sekrets - Credential Management

The sekrets module provides secure credential management, connecting to encrypted stores. This is Layer 2 of the architecture.

Warning

Never commit actual credentials to source control. This module connects to external encrypted stores for credential retrieval.

Key Concepts

  • Credentials are organized by protocol (service type)

  • Each protocol has its own GlueDb of credentials

  • Credentials are accessed by username

API Functions

Secrets Management API

This module provides a secure API for accessing credentials and secrets. Secrets are stored in GlueDb databases organized by protocol and accessed by username.

Security Note

This module connects to encrypted secret stores. Actual credentials should never be committed to source control.

Example

>>> from pyswark.sekrets import api
>>>
>>> # Get credentials for a specific service
>>> creds = api.get('myusername', 'sgdrive2')
pyswark.sekrets.api.get(name, protocol=None)

Retrieve credentials for a name and protocol.

Parameters:

  • protocol (str) – The protocol/service name (e.g., ‘gdrive2’).

  • name (str) – The username/identifier for the credential.

Returns:

The credential object (structure depends on protocol).

Return type:

Any

Example

>>> creds = get('sgdrive2', 'myuser')
pyswark.sekrets.api.getDb(protocol)

Get the secrets database for a protocol.

Parameters:

protocol (str) – The protocol name.

Returns:

The secrets database for this protocol.

Return type:

GlueDb

pyswark.sekrets.api.getHub()

Get the central secrets hub.

Returns:

The hub containing all protocol-specific secret databases.

Return type:

Hub

Usage Examples

Getting Credentials

from pyswark.sekrets import api

# Get credentials for a specific service
creds = api.get('myusername', 'sgdrive2')

# Use the credentials
# (structure depends on the protocol)

Accessing the Secrets Database

from pyswark.sekrets import api

# Get the database for a protocol
db = api.getDb('sgdrive2')

# List available usernames
print(db.getNames())

Configuration

Secrets configuration is managed through the Settings class and external hub definitions. See the sekrets.settings and sekrets.hubdata modules for configuration details.

Security Best Practices

  1. Never hardcode credentials - Always use this API

  2. Use environment variables - For sensitive paths

  3. Encrypt at rest - Use encrypted secret stores

  4. Limit access - Apply principle of least privilege