{"id":22592110,"url":"https://github.com/maroux/berglas-python","last_synced_at":"2025-09-09T01:42:49.596Z","repository":{"id":57414646,"uuid":"198925127","full_name":"maroux/berglas-python","owner":"maroux","description":"Python library for Berglas","archived":false,"fork":false,"pushed_at":"2023-04-27T18:48:37.000Z","size":49,"stargazers_count":5,"open_issues_count":4,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-08-16T02:53:13.634Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/maroux.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-07-26T01:32:03.000Z","updated_at":"2024-11-01T23:16:11.000Z","dependencies_parsed_at":"2025-04-12T07:45:23.444Z","dependency_job_id":null,"html_url":"https://github.com/maroux/berglas-python","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/maroux/berglas-python","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maroux%2Fberglas-python","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maroux%2Fberglas-python/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maroux%2Fberglas-python/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maroux%2Fberglas-python/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/maroux","download_url":"https://codeload.github.com/maroux/berglas-python/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maroux%2Fberglas-python/sbom","scorecard":{"id":621004,"data":{"date":"2025-08-11","repo":{"name":"github.com/maroux/berglas-python","commit":"5110d8b3538e6430fc0ab2d1da011715c95c81f3"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.5,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":2,"reason":"Found 2/10 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: pipCommand not pinned by hash: scripts/distribute.sh:3","Warn: pipCommand not pinned by hash: scripts/pip-compile.sh:8","Warn: pipCommand not pinned by hash: scripts/pip-compile.sh:17","Warn: pipCommand not pinned by hash: scripts/release.sh:19","Warn: pipCommand not pinned by hash: scripts/run-tests.sh:21","Warn: pipCommand not pinned by hash: scripts/test-setup.sh:8","Warn: pipCommand not pinned by hash: scripts/test-setup.sh:9","Info:   0 out of   7 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 8 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-21T05:13:17.330Z","repository_id":57414646,"created_at":"2025-08-21T05:13:17.330Z","updated_at":"2025-08-21T05:13:17.330Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274232025,"owners_count":25245856,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-08T02:00:09.813Z","response_time":121,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-08T09:15:26.409Z","updated_at":"2025-09-09T01:42:49.565Z","avatar_url":"https://github.com/maroux.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"Berglas Library for Python\n==========================\n\n.. image:: https://travis-ci.org/maroux/berglas-python.svg?branch=master\n    :target: https://travis-ci.org/maroux/berglas-python\n\n.. image:: https://coveralls.io/repos/github/maroux/berglas-python/badge.svg?branch=master\n    :target: https://coveralls.io/github/maroux/berglas-python?branch=master\n\n.. image:: https://img.shields.io/pypi/v/berglas.svg?style=flat-square\n    :target: https://pypi.python.org/pypi/berglas\n\n.. image:: https://img.shields.io/pypi/pyversions/berglas.svg?style=flat-square\n    :target: https://pypi.python.org/pypi/berglas\n\n.. image:: https://img.shields.io/pypi/implementation/berglas.svg?style=flat-square\n    :target: https://pypi.python.org/pypi/berglas\n\n.. image:: https://img.shields.io/badge/code%20style-black-000000.svg\n    :target: https://github.com/ambv/black\n\nThis library automatically parses berglas references when imported.\n\nOnly Python 3.6+ is supported currently.\n\nYou can find the latest, most up to date, documentation on `Github`_.\n\nQuick Start\n-----------\n\nInstall library:\n\n.. code:: sh\n\n    pip install berglas\n\nImport the module:\n\n.. code:: python\n\n    import berglas.auto  # noqa\n\nWhen imported, the `berglas` module will:\n\n1. Detect the runtime environment and call the appropriate API to get the list\nof environment variables that were set on the resource at deploy time\n\n1. Download and decrypt any secrets that match the `Berglas environment\nvariable reference syntax`_\n\n1. Replace the value for the environment variable with the decrypted secret\n\nYou can also opt out of auto-parsing and call the library yourself instead:\n\n.. code:: python\n\n    import os\n\n    from berglas import resolver\n\n    if __name__ == '__main__':\n        client = resolver.Client()\n        client.replace(\"MY_SECRET\")\n        print(os.environ[\"MY_SECRET\"])\n\n        // alternatively, use resolve method to simply get the value without updating environment:\n        my_secret = client.resolve(os.environ[\"MY_SECRET\"])\n        print(my_secret)\n\nRelease Notes\n-------------\n\nv0.1\n~~~~\n\n- First version\n\nDevelopment\n-----------\n\nGetting Started\n~~~~~~~~~~~~~~~\nAssuming that you have Python, ``pyenv`` and ``pyenv-virtualenv`` installed, set up your\nenvironment and install the required dependencies like this instead of\nthe ``pip install berglas`` defined above:\n\n.. code:: sh\n\n    $ git clone https://github.com/maroux/berglas-python.git\n    $ cd python\n    $ pyenv virtualenv 3.9.14 berglas-3.9\n    ...\n    $ pyenv shell berglas-3.9\n    $ pip install setuptools==58\n    $ pip install -r requirements/dev-3.9.txt\n\nUpdating Requirements Files\n~~~~~~~~~~~~~~~~~~~~~~~~~~~\nUpdate the `install_requires` variable in `setup.py` and then from the pyenv virtualenv shell run:\n.. code:: sh\n\n    $ python -m pip install pip==18.0 pip-tools==3.2.0 --upgrade\n    $ make pip_compile\n\nRunning Tests\n~~~~~~~~~~~~~\nYou can run tests in using ``make test``. By default,\nit will run all of the unit and functional tests, but you can also specify your own\n``py.test`` options.\n\n.. code:: sh\n\n    $ py.test\n\n\nGetting Help\n------------\n\nWe use GitHub issues for tracking bugs and feature requests.\n\n* If it turns out that you may have found a bug, please `open an issue \u003chttps://github.com/maroux/berglas-python/issues/new\u003e`__\n\n.. _Github: github.com/maroux/berglas-python\n.. _Berglas environment variable reference syntax: https://github.com/GoogleCloudPlatform/berglas/blob/master/doc/reference-syntax.md\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaroux%2Fberglas-python","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmaroux%2Fberglas-python","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaroux%2Fberglas-python/lists"}