Skip to main content

Configuration and credential waterfall with user-in-the-loop prompting and CLI access.

Project description

Dworshak 🌊

dworshak is a cross-platform credential and config management solution. There are options to manage encrypted cresentials, store plaintext config to JSON, or to leverage traditional Pythonic .env files. dworshak is the CLI layer which allows your to edit and inspect values which you can also obtain programatically by using the wider dworshak ecosystem. The dworshak ecosystem is build to be a configuration and credential waterfall with user-in-the-loop prompting.


Quick Start

# Install the CLI (for most environments)
pipx install "dworshak[crypto]"

# Bootstrap the security layer
dworshak setup

# Register your API credential
dworshak secret set "rjn_api"  "username"

# -> You will then be prompted, 
#    with the input characters securely hidden.

# Alternatively, if you want to have the option to hide/show the secret value without introducing it to console history,
# use the web or gui input
dworshak prompt obtain secret "rjn_api" "password" --interface web 

TL;DR: Use dworshak to securely store and retrieve secrets, configs, and env values in scripts. Enjoy the Obtain pattern. Supports Termux, Alpine, macOS, Linux, Windows. Clean stdout means you can assign variables directly:

PORT=$(dworshak prompt obtain config myapp port -e)


dworshak helptree

SVG of Dworshak CLI helptree

helptree is utility funtion for Typer CLIs, imported from the typer-helptree library.


🏗 The Ultimate Vision

To become a stable credential management tool for scripting the flow of Emerson Ovation data and related APIs, supporting multiple projects in and beyond at the Maxson Wastewater Treatment Plant.

Furthermore, we want to offer Python developers a seamless configuration management experience that they can enjoy for years to come, on all of their devices. We especially love unlocking superuser gains and rollout in Termux environments.

The Secret Sauce Behind dworshk-secret: Use Industry-standard AES (Fernet) encryption to manage a local ~/.dworshak/ directory which includes a .key file, a vault.db encrypted credential file, and a config.json file for controlling defaults.

🚀 Attributes

  • Secure Vault: Fernet-encrypted SQLite storage for API credentials.
  • Root of Trust: A local .key file architecture that works identically on Windows and Termux.
  • CLI Entry: A typer-based interface for setup and credential management.

Bash Scripting

Use dworshak to prompt for Microsoft Fabric / Azure credentials

#!/usr/bin/env bash
set -euo pipefail

# Prompt human securely
SQL_PASSWORD=$(dworshak prompt ask \
  --message "Enter Fabric SQL password" \
  --hide --emit)

# Push into Azure Key Vault
az keyvault secret set \
  --vault-name my-fabric-vault \
  --name sql-password \
  --value "$SQL_PASSWORD"

echo "Secret stored in Azure Key Vault"

Use dworshak to prompt for AWS credentials

#!/usr/bin/env bash
set -euo pipefail

# 1. Human-friendly prompt
DB_PASSWORD=$(dworshak prompt ask \
  --message "Enter production DB password" \
  --hide --emit)

# 2. Push into AWS Secrets Manager
aws secretsmanager put-secret-value \
  --secret-id prod/db/password \
  --secret-string "$DB_PASSWORD"

echo "Secret stored in AWS Secrets Manager"

Recommended aliases:

alias dwobsec='dworshak prompt obtain secret'
alias dwobfig='dworshak prompt obtain config'
alias dwobenv='dworshak prompt obtain env'

Typical installation (macOS, Ubuntu, Windows 11, etc)

pipx install "dworshak[crypto]"

Termux installation

pkg install python-cryptography
pipx install dworshak --system-site-packages

iSH Alpine installation

apk add py3-cryptography 
pipx install dworshak --system-site-packages


Sister Projects in the Dworshak Ecosystem

pipx install dworshak
pip install dworshak-secret
pip install dworshak-config
pip install dworshak-env
pip install dworshak-prompt

Documentation

Read the docs

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dworshak-1.3.5.3.tar.gz (9.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

dworshak-1.3.5.3-py3-none-any.whl (8.1 kB view details)

Uploaded Python 3

File details

Details for the file dworshak-1.3.5.3.tar.gz.

File metadata

  • Download URL: dworshak-1.3.5.3.tar.gz
  • Upload date:
  • Size: 9.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for dworshak-1.3.5.3.tar.gz
Algorithm Hash digest
SHA256 10f072a8c99714095732c5548aae50efc406d5cc0458eeb889b7733413745acc
MD5 b44a34d98651a9fb93553a0ef92092d9
BLAKE2b-256 eae855efe48b85d53067ba81c2b62a81bbf5685336b358063ce7b867184cb780

See more details on using hashes here.

Provenance

The following attestation bundles were made for dworshak-1.3.5.3.tar.gz:

Publisher: publish.yml on City-of-Memphis-Wastewater/dworshak

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file dworshak-1.3.5.3-py3-none-any.whl.

File metadata

  • Download URL: dworshak-1.3.5.3-py3-none-any.whl
  • Upload date:
  • Size: 8.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for dworshak-1.3.5.3-py3-none-any.whl
Algorithm Hash digest
SHA256 f0f1a08923d3fea4d608a22e92e5b1d8fdbdb41e19915c6b465b4295c84a773f
MD5 7581c300f7f9a990de0d4828fd6b2cec
BLAKE2b-256 332d199b5240222d38ced84648041fd0f8fed5ce1b8789e840d8d0d53cd48448

See more details on using hashes here.

Provenance

The following attestation bundles were made for dworshak-1.3.5.3-py3-none-any.whl:

Publisher: publish.yml on City-of-Memphis-Wastewater/dworshak

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page