credentials
sqllocks_spindle.fabric.credentials
¶
Credential resolver — resolve secrets from env vars, Key Vault, files, or raw values.
Supports URI-style credential references so that connection strings and secrets are never hard-coded:
env://VARIABLE_NAME— read from environment variablekv://vault-name/secret-name— read from Azure Key Vault (requiresazure-identity+azure-keyvault-secrets)file:///path/to/secret.txt— read from a local file (first line, stripped)- Any other value — passed through as-is (raw)
Usage::
from sqllocks_spindle.fabric.credentials import CredentialResolver
resolver = CredentialResolver()
conn_str = resolver.resolve("env://SPINDLE_SQL_CONNECTION")
secret = resolver.resolve("kv://my-vault/my-secret")
raw = resolver.resolve("Server=localhost;Database=db")
Classes¶
CredentialResolver
¶
Resolve credential references into concrete secret values.
The resolver supports four URI schemes:
env://VAR— environment variable lookupkv://vault/secret— Azure Key Vault lookup (lazy import)file:///path— read secret from a local file- Anything else — returned verbatim (raw passthrough)
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
cache
|
bool
|
If |
True
|
Methods:¶
resolve(ref)
¶
Resolve a credential reference to its concrete value.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
ref
|
str
|
A credential URI ( |
required |
Returns:
| Type | Description |
|---|---|
str
|
The resolved secret string. |
Raises:
| Type | Description |
|---|---|
CredentialError
|
If the reference cannot be resolved. |
clear_cache()
¶
Clear all cached credential values.
CredentialError
¶
Bases: Exception
Raised when a credential reference cannot be resolved.