Python Dependencies
To add a Python dependency, simply add it to pyproject.toml's dependencies, as in the example below:
[project]
dependencies = [
"infisical-python>=2.1.8",
]
Of course, for tools that support it, you can simply use the CLI, as below:
poetry add infisical-python
Lock file
While Python doesn't have a lock file standard yet, other than using a tool that has a proprietary format (like Poetry), the most common way to do it is with a pip-compatible format like pip-tools uses.
Since the introduction of uv, dependencies are pinned by default using a requirements.lock file. If it exists, the Python SDK will use it directly to install dependencies, resulting in a faster installation.
Check compatibility with pip and pip-tools if migrating from or integrating with those tools.
The lock file is only created automatically for new modules. For existing modules that don't have it, it can be created (and updated) manually. For example:
uv pip compile --generate-hashes --update-all -o requirements.lock pyproject.toml sdk/pyproject.toml
The above command pulls in dependencies from pyproject.toml and sdk/pyproject.toml, gets their latest compatible versions, and writes them to requirements.lock with added hashes to verify integrity when downloading during install.
Make sure that ./sdk/pyproject.toml is up to date first with:
dagger develop
The lock file should only include dependencies, and not the editable installs for the ./sdk and current module.
Poetry's lock file
Dagger doesn't support running the poetry CLI. It depends on standards like PEP 517. That means that it doesn't know about the poetry.lock file, but the requirements.lock file can be generated with poetry export:
poetry export --with dev --without main -o requirements.lock
The dagger-io dev dependency is not exported correctly, so it needs to be removed:
sed -i '' '/dagger-io @/d' requirements.lock