vaultriever 0.1.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- vaultriever-0.1.0/.github/dependabot.yml +11 -0
- vaultriever-0.1.0/.github/workflows/ci.yml +76 -0
- vaultriever-0.1.0/.github/workflows/gh-pages.yml +56 -0
- vaultriever-0.1.0/.github/workflows/pypi-publish.yml +70 -0
- vaultriever-0.1.0/.github/workflows/sonarqube.yml +68 -0
- vaultriever-0.1.0/.gitignore +218 -0
- vaultriever-0.1.0/.pre-commit-config.yaml +34 -0
- vaultriever-0.1.0/AGENTS.md +39 -0
- vaultriever-0.1.0/CLAUDE.md +1 -0
- vaultriever-0.1.0/LICENSE +21 -0
- vaultriever-0.1.0/PKG-INFO +154 -0
- vaultriever-0.1.0/README.md +118 -0
- vaultriever-0.1.0/docs/api/exceptions.md +6 -0
- vaultriever-0.1.0/docs/api/providers.md +16 -0
- vaultriever-0.1.0/docs/api/resolver.md +6 -0
- vaultriever-0.1.0/docs/api/settings.md +5 -0
- vaultriever-0.1.0/docs/api/sri.md +5 -0
- vaultriever-0.1.0/docs/custom-providers.md +99 -0
- vaultriever-0.1.0/docs/index.md +68 -0
- vaultriever-0.1.0/docs/installation.md +63 -0
- vaultriever-0.1.0/docs/providers.md +106 -0
- vaultriever-0.1.0/docs/pydantic-settings.md +118 -0
- vaultriever-0.1.0/docs/quick-start.md +85 -0
- vaultriever-0.1.0/docs/security.md +89 -0
- vaultriever-0.1.0/docs/sri.md +89 -0
- vaultriever-0.1.0/mkdocs.yml +126 -0
- vaultriever-0.1.0/pyproject.toml +104 -0
- vaultriever-0.1.0/sonar-project.properties +7 -0
- vaultriever-0.1.0/tests/__init__.py +0 -0
- vaultriever-0.1.0/tests/conftest.py +13 -0
- vaultriever-0.1.0/tests/test_providers_aws.py +89 -0
- vaultriever-0.1.0/tests/test_providers_databricks.py +99 -0
- vaultriever-0.1.0/tests/test_resolver.py +78 -0
- vaultriever-0.1.0/tests/test_settings_mixin.py +111 -0
- vaultriever-0.1.0/tests/test_sri.py +69 -0
- vaultriever-0.1.0/uv.lock +1848 -0
- vaultriever-0.1.0/vaultriever/__init__.py +33 -0
- vaultriever-0.1.0/vaultriever/exceptions.py +27 -0
- vaultriever-0.1.0/vaultriever/logging.py +16 -0
- vaultriever-0.1.0/vaultriever/providers/__init__.py +22 -0
- vaultriever-0.1.0/vaultriever/providers/aws.py +79 -0
- vaultriever-0.1.0/vaultriever/providers/azure.py +19 -0
- vaultriever-0.1.0/vaultriever/providers/base.py +60 -0
- vaultriever-0.1.0/vaultriever/providers/databricks.py +95 -0
- vaultriever-0.1.0/vaultriever/providers/gcp.py +19 -0
- vaultriever-0.1.0/vaultriever/py.typed +0 -0
- vaultriever-0.1.0/vaultriever/resolver.py +30 -0
- vaultriever-0.1.0/vaultriever/settings_mixin.py +82 -0
- vaultriever-0.1.0/vaultriever/sri.py +92 -0
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# To get started with Dependabot version updates, you'll need to specify which
|
|
2
|
+
# package ecosystems to update and where the package manifests are located.
|
|
3
|
+
# Please see the documentation for all configuration options:
|
|
4
|
+
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
|
|
5
|
+
|
|
6
|
+
version: 2
|
|
7
|
+
updates:
|
|
8
|
+
- package-ecosystem: "pip" # See documentation for possible values
|
|
9
|
+
directory: "/" # Location of package manifests
|
|
10
|
+
schedule:
|
|
11
|
+
interval: "weekly"
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
name: CI
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
pull_request:
|
|
5
|
+
types: [opened, synchronize, reopened]
|
|
6
|
+
push:
|
|
7
|
+
branches:
|
|
8
|
+
- main
|
|
9
|
+
|
|
10
|
+
concurrency:
|
|
11
|
+
group: ${{ github.workflow }}-${{ github.ref }}
|
|
12
|
+
cancel-in-progress: true
|
|
13
|
+
|
|
14
|
+
jobs:
|
|
15
|
+
lint:
|
|
16
|
+
name: Lint (pre-commit)
|
|
17
|
+
runs-on: ubuntu-latest
|
|
18
|
+
steps:
|
|
19
|
+
- uses: actions/checkout@v4
|
|
20
|
+
- uses: actions/setup-python@v5
|
|
21
|
+
with:
|
|
22
|
+
python-version: '3.12'
|
|
23
|
+
- uses: astral-sh/setup-uv@v5
|
|
24
|
+
|
|
25
|
+
- name: Install lint dependencies
|
|
26
|
+
run: uv sync --dev --python 3.12
|
|
27
|
+
|
|
28
|
+
- uses: pre-commit/action@v3.0.1
|
|
29
|
+
|
|
30
|
+
test:
|
|
31
|
+
name: Test (Python ${{ matrix.python-version }})
|
|
32
|
+
runs-on: ubuntu-latest
|
|
33
|
+
strategy:
|
|
34
|
+
fail-fast: false
|
|
35
|
+
matrix:
|
|
36
|
+
python-version: ['3.10', '3.11', '3.12', '3.13']
|
|
37
|
+
steps:
|
|
38
|
+
- uses: actions/checkout@v4
|
|
39
|
+
with:
|
|
40
|
+
fetch-depth: 0
|
|
41
|
+
|
|
42
|
+
- uses: actions/setup-python@v5
|
|
43
|
+
with:
|
|
44
|
+
python-version: ${{ matrix.python-version }}
|
|
45
|
+
|
|
46
|
+
- uses: astral-sh/setup-uv@v5
|
|
47
|
+
|
|
48
|
+
- name: Install dependencies
|
|
49
|
+
run: uv sync --all-extras --dev --python ${{ matrix.python-version }}
|
|
50
|
+
|
|
51
|
+
- name: Run pytest with coverage
|
|
52
|
+
run: uv run pytest --cov-report=xml
|
|
53
|
+
|
|
54
|
+
- name: Upload coverage artifact
|
|
55
|
+
if: matrix.python-version == '3.12'
|
|
56
|
+
uses: actions/upload-artifact@v4
|
|
57
|
+
with:
|
|
58
|
+
name: coverage-${{ github.run_id }}
|
|
59
|
+
path: coverage.xml
|
|
60
|
+
retention-days: 7
|
|
61
|
+
|
|
62
|
+
- name: Save PR metadata
|
|
63
|
+
if: github.event_name == 'pull_request' && matrix.python-version == '3.12'
|
|
64
|
+
run: |
|
|
65
|
+
echo "PR_NUMBER=${{ github.event.pull_request.number }}" > pr-metadata.env
|
|
66
|
+
echo "PR_HEAD_SHA=${{ github.event.pull_request.head.sha }}" >> pr-metadata.env
|
|
67
|
+
echo "PR_BASE_REF=${{ github.event.pull_request.base.ref }}" >> pr-metadata.env
|
|
68
|
+
echo "PR_HEAD_REF=${{ github.event.pull_request.head.ref }}" >> pr-metadata.env
|
|
69
|
+
|
|
70
|
+
- name: Upload PR metadata artifact
|
|
71
|
+
if: github.event_name == 'pull_request' && matrix.python-version == '3.12'
|
|
72
|
+
uses: actions/upload-artifact@v4
|
|
73
|
+
with:
|
|
74
|
+
name: pr-metadata-${{ github.run_id }}
|
|
75
|
+
path: pr-metadata.env
|
|
76
|
+
retention-days: 7
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
name: Deploy Documentation
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches:
|
|
6
|
+
- main
|
|
7
|
+
workflow_dispatch:
|
|
8
|
+
|
|
9
|
+
concurrency:
|
|
10
|
+
group: pages
|
|
11
|
+
cancel-in-progress: false
|
|
12
|
+
|
|
13
|
+
jobs:
|
|
14
|
+
build:
|
|
15
|
+
runs-on: ubuntu-latest
|
|
16
|
+
permissions:
|
|
17
|
+
contents: read
|
|
18
|
+
steps:
|
|
19
|
+
- name: Checkout repository
|
|
20
|
+
uses: actions/checkout@v4
|
|
21
|
+
with:
|
|
22
|
+
fetch-depth: 0
|
|
23
|
+
|
|
24
|
+
- name: Set up Python
|
|
25
|
+
uses: actions/setup-python@v5
|
|
26
|
+
with:
|
|
27
|
+
python-version: "3.12"
|
|
28
|
+
|
|
29
|
+
- name: Install uv
|
|
30
|
+
uses: astral-sh/setup-uv@v5
|
|
31
|
+
|
|
32
|
+
- name: Install dependencies
|
|
33
|
+
run: uv pip install --system -e ".[docs]"
|
|
34
|
+
|
|
35
|
+
- name: Build documentation
|
|
36
|
+
run: mkdocs build
|
|
37
|
+
|
|
38
|
+
- name: Upload artifact
|
|
39
|
+
uses: actions/upload-pages-artifact@v3
|
|
40
|
+
with:
|
|
41
|
+
path: site/
|
|
42
|
+
|
|
43
|
+
deploy:
|
|
44
|
+
needs: build
|
|
45
|
+
runs-on: ubuntu-latest
|
|
46
|
+
permissions:
|
|
47
|
+
pages: write
|
|
48
|
+
id-token: write
|
|
49
|
+
environment:
|
|
50
|
+
name: github-pages
|
|
51
|
+
url: ${{ steps.deployment.outputs.page_url }}
|
|
52
|
+
|
|
53
|
+
steps:
|
|
54
|
+
- name: Deploy to GitHub Pages
|
|
55
|
+
id: deployment
|
|
56
|
+
uses: actions/deploy-pages@v4
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
name: Publish to PyPI
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
release:
|
|
5
|
+
types: [published]
|
|
6
|
+
|
|
7
|
+
jobs:
|
|
8
|
+
build-and-publish:
|
|
9
|
+
runs-on: ubuntu-latest
|
|
10
|
+
environment:
|
|
11
|
+
name: pypi
|
|
12
|
+
url: https://pypi.org/p/vaultriever/
|
|
13
|
+
|
|
14
|
+
permissions:
|
|
15
|
+
id-token: write
|
|
16
|
+
contents: write
|
|
17
|
+
|
|
18
|
+
steps:
|
|
19
|
+
- name: Checkout
|
|
20
|
+
uses: actions/checkout@v4
|
|
21
|
+
with:
|
|
22
|
+
ref: ${{ github.event.release.target_commitish }}
|
|
23
|
+
token: ${{ secrets.GITHUB_TOKEN }}
|
|
24
|
+
|
|
25
|
+
- name: Set up Python
|
|
26
|
+
uses: actions/setup-python@v5
|
|
27
|
+
with:
|
|
28
|
+
python-version: '3.x'
|
|
29
|
+
|
|
30
|
+
# Use the release payload's tag_name rather than GITHUB_REF: when the
|
|
31
|
+
# tag is created by publishing the release, GITHUB_REF can still point
|
|
32
|
+
# at the target branch, which previously produced an empty version.
|
|
33
|
+
- name: Extract version from release tag
|
|
34
|
+
id: get_version
|
|
35
|
+
env:
|
|
36
|
+
TAG_NAME: ${{ github.event.release.tag_name }}
|
|
37
|
+
run: |
|
|
38
|
+
VERSION=${TAG_NAME#v}
|
|
39
|
+
if [[ ! "$VERSION" =~ ^[0-9]+(\.[0-9]+)+([abc0-9.!+-]*)?$ ]]; then
|
|
40
|
+
echo "::error::Cannot derive a valid version from release tag '${TAG_NAME}'"
|
|
41
|
+
exit 1
|
|
42
|
+
fi
|
|
43
|
+
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
|
|
44
|
+
|
|
45
|
+
- name: Update version in pyproject.toml
|
|
46
|
+
run: |
|
|
47
|
+
sed -i 's/^version = ".*"/version = "${{ steps.get_version.outputs.version }}"/' pyproject.toml
|
|
48
|
+
|
|
49
|
+
- name: Commit version update
|
|
50
|
+
run: |
|
|
51
|
+
git config user.name "github-actions[bot]"
|
|
52
|
+
git config user.email "github-actions[bot]@users.noreply.github.com"
|
|
53
|
+
if git diff --quiet pyproject.toml; then
|
|
54
|
+
echo "Version already up to date; nothing to commit."
|
|
55
|
+
else
|
|
56
|
+
git add pyproject.toml
|
|
57
|
+
git commit -m "chore: bump version to ${{ steps.get_version.outputs.version }}"
|
|
58
|
+
git push
|
|
59
|
+
fi
|
|
60
|
+
|
|
61
|
+
- name: Install build backend
|
|
62
|
+
run: |
|
|
63
|
+
python -m pip install --upgrade pip
|
|
64
|
+
pip install build
|
|
65
|
+
|
|
66
|
+
- name: Build distributions
|
|
67
|
+
run: python -m build
|
|
68
|
+
|
|
69
|
+
- name: Publish to PyPI
|
|
70
|
+
uses: pypa/gh-action-pypi-publish@release/v1
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
name: SonarCloud Analysis
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
workflow_run:
|
|
5
|
+
workflows: ['CI']
|
|
6
|
+
types:
|
|
7
|
+
- completed
|
|
8
|
+
|
|
9
|
+
jobs:
|
|
10
|
+
sonarcloud:
|
|
11
|
+
name: SonarCloud Scan
|
|
12
|
+
runs-on: ubuntu-latest
|
|
13
|
+
if: >
|
|
14
|
+
github.event.workflow_run.conclusion == 'success' ||
|
|
15
|
+
github.event.workflow_run.conclusion == 'failure'
|
|
16
|
+
steps:
|
|
17
|
+
- name: Checkout code at tested SHA
|
|
18
|
+
uses: actions/checkout@v4
|
|
19
|
+
with:
|
|
20
|
+
repository: ${{ github.event.workflow_run.head_repository.full_name }}
|
|
21
|
+
ref: ${{ github.event.workflow_run.head_sha }}
|
|
22
|
+
fetch-depth: 0
|
|
23
|
+
|
|
24
|
+
- name: Download coverage artifact
|
|
25
|
+
uses: actions/download-artifact@v4
|
|
26
|
+
with:
|
|
27
|
+
name: coverage-${{ github.event.workflow_run.id }}
|
|
28
|
+
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
29
|
+
run-id: ${{ github.event.workflow_run.id }}
|
|
30
|
+
continue-on-error: true
|
|
31
|
+
|
|
32
|
+
- name: Download PR metadata artifact
|
|
33
|
+
uses: actions/download-artifact@v4
|
|
34
|
+
with:
|
|
35
|
+
name: pr-metadata-${{ github.event.workflow_run.id }}
|
|
36
|
+
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
37
|
+
run-id: ${{ github.event.workflow_run.id }}
|
|
38
|
+
continue-on-error: true
|
|
39
|
+
|
|
40
|
+
- name: Load PR metadata
|
|
41
|
+
id: pr_meta
|
|
42
|
+
run: |
|
|
43
|
+
if [ -f pr-metadata.env ]; then source pr-metadata.env; fi
|
|
44
|
+
echo "pr_number=${PR_NUMBER}" >> $GITHUB_OUTPUT
|
|
45
|
+
echo "pr_head_sha=${PR_HEAD_SHA}" >> $GITHUB_OUTPUT
|
|
46
|
+
echo "pr_base_ref=${PR_BASE_REF}" >> $GITHUB_OUTPUT
|
|
47
|
+
echo "pr_head_ref=${PR_HEAD_REF}" >> $GITHUB_OUTPUT
|
|
48
|
+
|
|
49
|
+
# Static analysis config lives in sonar-project.properties; only the
|
|
50
|
+
# dynamic pull-request parameters are passed here.
|
|
51
|
+
- name: SonarCloud Scan (PR)
|
|
52
|
+
if: steps.pr_meta.outputs.pr_number != ''
|
|
53
|
+
uses: SonarSource/sonarqube-scan-action@v6
|
|
54
|
+
env:
|
|
55
|
+
SONAR_HOST_URL: https://sonarcloud.io
|
|
56
|
+
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
|
57
|
+
with:
|
|
58
|
+
args: >
|
|
59
|
+
-Dsonar.pullrequest.key=${{ steps.pr_meta.outputs.pr_number }}
|
|
60
|
+
-Dsonar.pullrequest.branch=${{ steps.pr_meta.outputs.pr_head_ref }}
|
|
61
|
+
-Dsonar.pullrequest.base=${{ steps.pr_meta.outputs.pr_base_ref }}
|
|
62
|
+
|
|
63
|
+
- name: SonarCloud Scan (push to main)
|
|
64
|
+
if: steps.pr_meta.outputs.pr_number == ''
|
|
65
|
+
uses: SonarSource/sonarqube-scan-action@v6
|
|
66
|
+
env:
|
|
67
|
+
SONAR_HOST_URL: https://sonarcloud.io
|
|
68
|
+
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
|
@@ -0,0 +1,218 @@
|
|
|
1
|
+
# Byte-compiled / optimized / DLL files
|
|
2
|
+
__pycache__/
|
|
3
|
+
*.py[codz]
|
|
4
|
+
*$py.class
|
|
5
|
+
|
|
6
|
+
# C extensions
|
|
7
|
+
*.so
|
|
8
|
+
|
|
9
|
+
# Distribution / packaging
|
|
10
|
+
.Python
|
|
11
|
+
build/
|
|
12
|
+
develop-eggs/
|
|
13
|
+
dist/
|
|
14
|
+
downloads/
|
|
15
|
+
eggs/
|
|
16
|
+
.eggs/
|
|
17
|
+
lib/
|
|
18
|
+
lib64/
|
|
19
|
+
parts/
|
|
20
|
+
sdist/
|
|
21
|
+
var/
|
|
22
|
+
wheels/
|
|
23
|
+
share/python-wheels/
|
|
24
|
+
*.egg-info/
|
|
25
|
+
.installed.cfg
|
|
26
|
+
*.egg
|
|
27
|
+
MANIFEST
|
|
28
|
+
|
|
29
|
+
# PyInstaller
|
|
30
|
+
# Usually these files are written by a python script from a template
|
|
31
|
+
# before PyInstaller builds the exe, so as to inject date/other infos into it.
|
|
32
|
+
*.manifest
|
|
33
|
+
*.spec
|
|
34
|
+
|
|
35
|
+
# Installer logs
|
|
36
|
+
pip-log.txt
|
|
37
|
+
pip-delete-this-directory.txt
|
|
38
|
+
|
|
39
|
+
# Unit test / coverage reports
|
|
40
|
+
htmlcov/
|
|
41
|
+
.tox/
|
|
42
|
+
.nox/
|
|
43
|
+
.coverage
|
|
44
|
+
.coverage.*
|
|
45
|
+
.cache
|
|
46
|
+
nosetests.xml
|
|
47
|
+
coverage.xml
|
|
48
|
+
*.cover
|
|
49
|
+
*.py.cover
|
|
50
|
+
.hypothesis/
|
|
51
|
+
.pytest_cache/
|
|
52
|
+
cover/
|
|
53
|
+
|
|
54
|
+
# Translations
|
|
55
|
+
*.mo
|
|
56
|
+
*.pot
|
|
57
|
+
|
|
58
|
+
# Django stuff:
|
|
59
|
+
*.log
|
|
60
|
+
local_settings.py
|
|
61
|
+
db.sqlite3
|
|
62
|
+
db.sqlite3-journal
|
|
63
|
+
|
|
64
|
+
# Flask stuff:
|
|
65
|
+
instance/
|
|
66
|
+
.webassets-cache
|
|
67
|
+
|
|
68
|
+
# Scrapy stuff:
|
|
69
|
+
.scrapy
|
|
70
|
+
|
|
71
|
+
# Sphinx documentation
|
|
72
|
+
docs/_build/
|
|
73
|
+
|
|
74
|
+
# PyBuilder
|
|
75
|
+
.pybuilder/
|
|
76
|
+
target/
|
|
77
|
+
|
|
78
|
+
# Jupyter Notebook
|
|
79
|
+
.ipynb_checkpoints
|
|
80
|
+
|
|
81
|
+
# IPython
|
|
82
|
+
profile_default/
|
|
83
|
+
ipython_config.py
|
|
84
|
+
|
|
85
|
+
# pyenv
|
|
86
|
+
# For a library or package, you might want to ignore these files since the code is
|
|
87
|
+
# intended to run in multiple environments; otherwise, check them in:
|
|
88
|
+
# .python-version
|
|
89
|
+
|
|
90
|
+
# pipenv
|
|
91
|
+
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
|
|
92
|
+
# However, in case of collaboration, if having platform-specific dependencies or dependencies
|
|
93
|
+
# having no cross-platform support, pipenv may install dependencies that don't work, or not
|
|
94
|
+
# install all needed dependencies.
|
|
95
|
+
# Pipfile.lock
|
|
96
|
+
|
|
97
|
+
# UV
|
|
98
|
+
# Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
|
|
99
|
+
# This is especially recommended for binary packages to ensure reproducibility, and is more
|
|
100
|
+
# commonly ignored for libraries.
|
|
101
|
+
# uv.lock
|
|
102
|
+
|
|
103
|
+
# poetry
|
|
104
|
+
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
|
|
105
|
+
# This is especially recommended for binary packages to ensure reproducibility, and is more
|
|
106
|
+
# commonly ignored for libraries.
|
|
107
|
+
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
|
|
108
|
+
# poetry.lock
|
|
109
|
+
# poetry.toml
|
|
110
|
+
|
|
111
|
+
# pdm
|
|
112
|
+
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
|
|
113
|
+
# pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
|
|
114
|
+
# https://pdm-project.org/en/latest/usage/project/#working-with-version-control
|
|
115
|
+
# pdm.lock
|
|
116
|
+
# pdm.toml
|
|
117
|
+
.pdm-python
|
|
118
|
+
.pdm-build/
|
|
119
|
+
|
|
120
|
+
# pixi
|
|
121
|
+
# Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
|
|
122
|
+
# pixi.lock
|
|
123
|
+
# Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
|
|
124
|
+
# in the .venv directory. It is recommended not to include this directory in version control.
|
|
125
|
+
.pixi
|
|
126
|
+
|
|
127
|
+
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
|
|
128
|
+
__pypackages__/
|
|
129
|
+
|
|
130
|
+
# Celery stuff
|
|
131
|
+
celerybeat-schedule
|
|
132
|
+
celerybeat.pid
|
|
133
|
+
|
|
134
|
+
# Redis
|
|
135
|
+
*.rdb
|
|
136
|
+
*.aof
|
|
137
|
+
*.pid
|
|
138
|
+
|
|
139
|
+
# RabbitMQ
|
|
140
|
+
mnesia/
|
|
141
|
+
rabbitmq/
|
|
142
|
+
rabbitmq-data/
|
|
143
|
+
|
|
144
|
+
# ActiveMQ
|
|
145
|
+
activemq-data/
|
|
146
|
+
|
|
147
|
+
# SageMath parsed files
|
|
148
|
+
*.sage.py
|
|
149
|
+
|
|
150
|
+
# Environments
|
|
151
|
+
.env
|
|
152
|
+
.envrc
|
|
153
|
+
.venv
|
|
154
|
+
env/
|
|
155
|
+
venv/
|
|
156
|
+
ENV/
|
|
157
|
+
env.bak/
|
|
158
|
+
venv.bak/
|
|
159
|
+
|
|
160
|
+
# Spyder project settings
|
|
161
|
+
.spyderproject
|
|
162
|
+
.spyproject
|
|
163
|
+
|
|
164
|
+
# Rope project settings
|
|
165
|
+
.ropeproject
|
|
166
|
+
|
|
167
|
+
# mkdocs documentation
|
|
168
|
+
/site
|
|
169
|
+
|
|
170
|
+
# mypy
|
|
171
|
+
.mypy_cache/
|
|
172
|
+
.dmypy.json
|
|
173
|
+
dmypy.json
|
|
174
|
+
|
|
175
|
+
# Pyre type checker
|
|
176
|
+
.pyre/
|
|
177
|
+
|
|
178
|
+
# pytype static type analyzer
|
|
179
|
+
.pytype/
|
|
180
|
+
|
|
181
|
+
# Cython debug symbols
|
|
182
|
+
cython_debug/
|
|
183
|
+
|
|
184
|
+
# PyCharm
|
|
185
|
+
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
|
|
186
|
+
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
|
|
187
|
+
# and can be added to the global gitignore or merged into this file. For a more nuclear
|
|
188
|
+
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
|
|
189
|
+
# .idea/
|
|
190
|
+
|
|
191
|
+
# Abstra
|
|
192
|
+
# Abstra is an AI-powered process automation framework.
|
|
193
|
+
# Ignore directories containing user credentials, local state, and settings.
|
|
194
|
+
# Learn more at https://abstra.io/docs
|
|
195
|
+
.abstra/
|
|
196
|
+
|
|
197
|
+
# Visual Studio Code
|
|
198
|
+
# Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore
|
|
199
|
+
# that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
|
|
200
|
+
# and can be added to the global gitignore or merged into this file. However, if you prefer,
|
|
201
|
+
# you could uncomment the following to ignore the entire vscode folder
|
|
202
|
+
# .vscode/
|
|
203
|
+
# Temporary file for partial code execution
|
|
204
|
+
tempCodeRunnerFile.py
|
|
205
|
+
|
|
206
|
+
# Ruff stuff:
|
|
207
|
+
.ruff_cache/
|
|
208
|
+
|
|
209
|
+
# PyPI configuration file
|
|
210
|
+
.pypirc
|
|
211
|
+
|
|
212
|
+
# Marimo
|
|
213
|
+
marimo/_static/
|
|
214
|
+
marimo/_lsp/
|
|
215
|
+
__marimo__/
|
|
216
|
+
|
|
217
|
+
# Streamlit
|
|
218
|
+
.streamlit/secrets.toml
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
repos:
|
|
2
|
+
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
3
|
+
rev: v5.0.0
|
|
4
|
+
hooks:
|
|
5
|
+
- id: check-added-large-files
|
|
6
|
+
- id: check-json
|
|
7
|
+
- id: check-merge-conflict
|
|
8
|
+
- id: check-toml
|
|
9
|
+
- id: check-yaml
|
|
10
|
+
- id: end-of-file-fixer
|
|
11
|
+
- id: mixed-line-ending
|
|
12
|
+
- id: trailing-whitespace
|
|
13
|
+
|
|
14
|
+
- repo: https://github.com/asottile/pyupgrade
|
|
15
|
+
rev: v3.19.1
|
|
16
|
+
hooks:
|
|
17
|
+
- id: pyupgrade
|
|
18
|
+
args: [--py310-plus]
|
|
19
|
+
|
|
20
|
+
- repo: https://github.com/astral-sh/ruff-pre-commit
|
|
21
|
+
rev: v0.9.6
|
|
22
|
+
hooks:
|
|
23
|
+
- id: ruff
|
|
24
|
+
args: [--fix]
|
|
25
|
+
- id: ruff-format
|
|
26
|
+
|
|
27
|
+
- repo: local
|
|
28
|
+
hooks:
|
|
29
|
+
- id: mypy
|
|
30
|
+
name: mypy
|
|
31
|
+
entry: uv run mypy
|
|
32
|
+
language: system
|
|
33
|
+
types: [python]
|
|
34
|
+
pass_filenames: false
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
# vaultriever Agent Instructions
|
|
2
|
+
|
|
3
|
+
## What this repository is
|
|
4
|
+
|
|
5
|
+
vaultriever resolves secret resource identifiers (SRIs) like `provider:region:secret_name:secret_key` into secret values, with the main user-facing API re-exported from [vaultriever/__init__.py](vaultriever/__init__.py). The core modules are [vaultriever/sri.py](vaultriever/sri.py), [vaultriever/resolver.py](vaultriever/resolver.py), [vaultriever/settings_mixin.py](vaultriever/settings_mixin.py), and [vaultriever/providers](vaultriever/providers).
|
|
6
|
+
|
|
7
|
+
## How to work here
|
|
8
|
+
|
|
9
|
+
- Keep changes focused and add or update tests alongside behavior changes.
|
|
10
|
+
- Prefer the smallest change that preserves the existing API and provider behavior.
|
|
11
|
+
- Do not duplicate documentation that already exists; link to the relevant page instead.
|
|
12
|
+
- Treat secret material carefully: avoid logging resolved values and preserve the repo’s masking behavior.
|
|
13
|
+
|
|
14
|
+
## Project conventions
|
|
15
|
+
|
|
16
|
+
- `SecretSRIMixin` resolves SRI-like string defaults and validated values; it also exports validated values to `os.environ` unless disabled on the model.
|
|
17
|
+
- The registry is global for the process, so register custom providers before instantiating settings models.
|
|
18
|
+
- Providers should import optional SDKs lazily and raise `SecretRetrievalError` with non-sensitive context only.
|
|
19
|
+
- AWS secrets are cached per `(secret_name, region)`; clear the cache in tests or after rotation when needed.
|
|
20
|
+
- Databricks behavior depends on runtime context and CLI profiles; tests should patch the internal helper rather than reaching into SDK internals directly.
|
|
21
|
+
|
|
22
|
+
## Useful docs
|
|
23
|
+
|
|
24
|
+
- [README.md](README.md) for the high-level API and examples.
|
|
25
|
+
- [docs/quick-start.md](docs/quick-start.md) for getting started.
|
|
26
|
+
- [docs/pydantic-settings.md](docs/pydantic-settings.md) for settings integration details.
|
|
27
|
+
- [docs/custom-providers.md](docs/custom-providers.md) for provider extension guidance.
|
|
28
|
+
- [docs/security.md](docs/security.md) for masking, environment export, and error-handling expectations.
|
|
29
|
+
|
|
30
|
+
## Commands
|
|
31
|
+
|
|
32
|
+
Use the documented workflow from the README:
|
|
33
|
+
|
|
34
|
+
- `uv sync --all-extras --dev`
|
|
35
|
+
- `uv run pytest`
|
|
36
|
+
- `uv run ruff check .`
|
|
37
|
+
- `uv run mypy`
|
|
38
|
+
|
|
39
|
+
When touching a narrow area, prefer the smallest relevant test target first, then widen only if needed.
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
AGENTS.md
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 Douglas Trajano
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|