SecretInput¶
Bases: ToolbarItem
A password/secret input field with visibility toggle and copy button.
Displays a masked input by default with icons on the right side: - Eye icon to toggle visibility (requests secret from backend) - Copy icon to copy value to clipboard (requests secret from backend)
Icons appear on hover/focus and input text is padded to not overlap them.
SECURITY: The secret value is NEVER rendered in HTML. When the user clicks the show or copy buttons, JavaScript emits events to request the secret from the backend. The backend must handle these events and respond with the actual value. This ensures secrets are only transmitted on explicit user action and never embedded in the DOM.
Events emitted:
- {event} - On input change: {value, componentId}
- {event}:reveal - On show click: {componentId} - backend should respond with secret
- {event}:copy - On copy click: {componentId} - backend should respond with secret
| ATTRIBUTE | DESCRIPTION |
|---|---|
value |
Secret value stored as SecretStr (NEVER rendered in HTML).
TYPE:
|
placeholder |
Placeholder text shown when empty (default: "").
TYPE:
|
debounce |
Milliseconds to debounce input events (default: 300).
TYPE:
|
show_toggle |
Show the visibility toggle button (default: True).
TYPE:
|
show_copy |
Show the copy to clipboard button (default: True).
TYPE:
|
handler |
Optional callable for custom secret storage.
Signature:
TYPE:
|
value_exists |
Flag indicating a value exists externally. If None, computed from value.
TYPE:
|
Examples:
Simple usage with internal storage:
Custom handler with component metadata:
>>> def api_key_handler(
... value,
... *,
... component_id,
... event,
... label=None,
... **metadata,
... ):
... if value is None:
... return secrets_manager.get(component_id)
... secrets_manager.set(component_id, value)
... return value
>>> SecretInput(
... event="settings:api_key",
... handler=api_key_handler,
... )
Attributes¶
property
¶
Check if a secret value is set (without exposing it).
Returns True if: - value_exists is explicitly True, OR - value_exists is None and internal value is non-empty
Functions¶
Build secret input HTML with visibility toggle and copy button.
When a value exists, a fixed mask (••••••••••••) is shown. Show/copy buttons emit events to request the real secret from the backend. Values are base64 encoded in transit for obfuscation.
Edit mode: - Click on edit button to enter edit mode - Switches to a resizable textarea (no wrapping, no formatting) - Confirm with blur or Ctrl+Enter - Cancel with Escape (restores mask) - Only transmits on confirm, not during typing
Register this SecretInput in the secret registry.
Called automatically by Toolbar when building HTML. If a custom handler is provided, it's registered for reveal/copy events. Otherwise, the internal value is registered for retrieval.
Update the stored secret value.
Use this when receiving a new value from user input. If a custom handler is configured, it will be called to store the value.
| PARAMETER | DESCRIPTION |
|---|---|
new_value
|
The new secret value. If encoded=True and this is a string, it will be base64-decoded first.
TYPE:
|
encoded
|
Whether the value is base64-encoded (for transit obfuscation).
TYPE:
|
Get the event type for reveal responses.
Get the current secret value.
If a custom handler is configured, calls handler with metadata. Otherwise, returns the internal value or from the registry.
| RETURNS | DESCRIPTION |
|---|---|
str | None
|
The secret value, or None if not set. |
auto_generate_component_id() -> ToolbarItem
Auto-generate component_id based on type if not provided.
classmethod
¶
Validate event follows namespace:event-name pattern.