wauth.vault module¶

Persistent storage layer for encrypted secrets using wsqlite.

class wauth.vault.SecretModel(*, key, value, type='text', created_at=0.0, updated_at=0.0, ttl=None)[source]¶

Pydantic model representing a stored secret.

Variables:

key (str) – Primary key — unique name of the secret.
value (str) – Encrypted ciphertext of the secret.
type (str) – Secret type, either "text" or "file".
created_at (float) – Unix timestamp when the secret was first stored.
updated_at (float) – Unix timestamp of the last modification.
ttl (float | None) – Optional time-to-live in seconds. None means no expiration.

model_config = {}¶: Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

class wauth.vault.Vault(db_path='~/.wisrovi/wauth.db')[source]¶

Encrypted secret storage backed by a SQLite database.

Parameters:: db_path (str) – Path to the SQLite database file. Defaults to ~/.wisrovi/wauth.db.

__init__(db_path='~/.wisrovi/wauth.db')[source]¶

save(key, encrypted_value, val_type='text', ttl=None)[source]¶

Save or update an encrypted secret in the vault.

Uses INSERT OR REPLACE semantics to upsert the secret by key. Timestamps are automatically managed.

Parameters:

Retrieve an encrypted secret by its key.

Parameters:: key (str) – Unique identifier for the secret.
Returns:: A tuple of (encrypted_value, type). Returns (None, None) if the key does not exist.
Return type:: Tuple[str | None, str | None]

delete(key)[source]¶

Delete a secret from the vault.

Parameters:

key (str) – Unique identifier for the secret to remove.

Raises:

list_keys()[source]¶

List all secret keys stored in the vault.

Return the number of secrets stored in the vault.