Skip to content

BaseSecretBackend API

BaseSecretBackend

Bases: ABC

Contract that every secrets backend must fulfil.

METHOD DESCRIPTION
add_secret

Store a new secret.
get_secret

Retrieve a secret by name. Raises a backend-specific NotFound error if not found.
update_secret

Update an existing secret. Raises a backend-specific NotFound error if not found.
delete_secret

Delete a secret. Raises if not found.
list_secrets

List secret names, optionally under a path prefix.

add_secret(name: str, secret: Dict[str, Any]) -> None abstractmethod

Store a new secret.

Behavior varies by backend: - VaultBackend: creates a new KV-v2 version if the path already exists (idempotent/overwrite). - KeyringBackend: raises KeyringError if the name already exists. - EnvFileBackend: raises EnvFileKeyExistsError if any key already exists.

Do not assume idempotency when calling through SecretsManager.

Source code in src/credential_bridge/backends/base.py
Python
33
34
35
36
37
38
39
40
41
42
43
@abstractmethod
def add_secret(self, name: str, secret: Dict[str, Any]) -> None:
    """Store a new secret.

    Behavior varies by backend:
    - VaultBackend: creates a new KV-v2 version if the path already exists (idempotent/overwrite).
    - KeyringBackend: raises KeyringError if the name already exists.
    - EnvFileBackend: raises EnvFileKeyExistsError if any key already exists.

    Do not assume idempotency when calling through SecretsManager.
    """

get_secret(name: str) -> Dict[str, Any] abstractmethod

Retrieve a secret by name. Raises a backend-specific NotFound error if not found.

Source code in src/credential_bridge/backends/base.py
Python
45
46
47
@abstractmethod
def get_secret(self, name: str) -> Dict[str, Any]:
    """Retrieve a secret by name. Raises a backend-specific NotFound error if not found."""

update_secret(name: str, secret: Dict[str, Any]) -> None abstractmethod

Update an existing secret. Raises a backend-specific NotFound error if not found.

Behavior varies by backend: - VaultBackend: merges supplied keys into the existing secret (other keys are preserved). - KeyringBackend: replaces the entire stored dict with the new value. - EnvFileBackend: replaces each supplied key in-place; raises if any key is missing.

Source code in src/credential_bridge/backends/base.py
Python
49
50
51
52
53
54
55
56
57
@abstractmethod
def update_secret(self, name: str, secret: Dict[str, Any]) -> None:
    """Update an existing secret. Raises a backend-specific NotFound error if not found.

    Behavior varies by backend:
    - VaultBackend: merges supplied keys into the existing secret (other keys are preserved).
    - KeyringBackend: replaces the entire stored dict with the new value.
    - EnvFileBackend: replaces each supplied key in-place; raises if any key is missing.
    """

delete_secret(name: str) -> None abstractmethod

Delete a secret. Raises if not found.

Source code in src/credential_bridge/backends/base.py
Python
59
60
61
@abstractmethod
def delete_secret(self, name: str) -> None:
    """Delete a secret. Raises if not found."""

list_secrets(path: str = '') -> List[str] abstractmethod

List secret names, optionally under a path prefix.

Source code in src/credential_bridge/backends/base.py
Python
63
64
65
@abstractmethod
def list_secrets(self, path: str = "") -> List[str]:
    """List secret names, optionally under a path prefix."""