Python wrapper for fnox

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for fullerzz from gravatar.com fullerzz

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

fnox-py

fnox-py is a thin Python wrapper around the fnox secrets management tool.

It does not reimplement fnox behavior in Python. Instead, it:

  • locates a real fnox binary
  • builds argv for common commands
  • runs the binary
  • returns parsed results or typed errors

Python requirement: >=3.12

[!NOTE] Official fnox project links:

Installation

uv

uv tool install fnox-py

pip

pip install fnox-py

Bundled binary vs source install

Platform wheels are intended to bundle the fnox binary.

If you install from source instead of a platform wheel, fnox-py requires a real fnox executable to be available via:

  • PATH, or
  • FNOX_PY_BINARY=/absolute/path/to/fnox

Examples:

pip install --no-binary fnox-py fnox-py

FNOX_PY_BINARY=/usr/local/bin/fnox python -c "import fnox_py; print(fnox_py.version())"

Binary Resolution

At runtime, fnox-py resolves the fnox binary in this order:

  1. FNOX_PY_BINARY
  2. bundled/installed locations in the current environment
  3. bundled/installed fallback locations associated with the base or target install
  4. user scheme script location
  5. PATH

If FNOX_PY_BINARY is set but points to a missing file, fnox-py raises FnoxNotFoundError.

Python API

from fnox_py import (
    config_files,
    export_json,
    get,
    lease_create,
    profiles,
    providers,
    schema,
    version,
)

value = get("MY_SECRET")
all_values = export_json()
schema_doc = schema()
profile_names = profiles()
provider_names = providers()
config_paths = config_files()
lease = lease_create("vault", duration="1h", label="local-dev")
fnox_version = version()

Common examples

Get a single value:

from fnox_py import get

token = get("API_TOKEN")

Get a value from a specific profile:

from fnox_py import get

token = get("API_TOKEN", profile="prod")

Decode base64 output:

from fnox_py import get

decoded = get("TLS_CERT", base64_decode=True)

Export all secrets as JSON:

from fnox_py import export_json

data = export_json(profile="dev")

Inspect schema, profiles, providers, and config files:

from fnox_py import config_files, profiles, providers, schema

print(schema())
print(profiles())
print(providers())
print(config_files())

Create a lease:

from fnox_py import lease_create

lease = lease_create("vault", duration="30m", label="ci-job")

Get the underlying fnox version:

from fnox_py import version

print(version())

CLI

The package installs the fnox-py console script.

Built-in subcommands

Locate the resolved binary:

fnox-py which

Show the wrapper version and attempt to print the underlying fnox version:

fnox-py version

Print basic environment diagnostics:

fnox-py doctor

Passthrough behavior

Any arguments other than which, version, and doctor are passed directly through to fnox.

For example:

fnox-py get MY_SECRET
fnox-py profiles
fnox-py export --format json

With no arguments, fnox-py runs fnox with no extra argv.

Public API

fnox-py currently exports:

  • config_files
  • export_json
  • get
  • lease_create
  • profiles
  • providers
  • schema
  • version
  • find_fnox_bin
  • run
  • FnoxResult
  • FnoxCommandError
  • FnoxError
  • FnoxNotFoundError
  • FnoxTimeoutError

Errors

Library calls raise typed exceptions:

  • FnoxNotFoundError when the binary cannot be found
  • FnoxCommandError when fnox exits non-zero
  • FnoxTimeoutError on subprocess timeout
  • FnoxError as the base exception type

Development

This project uses uv, pytest, ruff, and mypy.

Install dependencies:

uv sync

Run tests:

uv run pytest -v

Run a single test:

uv run pytest tests/test_api.py::test_get -q

Lint:

uv run ruff check src tests scripts

Type-check:

uv run mypy src

Build distributions:

uv build

Release / Platform Wheel Build

scripts/build_platform_wheel.py builds platform-specific wheels by:

  1. building a pure Python wheel
  2. downloading upstream fnox release binaries
  3. injecting the binary into the wheel
  4. rewriting wheel metadata
  5. building an sdist

The upstream fnox version to bundle is read from FNOX_VERSION.txt at the repo root by default. To override it, pass --fnox-version:

uv run python scripts/build_platform_wheel.py --fnox-version 1.0.0 --output dist/

Expected upstream archive and extracted binary SHA256 values are pinned in FNOX_HASHES.json and verified during release builds.

To bump the bundled version, update FNOX_VERSION.txt, refresh FNOX_HASHES.json, and commit both changes.

Notes

  • fnox-py is intentionally small and wrapper-focused.
  • For behavior, flags, and command semantics, prefer the upstream fnox documentation.
  • If you need lower-level control, use run() directly and inspect FnoxResult.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for fullerzz from gravatar.com fullerzz

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

This version

1.24.0

1.23.1

1.23.0

1.22.0

1.20.0

1.19.0

1.0.3

1.0.2

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fnox_py-1.24.0.tar.gz (6.6 kB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

fnox_py-1.24.0-py3-none-win_arm64.whl (14.7 MB view details)

Uploaded Python 3Windows ARM64

fnox_py-1.24.0-py3-none-win_amd64.whl (15.5 MB view details)

Uploaded Python 3Windows x86-64

fnox_py-1.24.0-py3-none-manylinux_2_17_x86_64.whl (22.6 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

fnox_py-1.24.0-py3-none-manylinux_2_17_aarch64.whl (21.9 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ ARM64

fnox_py-1.24.0-py3-none-macosx_11_0_arm64.whl (17.7 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

fnox_py-1.24.0-py3-none-macosx_10_12_x86_64.whl (18.8 MB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file fnox_py-1.24.0.tar.gz.

File metadata

  • Download URL: fnox_py-1.24.0.tar.gz
  • Upload date:
  • Size: 6.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fnox_py-1.24.0.tar.gz
Algorithm Hash digest
SHA256 c2d34bac51aebcc5c3dfaa4929d33e3823a026b7c982e48528b7376c260c33cc
MD5 9a0e136ad8fd888d421abb7d0e0a176d
BLAKE2b-256 39fb519da7bfed10190c4abeb68be85298e7fb455217ec02f0c0db17fc88b1c9

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.24.0.tar.gz:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.24.0-py3-none-win_arm64.whl.

File metadata

  • Download URL: fnox_py-1.24.0-py3-none-win_arm64.whl
  • Upload date:
  • Size: 14.7 MB
  • Tags: Python 3, Windows ARM64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fnox_py-1.24.0-py3-none-win_arm64.whl
Algorithm Hash digest
SHA256 7c5c3decb04fbecef0d1415546c958985da3057feacf9a27e68798075d3dcdee
MD5 a0dd8ec19ad02f73c8a149731ecd7304
BLAKE2b-256 a7b2a9ae0065ad35fa9ee87aedccbe84b2cb681407295bcf5005bbf944ea5e4f

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.24.0-py3-none-win_arm64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.24.0-py3-none-win_amd64.whl.

File metadata

  • Download URL: fnox_py-1.24.0-py3-none-win_amd64.whl
  • Upload date:
  • Size: 15.5 MB
  • Tags: Python 3, Windows x86-64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fnox_py-1.24.0-py3-none-win_amd64.whl
Algorithm Hash digest
SHA256 86b4c729fa4674fd8229022286e18e44a9d193c9dc4a419f3c7868b8b3579a17
MD5 79351ffecb597ca09c5428223d44b40b
BLAKE2b-256 adafe02381bb45fbf3faefbde9085e4d979f327ce23a20765d745bc62edf864c

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.24.0-py3-none-win_amd64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.24.0-py3-none-manylinux_2_17_x86_64.whl.

File metadata

File hashes

Hashes for fnox_py-1.24.0-py3-none-manylinux_2_17_x86_64.whl
Algorithm Hash digest
SHA256 b2c5f3d5d53590ba64e81954d7f334d3e0df8ff1f71af4b207c0d89283e9657a
MD5 8f95b722b8f41c4ab34bfd5e324b4fb1
BLAKE2b-256 6dffefa1bb502c7ea6a0b483542608a6febba2bf325b5768b71ccd3735434b82

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.24.0-py3-none-manylinux_2_17_x86_64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.24.0-py3-none-manylinux_2_17_aarch64.whl.

File metadata

File hashes

Hashes for fnox_py-1.24.0-py3-none-manylinux_2_17_aarch64.whl
Algorithm Hash digest
SHA256 14015c3515860d56bae1ea12bcc541353f948416d0561e6c172375c39719f3da
MD5 aab879602fe16d812d646ca153c1bb33
BLAKE2b-256 468dfbc2d549c92140fc067f94515b9e146cff3a25afe6e9a57b23d7114927af

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.24.0-py3-none-manylinux_2_17_aarch64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.24.0-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for fnox_py-1.24.0-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 09edd8acbe0407505548de59ad10e9da65f1fed723a96f56e72ba9dd667d750f
MD5 22fbb7fddd3e2022f23906f6386da701
BLAKE2b-256 5d9055c9a21be5e026f6d8d16d20e1d592c976e188c19473333125ae3532ad38

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.24.0-py3-none-macosx_11_0_arm64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fnox_py-1.24.0-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for fnox_py-1.24.0-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 2b16a173d3ad77f9c14be58fd94d9b5f39fd9c225abd3ca6b322da2c1d8c356b
MD5 be77d9bd63e820ccafa9d3af37f6f9b2
BLAKE2b-256 d531e6c5cb40413af20e6ecd8be7e3d5d4cb44273e423209690f92c763b969ca

See more details on using hashes here.

Provenance

The following attestation bundles were made for fnox_py-1.24.0-py3-none-macosx_10_12_x86_64.whl:

Publisher: release.yml on fullerzz/fnox-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page