Secrets API

`nyl.secrets.sops`

`SopsFile` `dataclass`

Bases: SecretProvider

This secrets provider decodes a SOPS-encrypted YAML or JSON file and serves the secrets stored within.

Nested structures are supported, and the provider maps them to fully qualified keys using dot notation. The nested structure can be accessed as well, returning the full structure as a JSON object.

`do_not_use_in_prod_only_for_testing_sops_age_key: str | None = field(default=None, repr=False)` `class-attribute` `instance-attribute`

The key to use for the --age option of SOPS. This is useful for testing purposes only and should not be used in production.

`path: Path` `instance-attribute`

The path to the SOPS-encrypted file. This path is resolved relative to the configuration file that the provider is defined in.

`detect_sops_format(suffix)`

Tells the SOPS file format based on the file suffix. Never returns "binary". Returns None if the format cannot be determined.

`nyl.secrets.kubernetes`

`KubernetesSecretProvider` `dataclass`

Bases: SecretProvider

This secrets provider accesses a Kubernetes secret.

Needs to be provided with a Kubernetes #ApiClient on init.

Secrets API

nyl.secrets.sops

SopsFile dataclass

do_not_use_in_prod_only_for_testing_sops_age_key: str | None = field(default=None, repr=False) class-attribute instance-attribute

path: Path instance-attribute

detect_sops_format(suffix)

nyl.secrets.kubernetes

KubernetesSecretProvider dataclass