Credential Resolution
Overview
The Credentials module provides the core components for the "just-in-time" secret resolution system used throughout the Athomic Layer. Its purpose is to securely handle sensitive values that might be raw strings, protected Pydantic SecretStr types, or lazy-loading CredentialProxy objects.
Key Components
CredentialProxy: A lightweight object that replaces a secret reference in the configuration at startup. It holds a function that knows how to fetch the real secret from a provider but doesn't execute it until the secret is actually needed.CredentialResolve: A mixin class that provides the_resolve_credentialand_decode_credential_to_strhelper methods. Any service that needs to handle a potentially unresolved secret (like a database provider needing a password) inherits from this mixin to safely get the final secret value.
For a more detailed explanation, see the Secrets Management documentation.
API Reference
nala.athomic.credentials.proxy.CredentialProxy
A lazy-loading proxy for a secret value.
It holds a reference to the secrets provider and the secret's location (path/key).
It fetches the secret's actual value "just-in-time" only when its get()
method is explicitly awaited. This ensures that the application always uses
the most up-to-date credential, supporting secret rotation.
get()
async
Fetches the secret's value just-in-time from the secrets provider.
Returns:
| Type | Description |
|---|---|
Optional[Any]
|
A Resolved secret value, or None if not found. |
nala.athomic.credentials.base.CredentialResolve
A mixin class providing standardized methods for resolving credentials.
This class is intended to be inherited by services or providers that need
to handle sensitive data. It centralizes the logic for unwrapping various
credential types—such as raw strings, Pydantic's SecretStr, or a lazy-loading
CredentialProxy—into their final, usable form.