+ iRRt^RIt^RIt^RIHtRtRtR RltR RltRt Rt R#) a vault_client.py =============== Reusable vault credential retrieval for all SKG pipeline scripts. Place this file in VAULT_DIR alongside vault.py. Reads from environment (load_dotenv must be called before importing): OS env vars : VAULT_DIR - folder containing vault.py VPATH - path to vault.enc ID_ENC - AES-encrypted master password .env file : VAULT_KEY - Fernet key that decrypts ID_ENC Public API: from vault_client import get_vault_credentials, get_wallet_password db_user, db_password = get_vault_credentials('MULBUILDDB1') wallet_pw = get_wallet_password('C:/code/wallet/Wallet_MULBUILDDB1') Author: M Dombaugh Version: 1.0 - Initial implementation with encrypted master password support. Fernet symmetric encryption: ID_ENC (OS env) decrypted by VAULT_KEY (.env). Falls back to plain ID env var for backward compatibility. N)Pathc^RIHpV# \dMi;i.p\P!R4pT'dTP \ T44TP\ P!4R, \ R4\ P!4R, .4TFpTP4'gK\T4\P9gK;\PP^\T44^RIHpTu# \d$\PP^4Ki;i R#)z Attempt to import SecureVault. Searches VAULT_DIR env var first, then a small set of conventional fallback locations. Returns SecureVault class or None. ) SecureVault VAULT_DIRz .secure_vaultzC:/Oracle/vaultvaultN)rr ImportErrorosgetenvappendrextendhomecwdexistsstrsyspathinsertpop)r search_paths vault_dir_envfolders %C:\code\desktop_vault\vault_client.py_import_secure_vaultr"s  %    LIIk*MD/0 o%   W  ==??s6{#((: HHOOAs6{ + -""  Q  s  D*EEc\P!R4p\P!R4pV'dV'd^RIHpHp\ V\ 4'dVP4MTp\ V\ 4'dVP4MTpV!V4PV4P4#\P!R4pV'dV#\R4R# \dp\RT 24Rp?R#Rp?ii;i)z Decrypt master password from ID_ENC (OS env) using VAULT_KEY (.env). Falls back to plain ID env var for backward compatibility. Returns decrypted master password string or None. VAULT_KEYID_ENC)Fernet InvalidTokenz+[VAULT] Failed to decrypt master password: NIDzD[VAULT] No master password available. Set ID_ENC + VAULT_KEY, or ID.) rr cryptography.fernetrr isinstancerencodedecryptdecode Exceptionprint) vault_keyid_encrrkeytokeneplains r_get_master_passwordr,Hs  +&I (#FV  @(29c(B(B)""$ C'1&#'>'>FMMOFE#;&&u-446 6 IIdOE   PQ   ?sC D sA MULBUILDDB1_WALLET Args: oracle_wallet_path : Path to the wallet folder (string or Path). Matches ORACLE_WALLET_PATH in .env. Returns: Wallet password string, or None on failure. Example: wallet_pw = get_wallet_password('C:/code/wallet/Wallet_MULBUILDDB1') Wallet_wallet__WALLETr=z.[VAULT] No wallet password found for service: N)rnamereplacestripr;r>r%)oracle_wallet_path wallet_folderr6r?s& rget_wallet_passwordrLsu",-22M B  B      L )E yy$$ :<. IJ rAc\V4PpVPRR4PRR4P4#)z} Utility: derive the vault service name from a wallet folder path. e.g. 'C:/code/wallet/Wallet_MULBUILDDB1' -> 'MULBUILDDB1' rCrDrE)rrGrHrI)rJrKs& r!get_service_name_from_wallet_pathrNs< +,11M B  B   rA)N) __doc__rrpathlibrrr,r;r@rLrNrArrRs72  L@)`,@ rA