Metadata-Version: 2.4
Name: locke
Version: 0.5.1
Summary: Unified credentials framework — encrypted config, OS keystore, Vaultwarden integration
Project-URL: Homepage, https://gitlab.com/martin-wieser/locke
Project-URL: Repository, https://gitlab.com/martin-wieser/locke
Project-URL: Issues, https://gitlab.com/martin-wieser/locke/-/issues
License: MIT
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: <3.15,>=3.11
Requires-Dist: click>=8.1
Requires-Dist: cryptography>=42.0
Requires-Dist: httpx>=0.27
Requires-Dist: keyring>=25.0
Requires-Dist: winrt-runtime>=3.0; sys_platform == 'win32'
Requires-Dist: winrt-windows-foundation>=3.0; sys_platform == 'win32'
Requires-Dist: winrt-windows-security-credentials-ui>=3.0; sys_platform == 'win32'
Provides-Extra: dev
Requires-Dist: pytest-cov>=5.0; extra == 'dev'
Requires-Dist: pytest>=8.0; extra == 'dev'
Description-Content-Type: text/markdown

# Locke — Python

Unified credentials framework — encrypted config, OS keystore, Vaultwarden integration.

## Install

```bash
pip install -e ".[dev]"
```

## Usage

### Library

```python
import locke

# Load and decrypt config → flat env vars
env = locke.load_config(".locke/config.encrypted.json")
# env["MONGO_URI"], env["SENTRY_DSN"], etc.

# Resolve a single credential
cred = locke.resolve_credential("LOCKE_ENCRYPTION_KEY")

# Get a vault secret
secret = locke.get_vault_secret("myproject/staging/api_key")
```

### CLI

```bash
# Decrypt + flatten → shell exports
eval $(locke env)

# Decrypt to stdout
locke decrypt

# Encrypt plaintext config
locke encrypt

# Manage OS keystore
locke keystore set LOCKE_ENCRYPTION_KEY --prompt
locke keystore get LOCKE_ENCRYPTION_KEY

# Get vault secret
locke vault get myproject/staging/api_key

# Initialize project
locke init --project myproject --tenant staging
```

## Environment Variables

| Variable | Purpose |
|----------|---------|
| `LOCKE_ENV` | Override environment detection |
| `LOCKE_ENCRYPTION_KEY` | Encryption key (if not in keystore) |
| `LOCKE_USE_BIOMETRIC` | Set `false` to disable biometric gating |
| `LOCKE_VAULT_URL` | Vaultwarden server URL |
| `LOCKE_VAULT_USERNAME` | Vaultwarden username |

## Testing

```bash
cd python
pip install -e ".[dev]"
pytest
```
