This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (pypi.python.org).
Help us improve Python packaging - Donate today!

Django Centralised Environment Variables Service

Project Description

django-cenvars

What is it?

Django Cenvars is the reference implementation of cenvars, the Centralised Environment Variables Service. Cenvars describes a method by which a machine fetches and sets environmental variables that are stored on a central server.

What problem does it solve?

When developing server side applications you often have to store username and passwords for the interaction with other services. As storing these security sensitive information in the repository is a huge risk, developers often have to resort to either having a non-versioned secret file or store these in the environment variables. Both solutions provide a problem with management of these data points. django-cenvars mitigates the management side of these problems by requiring only the cenvars connection details to be stored in the environment. All other variables can than be resolved via this service.

The Protocol

Overview

For encryption we use both RSA and AES, for AES a 256 bit key is used which is encrypted with an 2048 bit RSA key. The RSA is an asymmetric key, the decryption key (Private key) is used by the client, whilst the encryption key (Public key) is used by the server.

Prior to sending the ‘data’ to the client, the server creates a new 256 bit AES key. This key is used to encrypt the text block and than is encrypter with the RSA encryption key. The resulting blob is prepended to the

> json dict > zip > AES encrypt >

> https://example.com/cenvars/?identifier=hexdigest < BLOB

(this is the hexdigest of the N value of an RSA key).

Caveat

Introducing single points of failure in your architecture should not be undertaken lightly, unless having a centralised variables services makes sense in your setup, I would recommend against using this service.

The cryptography used in the library (RSA and AES) are there to provide a barrier for accidental leaking of the raw file data, however the access keys are in the end stored on the machines themselves, thus having login access to the client machine will show all the environment variables of that machine. Having login access to the server will reveal all environmental variables.

Proceed with caution, be forewarned and vigilant, you are putting all eggs into one basket here, however unless you have another way to cryptographically store and injecting environmental variables, this will be a big improvement, both for security and management.

How do I install it?

$ pip install django-cenvars

How do I use it?

This is an Django-Integrator compliant project, thus in the settings file add:

django_integrator.add_application('django_cenvars')

You will also need to set the following environment variables:

  • CENVARS_URL
  • CENVARS_KEY

The CENVARS_URL is the url where the exernal client can connect to the server and get it’s environment variables.

The CENVARS_KEY is the encryption key used for encrypting the data in the persistent database. It can be generated with the following command:

python manage.py cenvars_newkey

What license is this?

Two-clause BSD

How can I get support?

Please use the repo’s bug tracker to leave behind any questions, feedback, suggestions and comments. I will handle them depending on my time and what looks interesting. If you require guaranteed support please contact me via e-mail so we can discuss appropriate compensation.

Signing Off

Is my work helpful or valuable to you? You can repay me by donating via:

https://paypal.me/MartinHellwig

-or-

https://www.patreon.com/hellwig

Thank you!

Release History

Release History

This version
History Node

0.0.1.2

History Node

0.0.1.1

History Node

0.0.0.6

History Node

0.0.0.5

History Node

0.0.0.4

History Node

0.0.0.3

History Node

0.0.0.2

History Node

0.0.0.1

Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
django-cenvars-0.0.1.2.tar.gz (10.4 kB) Copy SHA256 Checksum SHA256 Source Oct 31, 2016

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting