Metadata-Version: 2.3
Name: mlflow-secrets-auth
Version: 0.2.0
Summary: MLflow plugin that injects authentication headers from secret managers
License: Apache-2.0
Keywords: mlflow,authentication,secrets,vault,aws,azure
Author: Hugo Carvalho
Author-email: hugodanielsilvacarvalho.hc@gmail.com
Requires-Python: >=3.9,<4.0
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Classifier: Topic :: System :: Systems Administration :: Authentication/Directory
Provides-Extra: aws
Provides-Extra: azure
Provides-Extra: vault
Requires-Dist: azure-identity (>=1.24.0) ; extra == "azure"
Requires-Dist: azure-keyvault-secrets (>=4.10.0) ; extra == "azure"
Requires-Dist: boto3 (>=1.40.11) ; extra == "aws"
Requires-Dist: hvac (>=2.3.0) ; extra == "vault"
Requires-Dist: mlflow-skinny (>=2.20.4,<4.0)
Description-Content-Type: text/markdown

# MLflow Secrets Auth

A secure MLflow plugin that automatically injects authentication headers from secret management systems into tracking requests.

[![CI/CD Pipeline](https://github.com/hugodscarvalho/mlflow-secrets-auth/actions/workflows/ci-cd.yml/badge.svg)](https://github.com/hugodscarvalho/mlflow-secrets-auth/actions/workflows/ci.yml)
[![Coverage](https://codecov.io/gh/hugodscarvalho/mlflow-secrets-auth/branch/main/graph/badge.svg)](https://codecov.io/gh/hugodscarvalho/mlflow-secrets-auth)
[![PyPI version](https://img.shields.io/pypi/v/mlflow-secrets-auth.svg)](https://pypi.org/project/mlflow-secrets-auth/)
[![Python versions](https://img.shields.io/pypi/pyversions/mlflow-secrets-auth.svg)](https://pypi.org/project/mlflow-secrets-auth/)
[![License](https://img.shields.io/github/license/hugodscarvalho/mlflow-secrets-auth.svg)](LICENSE)

## Features

- **Zero Code Changes**: Works transparently with existing MLflow applications
- **Multiple Providers**: HashiCorp Vault, AWS Secrets Manager, Azure Key Vault
- **Security First**: Host allowlisting, credential redaction, in-memory caching only
- **Production Ready**: Automatic retries, TTL-based caching, comprehensive logging

## Quick Start

```bash
# Install with your preferred provider
pip install mlflow-secrets-auth[vault]

# Configure for HashiCorp Vault
export VAULT_ADDR="https://vault.company.com"
export VAULT_TOKEN="your-vault-token"
export MLFLOW_VAULT_SECRET_PATH="secret/mlflow/auth"
export MLFLOW_SECRETS_AUTH_ENABLE="vault"

# Activate the plugin in MLflow (required)
export MLFLOW_TRACKING_AUTH="mlflow_secrets_auth"

# Your MLflow code works unchanged
import mlflow
mlflow.set_tracking_uri("https://mlflow.company.com")
mlflow.start_run()  # Authentication happens automatically
```

## Demo

Try the complete working example with Vault + MLflow + Nginx:

```bash
git clone https://github.com/hugodscarvalho/mlflow-secrets-auth
cd mlflow-secrets-auth/examples/vault-nginx-mlflow
make demo
```

This demo shows the plugin working end-to-end with a real MLflow server protected by authentication.

## Supported Providers

| Provider | Install Command | Authentication | Status |
|----------|----------------|----------------|---------|
| HashiCorp Vault | `pip install mlflow-secrets-auth[vault]` | Token, AppRole | ✅ Available |
| AWS Secrets Manager | `pip install mlflow-secrets-auth[aws]` | IAM, Access Keys | ✅ Available |
| Azure Key Vault | `pip install mlflow-secrets-auth[azure]` | Service Principal, Managed Identity | ✅ Available |
| Google Secret Manager | `pip install mlflow-secrets-auth[gcp]` | Service Account, Workload Identity | 🚧 Planned |

## Documentation

- **[Getting Started](https://hugodscarvalho.github.io/mlflow-secrets-auth/getting-started/)** - Quick setup guide
- **[Configuration](https://hugodscarvalho.github.io/mlflow-secrets-auth/configuration/)** - Complete configuration reference
- **[Providers](https://hugodscarvalho.github.io/mlflow-secrets-auth/providers/vault/)** - Provider-specific setup
- **[Troubleshooting](https://hugodscarvalho.github.io/mlflow-secrets-auth/troubleshooting/)** - Common issues and solutions

## Requirements

- Python 3.9+
- MLflow 2.20.4+
- Provider-specific SDKs (installed with extras)

## License

Apache License 2.0 - see [LICENSE](LICENSE) file for details.

