}
+
+        response = self.session.delete(self._build_url(path), json=json)
+        data = self._handle_response(response)
+
+        parsed_data = model.from_dict(data) if hasattr(model, 'from_dict') else data
+
+        return APIResponse(
+            data=parsed_data,
+            status_code=response.status_code,
+            headers=dict(response.headers)
+        )

infisicalsdk-1.0.3.dist-info/METADATA

@@ -0,0 +1,26 @@
+Metadata-Version: 2.2
+Name: infisicalsdk
+Version: 1.0.3
+Summary: Infisical API Client
+Home-page: https://github.com/Infisical/python-sdk-official
+Author: Infisical
+Author-email: support@infisical.com
+Keywords: Infisical,Infisical API,Infisical SDK
+Description-Content-Type: text/markdown
+Requires-Dist: urllib3<2.1.0,>=1.25.3
+Requires-Dist: python-dateutil
+Requires-Dist: aenum
+Requires-Dist: requests~=2.32
+Requires-Dist: boto3~=1.35
+Requires-Dist: botocore~=1.35
+Dynamic: author
+Dynamic: author-email
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: keywords
+Dynamic: requires-dist
+Dynamic: summary
+
+    Infisical SDK client for Python. To view documentation, please visit https://github.com/Infisical/python-sdk-official
+    

infisicalsdk-1.0.3.dist-info/RECORD

@@ -0,0 +1,8 @@
+infisical_sdk/__init__.py,sha256=UzssDXpMhK79mFBW4fpSea1bOVjoD_UILjvizFkLNz4,183
+infisical_sdk/api_types.py,sha256=FjyDQ71pOYiyYA9oGAPsW5jW7LGe5L7yDuOvCr4UxwQ,3651
+infisical_sdk/client.py,sha256=i1poZEz2tiGJLYZuRePfWONs7hQyP_A5QJJt1UeW8WQ,10936
+infisical_sdk/infisical_requests.py,sha256=mROtB1fuF3E39fU9J6MiH0gQ-LhsK10W-zzEH0knePU,5655
+infisicalsdk-1.0.3.dist-info/METADATA,sha256=LuJqI82C7DTQdeYLCpixwYmYF49y_RfdDlVrSFDBpW4,763
+infisicalsdk-1.0.3.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
+infisicalsdk-1.0.3.dist-info/top_level.txt,sha256=FvJjMGD1FvxwipO_qFajdH20yNV8n3lJ7G3DkQoPJNU,14
+infisicalsdk-1.0.3.dist-info/RECORD,,

infisicalsdk-1.0.3.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (75.8.0)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

infisicalsdk-1.0.3.dist-info/top_level.txt

@@ -0,0 +1 @@
+infisical_sdk