infisicalsdk 1.0.3__tar.gz → 1.0.5__tar.gz

{infisicalsdk-1.0.3 → infisicalsdk-1.0.5}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: infisicalsdk
-Version: 1.0.3
+Version: 1.0.5
 Summary: Infisical API Client
 Home-page: https://github.com/Infisical/python-sdk-official
 Author: Infisical

{infisicalsdk-1.0.3 → infisicalsdk-1.0.5}/README.md

@@ -2,18 +2,18 @@
 
 The Infisical SDK provides a convenient way to interact with the Infisical API. 
 
-### Migrating to version 1.0.2 or above
+### Migrating to version 1.0.3 or above
 
-We have recently rolled out our first stable version of the SDK, version `1.0.2` and above.
+We have recently rolled out our first stable version of the SDK, version `1.0.3` and above.
 
-The 1.0.2 version comes with a few key changes that may change how you're using the SDK.
+The 1.0.3 version comes with a few key changes that may change how you're using the SDK.
 1. **Removal of `rest`**: The SDK no longer exposes the entire Infisical API. This was nessecary as we have moved away from using an OpenAPI generator approach. We aim to add support for more API resources in the near future. If you have any specific requests, please [open an issue](https://github.com/Infisical/python-sdk-official/issues).
 
-2. **New response types**: The 1.0.2 release uses return types that differ from the older versions. The new return types such as `BaseSecret`, are all exported from the Infisical SDK.
+2. **New response types**: The 1.0.3 release uses return types that differ from the older versions. The new return types such as `BaseSecret`, are all exported from the Infisical SDK.
 
 3. **Property renaming**: Some properties on the responses have been slightly renamed. An example of this would be that the `secret_key` property on the `get_secret_by_name()` method, that has been renamed to `secretKey`.
 
-With this in mind, you're ready to upgrade your SDK version to `1.0.2` or above. 
+With this in mind, you're ready to upgrade your SDK version to `1.0.3` or above. 
 
 You can refer to our [legacy documentation](https://github.com/Infisical/python-sdk-official/tree/9b0403938ee5ae599d42c5f1fdf9158671a15606?tab=readme-ov-file#infisical-python-sdk) if need be.
 
@@ -36,10 +36,13 @@ from infisical_sdk import InfisicalSDKClient
 client = InfisicalSDKClient(host="https://app.infisical.com")
 
 # Authenticate (example using Universal Auth)
-client.auth.universal_auth.login(client_id="your_client_id", client_secret="your_client_secret")
+client.auth.universal_auth.login(
+    client_id="<machine-identity-client-id>", 
+    client_secret="<machine-identity-client-secret>"
+)
 
 # Use the SDK to interact with Infisical
-secrets = client.secrets.list_secrets(project_id="your_project_id", environment_slug="dev", secret_path="/")
+secrets = client.secrets.list_secrets(project_id="<project-id>", environment_slug="dev", secret_path="/")
 ```
 
 ## Core Methods
@@ -56,13 +59,16 @@ The `Auth` component provides methods for authentication:
 #### Universal Auth
 
 ```python
-response = client.auth.universal_auth.login(client_id="your_client_id", client_secret="your_client_secret")
+response = client.auth.universal_auth.login(
+    client_id="<machine-identity-client-id>", 
+    client_secret="<machine-identity-client-secret>"
+)
 ```
 
 #### AWS Auth
 
 ```python
-response = client.auth.aws_auth.login(identity_id="your_identity_id")
+response = client.auth.aws_auth.login(identity_id="<machine-identity-id>")
 ```
 
 ### `secrets`
@@ -73,13 +79,14 @@ This sub-class handles operations related to secrets:
 
 ```python
 secrets = client.secrets.list_secrets(
-    project_id="your_project_id",
+    project_id="<project-id>",
     environment_slug="dev",
     secret_path="/",
-    expand_secret_references=True,
-    recursive=False,
-    include_imports=True,
-    tag_filters=[]
+    expand_secret_references=True, # Optional
+    view_secret_value=True, # Optional 
+    recursive=False, # Optional
+    include_imports=True, # Optional
+    tag_filters=[] # Optional
 )
 ```
 
@@ -88,6 +95,7 @@ secrets = client.secrets.list_secrets(
 - `environment_slug` (str): The environment in which to list secrets (e.g., "dev").
 - `secret_path` (str): The path to the secrets.
 - `expand_secret_references` (bool): Whether to expand secret references.
+- `view_secret_value` (bool): Whether or not to include the secret value in the response. If set to false, the `secretValue` will be masked with `<hidden-by-infisical>`. Defaults to true.
 - `recursive` (bool): Whether to list secrets recursively.
 - `include_imports` (bool): Whether to include imported secrets.
 - `tag_filters` (List[str]): Tags to filter secrets.
@@ -100,7 +108,7 @@ secrets = client.secrets.list_secrets(
 ```python
 new_secret = client.secrets.create_secret_by_name(
     secret_name="NEW_SECRET",
-    project_id="your_project_id",
+    project_id="<project-id>",
     secret_path="/",
     environment_slug="dev",
     secret_value="secret_value",
@@ -130,7 +138,7 @@ new_secret = client.secrets.create_secret_by_name(
 ```python
 updated_secret = client.secrets.update_secret_by_name(
     current_secret_name="EXISTING_SECRET",
-    project_id="your_project_id",
+    project_id="<project-id>",
     secret_path="/",
     environment_slug="dev",
     secret_value="new_secret_value",
@@ -162,12 +170,13 @@ updated_secret = client.secrets.update_secret_by_name(
 ```python
 secret = client.secrets.get_secret_by_name(
     secret_name="EXISTING_SECRET",
-    project_id="your_project_id",
+    project_id="<project-id>",
     environment_slug="dev",
     secret_path="/",
-    expand_secret_references=True,
-    include_imports=True,
-    version=None  # Optional
+    expand_secret_references=True, # Optional
+    view_secret_value=True, # Optional
+    include_imports=True, # Optional
+    version=None # Optional
 )
 ```
 
@@ -177,6 +186,7 @@ secret = client.secrets.get_secret_by_name(
 - `environment_slug` (str): The environment in which to retrieve the secret.
 - `secret_path` (str): The path to the secret.
 - `expand_secret_references` (bool): Whether to expand secret references.
+- `view_secret_value` (bool): Whether or not to include the secret value in the response. If set to false, the `secretValue` will be masked with `<hidden-by-infisical>`. Defaults to true.
 - `include_imports` (bool): Whether to include imported secrets.
 - `version` (str, optional): The version of the secret to retrieve. Fetches the latest by default.
 
@@ -188,7 +198,7 @@ secret = client.secrets.get_secret_by_name(
 ```python
 deleted_secret = client.secrets.delete_secret_by_name(
     secret_name="EXISTING_SECRET",
-    project_id="your_project_id",
+    project_id="<project-id>",
     environment_slug="dev",
     secret_path="/"
 )
@@ -202,3 +212,147 @@ deleted_secret = client.secrets.delete_secret_by_name(
 
 **Returns:**
 - `BaseSecret`: The response after deleting the secret.
+
+### `kms`
+
+This sub-class handles KMS related operations:
+
+#### List KMS Keys
+
+```python
+kms_keys = client.kms.list_keys(
+    project_id="<project-id>",
+    offset=0, # Optional
+    limit=100, # Optional
+    order_by=KmsKeysOrderBy.NAME, # Optional
+    order_direction=OrderDirection.ASC, # Optional
+    search=None # Optional
+)
+```
+
+**Parameters:**
+- `project_id` (str): The ID of your project.
+- `offset` (int, optional): The offset to paginate from.
+- `limit` (int, optional): The page size for paginating.
+- `order_by` (KmsKeysOrderBy, optional): The key property to order the list response by.
+- `order_direction` (OrderDirection, optional): The direction to order the list response in.
+- `search` (str, optional): The text value to filter key names by.
+
+**Returns:**
+- `ListKmsKeysResponse`: The response containing the list of KMS keys.
+
+#### Get KMS Key by ID
+
+```python
+kms_key = client.kms.get_key_by_id(
+    key_id="<key-id>"
+)
+```
+
+**Parameters:**
+- `key_id` (str): The ID of the key to retrieve.
+
+**Returns:**
+- `KmsKey`: The specified key.
+
+#### Get KMS Key by Name
+
+```python
+kms_key = client.kms.get_key_by_name(
+    key_name="my-key",
+    project_id="<project-id>"
+)
+```
+
+**Parameters:**
+- `key_name` (str): The name of the key to retrieve.
+- `project_id` (str): The ID of your project.
+
+**Returns:**
+- `KmsKey`: The specified key.
+
+#### Create KMS Key
+
+```python
+kms_key = client.kms.create_key(
+    name="my-key",
+    project_id="<project-id>",
+    encryption_algorithm=SymmetricEncryption.AES_GCM_256,
+    description=None # Optional
+)
+```
+
+**Parameters:**
+- `name` (str): The name of the key (must be slug-friendly).
+- `project_id` (str): The ID of your project.
+- `encryption_algorithm` (SymmetricEncryption): The encryption alogrithm this key should use.
+- `description` (str, optional): A description of your key.
+
+**Returns:**
+- `KmsKey`: The newly created key.
+
+#### Update KMS Key
+
+```python
+updated_key = client.kms.update_key(
+    key_id="<key-id>",
+    name="my-updated-key", # Optional
+    description="Updated description", # Optional
+    is_disabled=True # Optional
+)
+```
+
+**Parameters:**
+- `key_id` (str): The ID of the key to be updated.
+- `name` (str, optional): The updated name of the key (must be slug-friendly).
+- `description` (str): The updated description of the key.
+- `is_disabled` (str): The flag to disable operations with this key.
+
+**Returns:**
+- `KmsKey`: The updated key.
+
+#### Delete KMS Key
+
+```python
+deleted_key = client.kms.delete_key(
+    key_id="<key-id>"
+)
+```
+
+**Parameters:**
+- `key_id` (str): The ID of the key to be deleted.
+
+**Returns:**
+- `KmsKey`: The deleted key.
+
+#### Encrypt Data with KMS Key
+
+```python
+encrypted_data = client.kms.encrypt_data(
+    key_id="<key-id>",
+    base64EncodedPlaintext="TXkgc2VjcmV0IG1lc3NhZ2U=" # must be base64 encoded
+)
+```
+
+**Parameters:**
+- `key_id` (str): The ID of the key to encrypt the data with.
+- `base64EncodedPlaintext` (str): The plaintext data to encrypt (must be base64 encoded).
+
+**Returns:**
+- `str`: The encrypted ciphertext.
+
+#### Decrypte Data with KMS Key
+
+```python
+decrypted_data = client.kms.decrypt_data(
+    key_id="<key-id>",
+    ciphertext="Aq96Ry7sMH3k/ogaIB5MiSfH+LblQRBu69lcJe0GfIvI48ZvbWY+9JulyoQYdjAx"
+)
+```
+
+**Parameters:**
+- `key_id` (str): The ID of the key to decrypt the data with.
+- `ciphertext` (str): The ciphertext returned from the encrypt operation.
+
+**Returns:**
+- `str`: The base64 encoded plaintext.

{infisicalsdk-1.0.3 → infisicalsdk-1.0.5}/infisical_sdk/api_types.py

@@ -74,6 +74,7 @@ class BaseSecret(BaseModel):
     createdAt: str
     updatedAt: str
     secretMetadata: Optional[Dict[str, Any]] = None
+    secretValueHidden: Optional[bool] = False
     secretReminderNote: Optional[str] = None
     secretReminderRepeatDays: Optional[int] = None
     skipMultilineEncoding: Optional[bool] = False
@@ -112,7 +113,7 @@ class SingleSecretResponse(BaseModel):
     secret: BaseSecret
 
     @classmethod
-    def from_dict(cls, data: Dict) -> 'ListSecretsResponse':
+    def from_dict(cls, data: Dict) -> 'SingleSecretResponse':
         return cls(
             secret=BaseSecret.from_dict(data['secret']),
         )
@@ -125,3 +126,71 @@ class MachineIdentityLoginResponse(BaseModel):
     expiresIn: int
     accessTokenMaxTTL: int
     tokenType: str
+
+
+class SymmetricEncryption(str, Enum):
+    AES_GCM_256 = "aes-256-gcm"
+    AES_GCM_128 = "aes-128-gcm"
+
+
+class OrderDirection(str, Enum):
+    ASC = "asc"
+    DESC = "desc"
+
+
+class KmsKeysOrderBy(str, Enum):
+    NAME = "name"
+
+
+@dataclass
+class KmsKey(BaseModel):
+    """Infisical KMS Key"""
+    id: str
+    description: str
+    isDisabled: bool
+    orgId: str
+    name: str
+    createdAt: str
+    updatedAt: str
+    projectId: str
+    version: int
+    encryptionAlgorithm: SymmetricEncryption
+
+
+@dataclass
+class ListKmsKeysResponse(BaseModel):
+    """Complete response model for Kms Keys API"""
+    keys: List[KmsKey]
+    totalCount: int
+
+    @classmethod
+    def from_dict(cls, data: Dict) -> 'ListKmsKeysResponse':
+        """Create model from dictionary with camelCase keys, handling nested objects"""
+        return cls(
+            keys=[KmsKey.from_dict(key) for key in data['keys']],
+            totalCount=data['totalCount']
+        )
+
+
+@dataclass
+class SingleKmsKeyResponse(BaseModel):
+    """Response model for get/create/update/delete API"""
+    key: KmsKey
+
+    @classmethod
+    def from_dict(cls, data: Dict) -> 'SingleKmsKeyResponse':
+        return cls(
+            key=KmsKey.from_dict(data['key']),
+        )
+
+
+@dataclass
+class KmsKeyEncryptDataResponse(BaseModel):
+    """Response model for encrypt data API"""
+    ciphertext: str
+
+
+@dataclass
+class KmsKeyDecryptDataResponse(BaseModel):
+    """Response model for decrypt data API"""
+    plaintext: str

{infisicalsdk-1.0.3 → infisicalsdk-1.0.5}/infisical_sdk/client.py

@@ -12,8 +12,11 @@ from botocore.awsrequest import AWSRequest
 from botocore.exceptions import NoCredentialsError
 
 from .infisical_requests import InfisicalRequests
-from .api_types import ListSecretsResponse, MachineIdentityLoginResponse
-from .api_types import SingleSecretResponse, BaseSecret
+
+from .api_types import ListSecretsResponse, SingleSecretResponse, BaseSecret
+from .api_types import SymmetricEncryption, KmsKeysOrderBy, OrderDirection
+from .api_types import ListKmsKeysResponse, SingleKmsKeyResponse, MachineIdentityLoginResponse
+from .api_types import KmsKey, KmsKeyEncryptDataResponse, KmsKeyDecryptDataResponse
 
 
 class InfisicalSDKClient:
@@ -25,6 +28,7 @@ class InfisicalSDKClient:
 
         self.auth = Auth(self)
         self.secrets = V3RawSecrets(self)
+        self.kms = KMS(self)
 
     def set_token(self, token: str):
         """
@@ -205,6 +209,7 @@ class V3RawSecrets:
             environment_slug: str,
             secret_path: str,
             expand_secret_references: bool = True,
+            view_secret_value: bool = True,
             recursive: bool = False,
             include_imports: bool = True,
             tag_filters: List[str] = []) -> ListSecretsResponse:
@@ -213,13 +218,14 @@ class V3RawSecrets:
             "workspaceId": project_id,
             "environment": environment_slug,
             "secretPath": secret_path,
+            "viewSecretValue": str(view_secret_value).lower(),
             "expandSecretReferences": str(expand_secret_references).lower(),
             "recursive": str(recursive).lower(),
             "include_imports": str(include_imports).lower(),
         }
 
         if tag_filters:
-            params["tag_slugs"] = ",".join(tag_filters)
+            params["tagSlugs"] = ",".join(tag_filters)
 
         result = self.client.api.get(
             path="/api/v3/secrets/raw",
@@ -237,10 +243,12 @@ class V3RawSecrets:
             secret_path: str,
             expand_secret_references: bool = True,
             include_imports: bool = True,
+            view_secret_value: bool = True,
             version: str = None) -> BaseSecret:
 
         params = {
           "workspaceId": project_id,
+          "viewSecretValue": str(view_secret_value).lower(),
           "environment": environment_slug,
           "secretPath": secret_path,
           "expandSecretReferences": str(expand_secret_references).lower(),
@@ -307,7 +315,7 @@ class V3RawSecrets:
           "secretPath": secret_path,
           "secretValue": secret_value,
           "secretComment": secret_comment,
-          "new_secret_name": new_secret_name,
+          "newSecretName": new_secret_name,
           "tagIds": None,
           "skipMultilineEncoding": skip_multiline_encoding,
           "type": "shared",
@@ -343,3 +351,175 @@ class V3RawSecrets:
         )
 
         return result.data.secret
+
+
+class KMS:
+    def __init__(self, client: InfisicalSDKClient) -> None:
+        self.client = client
+
+    def list_keys(
+            self,
+            project_id: str,
+            offset: int = 0,
+            limit: int = 100,
+            order_by: KmsKeysOrderBy = KmsKeysOrderBy.NAME,
+            order_direction: OrderDirection = OrderDirection.ASC,
+            search: str = None) -> ListKmsKeysResponse:
+
+        params = {
+            "projectId": project_id,
+            "search": search,
+            "offset": offset,
+            "limit": limit,
+            "orderBy": order_by,
+            "orderDirection": order_direction,
+        }
+
+        result = self.client.api.get(
+            path="/api/v1/kms/keys",
+            params=params,
+            model=ListKmsKeysResponse
+        )
+
+        return result.data
+
+    def get_key_by_id(
+            self,
+            key_id: str) -> KmsKey:
+
+        result = self.client.api.get(
+            path=f"/api/v1/kms/keys/{key_id}",
+            model=SingleKmsKeyResponse
+        )
+
+        return result.data.key
+
+    def get_key_by_name(
+            self,
+            key_name: str,
+            project_id: str) -> KmsKey:
+
+        params = {
+            "projectId": project_id,
+        }
+
+        result = self.client.api.get(
+            path=f"/api/v1/kms/keys/key-name/{key_name}",
+            params=params,
+            model=SingleKmsKeyResponse
+        )
+
+        return result.data.key
+
+    def create_key(
+            self,
+            name: str,
+            project_id: str,
+            encryption_algorithm: SymmetricEncryption,
+            description: str = None) -> KmsKey:
+
+        request_body = {
+            "name": name,
+            "projectId": project_id,
+            "encryptionAlgorithm": encryption_algorithm,
+            "description": description,
+        }
+
+        result = self.client.api.post(
+            path="/api/v1/kms/keys",
+            json=request_body,
+            model=SingleKmsKeyResponse
+        )
+
+        return result.data.key
+
+    def update_key(
+            self,
+            key_id: str,
+            name: str = None,
+            is_disabled: bool = None,
+            description: str = None) -> KmsKey:
+
+        request_body = {
+            "name": name,
+            "isDisabled": is_disabled,
+            "description": description,
+        }
+
+        result = self.client.api.patch(
+            path=f"/api/v1/kms/keys/{key_id}",
+            json=request_body,
+            model=SingleKmsKeyResponse
+        )
+
+        return result.data.key
+
+    def delete_key(
+            self,
+            key_id: str) -> KmsKey:
+
+        result = self.client.api.delete(
+            path=f"/api/v1/kms/keys/{key_id}",
+            json={},
+            model=SingleKmsKeyResponse
+        )
+
+        return result.data.key
+
+    def encrypt_data(
+            self,
+            key_id: str,
+            base64EncodedPlaintext: str) -> str:
+        """
+            Encrypt data with the specified KMS key.
+
+            :param key_id: The ID of the key to decrypt the ciphertext with
+            :type key_id: str
+            :param base64EncodedPlaintext: The base64 encoded plaintext to encrypt
+            :type plaintext: str
+
+
+            :return: The encrypted base64 encoded plaintext (ciphertext)
+            :rtype: str
+        """
+
+        request_body = {
+            "plaintext": base64EncodedPlaintext
+        }
+
+        result = self.client.api.post(
+            path=f"/api/v1/kms/keys/{key_id}/encrypt",
+            json=request_body,
+            model=KmsKeyEncryptDataResponse
+        )
+
+        return result.data.ciphertext
+
+    def decrypt_data(
+            self,
+            key_id: str,
+            ciphertext: str) -> str:
+        """
+            Decrypt data with the specified KMS key.
+
+            :param key_id: The ID of the key to decrypt the ciphertext with
+            :type key_id: str
+            :param ciphertext: The encrypted base64 plaintext to decrypt
+            :type ciphertext: str
+
+
+            :return: The base64 encoded plaintext
+            :rtype: str
+        """
+
+        request_body = {
+            "ciphertext": ciphertext
+        }
+
+        result = self.client.api.post(
+            path=f"/api/v1/kms/keys/{key_id}/decrypt",
+            json=request_body,
+            model=KmsKeyDecryptDataResponse
+        )
+
+        return result.data.plaintext

{infisicalsdk-1.0.3 → infisicalsdk-1.0.5}/infisical_sdk/infisical_requests.py

@@ -1,4 +1,4 @@
-from typing import Any, Dict, Generic, Optional, TypeVar
+from typing import Any, Dict, Generic, Optional, TypeVar, Type
 from urllib.parse import urljoin
 import requests
 from dataclasses import dataclass
@@ -90,7 +90,7 @@ class InfisicalRequests:
     def get(
             self,
             path: str,
-            model: type[T],
+            model: Type[T],
             params: Optional[Dict[str, Any]] = None
           ) -> APIResponse[T]:
 
@@ -116,7 +116,7 @@ class InfisicalRequests:
     def post(
             self,
             path: str,
-            model: type[T],
+            model: Type[T],
             json: Optional[Dict[str, Any]] = None
           ) -> APIResponse[T]:
 
@@ -140,7 +140,7 @@ class InfisicalRequests:
     def patch(
             self,
             path: str,
-            model: type[T],
+            model: Type[T],
             json: Optional[Dict[str, Any]] = None
           ) -> APIResponse[T]:
 
@@ -164,7 +164,7 @@ class InfisicalRequests:
     def delete(
             self,
             path: str,
-            model: type[T],
+            model: Type[T],
             json: Optional[Dict[str, Any]] = None
           ) -> APIResponse[T]:
 

{infisicalsdk-1.0.3 → infisicalsdk-1.0.5}/infisicalsdk.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: infisicalsdk
-Version: 1.0.3
+Version: 1.0.5
 Summary: Infisical API Client
 Home-page: https://github.com/Infisical/python-sdk-official
 Author: Infisical

{infisicalsdk-1.0.3 → infisicalsdk-1.0.5}/setup.py

@@ -15,8 +15,8 @@ from setuptools import setup, find_packages  # noqa: H301
 # prerequisite: setuptools
 # http://pypi.python.org/pypi/setuptools
 NAME = "infisicalsdk"
-VERSION = "1.0.3"
-PYTHON_REQUIRES = ">=3.7"
+VERSION = "1.0.5"
+PYTHON_REQUIRES = ">=3.8"
 REQUIRES = [
     "urllib3 >= 1.25.3, < 2.1.0",
     "python-dateutil",