# AnySecret Library - Open Source Universal Secret Management
[](https://pypi.org/project/anysecret-io/)
[](https://pypi.org/project/anysecret-io/)
[](https://github.com/anysecret-io/anysecret-lib/actions/workflows/test.yml)
[](https://www.gnu.org/licenses/agpl-3.0)
**Open source Python library for universal secret and configuration management across all major cloud providers.**
## Overview
This is the core open source library that powers AnySecret.io. It provides a unified interface for secret and configuration management across AWS, Google Cloud, Azure, Kubernetes, HashiCorp Vault, and local file systems.
## Key Features
- **🚀 Universal API** - Single interface for all providers
- **🤖 Smart Classification** - Automatic routing of secrets vs parameters
- **🔄 Multi-Cloud** - AWS, GCP, Azure, K8s, Vault support
- **⚡ Async First** - Built for modern Python applications
- **🛡️ Security-Focused** - No logging/caching of sensitive values
- **📦 Zero Config** - Auto-detects cloud environments
## Quick Start
### Installation
```bash
# Basic installation
pip install anysecret-io
# With cloud providers
pip install anysecret-io[aws,gcp,azure,k8s,vault]
```
### Basic Usage
```python
import asyncio
import anysecret
async def main():
# Auto-classification handles routing
db_password = await anysecret.get("database.password") # → Secure storage
db_host = await anysecret.get("database.host") # → Config storage
# Get all secrets for your app
config = await anysecret.get_config_manager()
secrets = await config.get_secrets_by_prefix("myapp")
asyncio.run(main())
```
### CLI Usage
```bash
# Get secrets/parameters
anysecret get database.password
anysecret get api.timeout
# List all
anysecret list
# Bulk operations
anysecret bulk export --output .env
anysecret bulk import secrets.json
# Provider management
anysecret providers list
anysecret config validate
```
## Architecture
### Core Components
- **`anysecret.config_manager`** - Main configuration manager with auto-classification
- **`anysecret.secret_manager`** - Base secret manager interface
- **`anysecret.parameter_manager`** - Base parameter manager interface
- **`anysecret.providers.*`** - Cloud provider implementations
- **`anysecret.cli.*`** - Command-line interface
### Provider Support
| Provider | Secrets | Parameters | Status |
|----------|---------|------------|--------|
| AWS | Secrets Manager | Parameter Store | ✅ Production |
| GCP | Secret Manager | Config Connector | ✅ Production |
| Azure | Key Vault | App Configuration | ✅ Production |
| Kubernetes | Secrets | ConfigMaps | ✅ Production |
| HashiCorp Vault | KV v1/v2 | KV v1/v2 | ✅ Production |
| Encrypted Files | AES-256 | JSON/YAML | ✅ Production |
| Environment Files | .env | .env | ✅ Production |
## Development
### Requirements
- Python 3.10+ (3.8/3.9 support dropped for modern compatibility)
- Optional cloud provider dependencies
### Setup
```bash
# Clone repository
git clone https://github.com/anysecret-io/anysecret-lib.git
cd anysecret-lib
# Create virtual environment
python -m venv venv
source venv/bin/activate
# Install development dependencies
pip install -e ".[dev,all]"
# Run tests
pytest
# Run specific test suites
python run_tests.py smoke # Quick smoke tests
python run_tests.py cli # CLI tests only
python run_tests.py unit # Unit tests only
```
### Test Suite
- **246 passing tests** across all providers and functionality
- **20 integration tests** skipped (require cloud credentials)
- **Comprehensive coverage** of all core features
- **CI/CD integration** with GitHub Actions
### Code Quality
```bash
# Format code
black anysecret tests
isort anysecret tests
# Type checking
mypy anysecret
# Linting
flake8 anysecret
```
## Configuration
### Environment Detection
The library automatically detects your environment and configures appropriate providers:
```python
# AWS (auto-detected from EC2/Lambda/ECS)
import anysecret
config = await anysecret.get_config_manager() # Uses AWS Secrets Manager
# GCP (auto-detected from GCE/Cloud Run/GKE)
config = await anysecret.get_config_manager() # Uses GCP Secret Manager
# Local development
config = await anysecret.get_config_manager() # Uses .env files
```
### Manual Configuration
```python
from anysecret import ConfigManager
# Explicit provider configuration
config = ConfigManager({
'secret_manager': {
'type': 'aws',
'region': 'us-west-2'
},
'parameter_manager': {
'type': 'aws',
'region': 'us-west-2'
}
})
```
## API Reference
### Core Methods
```python
# Get values with auto-classification
value = await anysecret.get(key, default=None, hint=None)
# Explicit secret retrieval
secret = await config.get_secret(key)
secret_with_meta = await config.get_secret_with_metadata(key)
# Explicit parameter retrieval
param = await config.get_parameter(key)
param_with_meta = await config.get_parameter_with_metadata(key)
# Bulk operations
secrets = await config.get_secrets_by_prefix(prefix)
all_keys = await config.list_all_keys()
# Health checks
healthy = await config.health_check()
```
### Provider-Specific Managers
```python
# Direct provider access
from anysecret.providers import (
AwsSecretManager,
GcpSecretManager,
AzureSecretManager,
VaultSecretManager
)
aws_manager = AwsSecretManager({'region': 'us-west-2'})
secret = await aws_manager.get_secret_with_metadata('api-key')
```
## Security Best Practices
1. **Never log secrets** - Library never logs sensitive values
2. **Use auto-classification** - Reduces risk of misconfiguration
3. **Environment-specific configs** - Different providers per environment
4. **Encrypted local storage** - For development environments
5. **Regular rotation** - Use provider native rotation features
## Contributing
### Bug Reports
1. Check existing [issues](https://github.com/anysecret-io/anysecret-lib/issues)
2. Include Python version, provider type, and error details
3. Provide minimal reproduction case
### Feature Requests
1. Open [GitHub Discussion](https://github.com/anysecret-io/anysecret-lib/discussions)
2. Describe use case and expected behavior
3. Check if it fits with existing architecture
### Pull Requests
1. Fork the repository
2. Create feature branch from `main`
3. Add tests for new functionality
4. Ensure all tests pass: `pytest`
5. Follow existing code style
6. Update documentation if needed
## License
**GNU Affero General Public License v3.0 (AGPL-3.0)**
- ✅ Free for all users and commercial use
- ✅ Modify and distribute freely
- ⚠️ Must open-source modifications if offering as a service
For commercial licenses without AGPL requirements, visit [anysecret.io](https://anysecret.io/).
## Links
- **Documentation**: [docs.anysecret.io](https://docs.anysecret.io/)
- **PyPI Package**: [pypi.org/project/anysecret-io](https://pypi.org/project/anysecret-io)
- **Homepage**: [anysecret.io](https://anysecret.io/)
- **LLM Chat Agent**: [chat.anysecret.io](https://chat.anysecret.io/)
- **Discord**: [discord.gg/Js9pnRuQ](https://discord.gg/Js9pnRuQ)
- **Issues**: [GitHub Issues](https://github.com/anysecret-io/anysecret-lib/issues)
Raw data
{
"_id": null,
"home_page": null,
"name": "anysecret-io",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": null,
"keywords": "secrets, secret-management, cloud, aws, gcp, azure, vault, fastapi, async",
"author": null,
"author_email": "\"AnySecret.io Team\" <hello@anysecret.io>",
"download_url": "https://files.pythonhosted.org/packages/59/a3/ab9216842fe398db4dabc7620dc78219034a49bf22b3a5aa90b867ac13c6/anysecret_io-1.1.4.tar.gz",
"platform": null,
"description": "# AnySecret Library - Open Source Universal Secret Management\n\n[](https://pypi.org/project/anysecret-io/)\n[](https://pypi.org/project/anysecret-io/)\n[](https://github.com/anysecret-io/anysecret-lib/actions/workflows/test.yml)\n[](https://www.gnu.org/licenses/agpl-3.0)\n\n**Open source Python library for universal secret and configuration management across all major cloud providers.**\n\n## Overview\n\nThis is the core open source library that powers AnySecret.io. It provides a unified interface for secret and configuration management across AWS, Google Cloud, Azure, Kubernetes, HashiCorp Vault, and local file systems.\n\n## Key Features\n\n- **\ud83d\ude80 Universal API** - Single interface for all providers\n- **\ud83e\udd16 Smart Classification** - Automatic routing of secrets vs parameters \n- **\ud83d\udd04 Multi-Cloud** - AWS, GCP, Azure, K8s, Vault support\n- **\u26a1 Async First** - Built for modern Python applications\n- **\ud83d\udee1\ufe0f Security-Focused** - No logging/caching of sensitive values\n- **\ud83d\udce6 Zero Config** - Auto-detects cloud environments\n\n## Quick Start\n\n### Installation\n\n```bash\n# Basic installation\npip install anysecret-io\n\n# With cloud providers\npip install anysecret-io[aws,gcp,azure,k8s,vault]\n```\n\n### Basic Usage\n\n```python\nimport asyncio\nimport anysecret\n\nasync def main():\n # Auto-classification handles routing\n db_password = await anysecret.get(\"database.password\") # \u2192 Secure storage\n db_host = await anysecret.get(\"database.host\") # \u2192 Config storage\n \n # Get all secrets for your app\n config = await anysecret.get_config_manager()\n secrets = await config.get_secrets_by_prefix(\"myapp\")\n\nasyncio.run(main())\n```\n\n### CLI Usage\n\n```bash\n# Get secrets/parameters\nanysecret get database.password\nanysecret get api.timeout\n\n# List all\nanysecret list\n\n# Bulk operations\nanysecret bulk export --output .env\nanysecret bulk import secrets.json\n\n# Provider management\nanysecret providers list\nanysecret config validate\n```\n\n## Architecture\n\n### Core Components\n\n- **`anysecret.config_manager`** - Main configuration manager with auto-classification\n- **`anysecret.secret_manager`** - Base secret manager interface\n- **`anysecret.parameter_manager`** - Base parameter manager interface\n- **`anysecret.providers.*`** - Cloud provider implementations\n- **`anysecret.cli.*`** - Command-line interface\n\n### Provider Support\n\n| Provider | Secrets | Parameters | Status |\n|----------|---------|------------|--------|\n| AWS | Secrets Manager | Parameter Store | \u2705 Production |\n| GCP | Secret Manager | Config Connector | \u2705 Production |\n| Azure | Key Vault | App Configuration | \u2705 Production |\n| Kubernetes | Secrets | ConfigMaps | \u2705 Production |\n| HashiCorp Vault | KV v1/v2 | KV v1/v2 | \u2705 Production |\n| Encrypted Files | AES-256 | JSON/YAML | \u2705 Production |\n| Environment Files | .env | .env | \u2705 Production |\n\n## Development\n\n### Requirements\n\n- Python 3.10+ (3.8/3.9 support dropped for modern compatibility)\n- Optional cloud provider dependencies\n\n### Setup\n\n```bash\n# Clone repository\ngit clone https://github.com/anysecret-io/anysecret-lib.git\ncd anysecret-lib\n\n# Create virtual environment\npython -m venv venv\nsource venv/bin/activate\n\n# Install development dependencies\npip install -e \".[dev,all]\"\n\n# Run tests\npytest\n\n# Run specific test suites\npython run_tests.py smoke # Quick smoke tests\npython run_tests.py cli # CLI tests only\npython run_tests.py unit # Unit tests only\n```\n\n### Test Suite\n\n- **246 passing tests** across all providers and functionality\n- **20 integration tests** skipped (require cloud credentials)\n- **Comprehensive coverage** of all core features\n- **CI/CD integration** with GitHub Actions\n\n### Code Quality\n\n```bash\n# Format code\nblack anysecret tests\nisort anysecret tests\n\n# Type checking\nmypy anysecret\n\n# Linting\nflake8 anysecret\n```\n\n## Configuration\n\n### Environment Detection\n\nThe library automatically detects your environment and configures appropriate providers:\n\n```python\n# AWS (auto-detected from EC2/Lambda/ECS)\nimport anysecret\nconfig = await anysecret.get_config_manager() # Uses AWS Secrets Manager\n\n# GCP (auto-detected from GCE/Cloud Run/GKE) \nconfig = await anysecret.get_config_manager() # Uses GCP Secret Manager\n\n# Local development\nconfig = await anysecret.get_config_manager() # Uses .env files\n```\n\n### Manual Configuration\n\n```python\nfrom anysecret import ConfigManager\n\n# Explicit provider configuration\nconfig = ConfigManager({\n 'secret_manager': {\n 'type': 'aws',\n 'region': 'us-west-2'\n },\n 'parameter_manager': {\n 'type': 'aws', \n 'region': 'us-west-2'\n }\n})\n```\n\n## API Reference\n\n### Core Methods\n\n```python\n# Get values with auto-classification\nvalue = await anysecret.get(key, default=None, hint=None)\n\n# Explicit secret retrieval\nsecret = await config.get_secret(key)\nsecret_with_meta = await config.get_secret_with_metadata(key)\n\n# Explicit parameter retrieval \nparam = await config.get_parameter(key)\nparam_with_meta = await config.get_parameter_with_metadata(key)\n\n# Bulk operations\nsecrets = await config.get_secrets_by_prefix(prefix)\nall_keys = await config.list_all_keys()\n\n# Health checks\nhealthy = await config.health_check()\n```\n\n### Provider-Specific Managers\n\n```python\n# Direct provider access\nfrom anysecret.providers import (\n AwsSecretManager, \n GcpSecretManager,\n AzureSecretManager,\n VaultSecretManager\n)\n\naws_manager = AwsSecretManager({'region': 'us-west-2'})\nsecret = await aws_manager.get_secret_with_metadata('api-key')\n```\n\n## Security Best Practices\n\n1. **Never log secrets** - Library never logs sensitive values\n2. **Use auto-classification** - Reduces risk of misconfiguration\n3. **Environment-specific configs** - Different providers per environment\n4. **Encrypted local storage** - For development environments\n5. **Regular rotation** - Use provider native rotation features\n\n## Contributing\n\n### Bug Reports\n\n1. Check existing [issues](https://github.com/anysecret-io/anysecret-lib/issues)\n2. Include Python version, provider type, and error details\n3. Provide minimal reproduction case\n\n### Feature Requests\n\n1. Open [GitHub Discussion](https://github.com/anysecret-io/anysecret-lib/discussions)\n2. Describe use case and expected behavior\n3. Check if it fits with existing architecture\n\n### Pull Requests\n\n1. Fork the repository\n2. Create feature branch from `main`\n3. Add tests for new functionality\n4. Ensure all tests pass: `pytest`\n5. Follow existing code style\n6. Update documentation if needed\n\n## License\n\n**GNU Affero General Public License v3.0 (AGPL-3.0)**\n\n- \u2705 Free for all users and commercial use\n- \u2705 Modify and distribute freely\n- \u26a0\ufe0f Must open-source modifications if offering as a service\n\nFor commercial licenses without AGPL requirements, visit [anysecret.io](https://anysecret.io/).\n\n## Links\n\n- **Documentation**: [docs.anysecret.io](https://docs.anysecret.io/)\n- **PyPI Package**: [pypi.org/project/anysecret-io](https://pypi.org/project/anysecret-io)\n- **Homepage**: [anysecret.io](https://anysecret.io/)\n- **LLM Chat Agent**: [chat.anysecret.io](https://chat.anysecret.io/)\n- **Discord**: [discord.gg/Js9pnRuQ](https://discord.gg/Js9pnRuQ)\n- **Issues**: [GitHub Issues](https://github.com/anysecret-io/anysecret-lib/issues)\n",
"bugtrack_url": null,
"license": "AGPL-3.0-or-later",
"summary": "Universal secret manager for applications and CI/CD tools with CLI interface and multi-cloud support",
"version": "1.1.4",
"project_urls": {
"Bug Tracker": "https://github.com/anysecret-io/anysecret-lib/issues",
"Documentation": "https://github.com/anysecret-io/anysecret-lib/docs/quickstart.md",
"Homepage": "https://anysecret.io/",
"Repository": "https://github.com/anysecret-io/anysecret-lib"
},
"split_keywords": [
"secrets",
" secret-management",
" cloud",
" aws",
" gcp",
" azure",
" vault",
" fastapi",
" async"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "68949b22e318d71ba3c09060696ed2d6a0593fb32e6d7021f271e761f90064de",
"md5": "e690e792c6b119eb2a73d754789facaa",
"sha256": "eddd62a3a34a4f0a80b59ded090be50544e007cfd746b3e75dd3a9af55e93066"
},
"downloads": -1,
"filename": "anysecret_io-1.1.4-py3-none-any.whl",
"has_sig": false,
"md5_digest": "e690e792c6b119eb2a73d754789facaa",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 127890,
"upload_time": "2025-09-03T04:41:16",
"upload_time_iso_8601": "2025-09-03T04:41:16.766244Z",
"url": "https://files.pythonhosted.org/packages/68/94/9b22e318d71ba3c09060696ed2d6a0593fb32e6d7021f271e761f90064de/anysecret_io-1.1.4-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "59a3ab9216842fe398db4dabc7620dc78219034a49bf22b3a5aa90b867ac13c6",
"md5": "f09dc0368b49fe880e0ef3704afee84c",
"sha256": "88255577f6e47f452ae5a6f4e11ca530edadfe6bcb2bd6ac501a85a33696e760"
},
"downloads": -1,
"filename": "anysecret_io-1.1.4.tar.gz",
"has_sig": false,
"md5_digest": "f09dc0368b49fe880e0ef3704afee84c",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 157798,
"upload_time": "2025-09-03T04:41:18",
"upload_time_iso_8601": "2025-09-03T04:41:18.020901Z",
"url": "https://files.pythonhosted.org/packages/59/a3/ab9216842fe398db4dabc7620dc78219034a49bf22b3a5aa90b867ac13c6/anysecret_io-1.1.4.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-09-03 04:41:18",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "anysecret-io",
"github_project": "anysecret-lib",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [],
"lcname": "anysecret-io"
}
JSON
