Skip to main content

`dworshak-secret` is a light-weight library for local credential access. By adding `dworshak-secret` as a dependency to your Python project, you enable your program or script to leverage secure credentials.

Project description

dworshak-secret is a light-weight library for local credential access. By adding dworshak-secret as a dependency to your Python project, you enable your program or script to leverage secure credentials, typically added with the dworshak-prompt.Obtain().secret() function or managed directly with the dworshak CLI.

All secrets are stored Fernet-encrypted in a SQL database file. No opaque blobs — every entry is meaningful and decryptable via the library.

Example

Typical package inclusion. See below for guidance concerning Termux and iSH Alpine.

uv add "dworshak-secret[crypto]"
from dworshak_secret import DworshakSecret
from dworshak_prompt import Obtain

# Initialize the vault (create key and DB if missing)
client = DworshakSecret()
client.initialize_vault()

# Store and retrieve credentials by prompting the user on their local machine
obtain = Obtain()
username = obtain.secret("rjn_api", "username")
secret = obtain.secret("rjn_api", "password")

# ---

# Alternatively, store secrets with a script ....
## (NOT recommended to keep 'set' calls in your codebase or in system history)
client.set("rjn_api", "username", "davey.davidson")
client.set("rjn_api", "password", "s3cr3t")

## ...and then retrieve credentials in your codebase.
username = client.get("rjn_api", "username")
password = client.get("rjn_api", "password")

# ---

# List stored items
for service, item in client.list_contents():
    print(f"{service}/{item}")

Capture stdout environment variables for bash scripting by using the --emit flag

TESTSET=$(dworshak-secret set "myservice" "myitem" "myvalue" --emit)
echo $TESTSET

TESTGET=$(dworshak-secret get "myservice" "myitem" --emit)
echo $TESTGET

Running dworshak-secret set "myservice" "myitem", without including a value, will prompt the user for input, which will be hidden.

Alternatively, install the dworshak CLI and use:

TESTOBTAIN=$(dworshak prompt obtain secret "myservice" "myitem" --emit)
echo $TESTOBTAIN

This works because the multiplexer will skip the console input and route the user to the web interface or the GUI.


Include Cryptography Library

Here we cover using dworshak-secret as a dependency in your project.

The central question is how to properly include the cryptography package.

On a Termux system, cryptography can (B) be built from source or (A) the precompiled python-cryptography dedicated Termux package can be used.

Termux Installation

A. Use python-cryptography

This is faster but pollutes your local venv with other system site packages.

pkg install python-cryptography
uv venv --system-site-packages
uv add dworshak-secret

B. Allow cryptography to build from source (uv is better at this compared to using pip)

pkg install rust binutils
uv add "dworshak-secret[crypto]"

iSH Alpine installation

apk add py3-cryptography
uv venv --system-site-packages
uv add dworshak-secret

Why Dworshak Over keyring?

Keyring is the go-to for desktop Python apps thanks to native OS backends, but it breaks on Termux because there's no keyring daemon or secure fallback, leaving you with insecure plaintext or install headaches. Dworshak avoids that entirely with a portable, self-contained Fernet-encrypted SQLite vault that works the same on Linux, macOS, Windows, and Termux on Android tablets. You get reliable programmatic access via dworshak_secret.DworshakSecret().get() (or dworshak_prompt.Obtain().secret()). The Dworshak ecosystem is field-ready for real scripting workflows like API pipelines and skip-the-playstore localhost webapps. When keyring isn't viable, Dworshak just works.


CLI

dworshak is the intended CLI layer, but the dworshak-secret CLI can also be used directly.

pipx install "dworshak-secret[typer,crypto]"
dworshak-secret helptree

Screenshot of the Dworshak CLI helptree

helptree is utility function for Typer CLIs, imported from the typer-helptree library.


Sister Projects in the Dworshak Ecosystem

pipx install dworshak
pip install dworshak-secret
pip install dworshak-config
pip install dworshak-env
pip install dworshak-prompt

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dworshak_secret-1.3.5.1.tar.gz (24.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

dworshak_secret-1.3.5.1-py3-none-any.whl (26.6 kB view details)

Uploaded Python 3

File details

Details for the file dworshak_secret-1.3.5.1.tar.gz.

File metadata

  • Download URL: dworshak_secret-1.3.5.1.tar.gz
  • Upload date:
  • Size: 24.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for dworshak_secret-1.3.5.1.tar.gz
Algorithm Hash digest
SHA256 9331e25c0888188b27ea726de2e8fc50baa88a2b8d53c86e0619995477d99072
MD5 aa1d8f4134cdb397f529390149155592
BLAKE2b-256 ad558fc0eb1c56bdba9a1a6e33325fa89e568d1a1f06d61fd912178ee27c3a81

See more details on using hashes here.

Provenance

The following attestation bundles were made for dworshak_secret-1.3.5.1.tar.gz:

Publisher: publish.yml on City-of-Memphis-Wastewater/dworshak-secret

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file dworshak_secret-1.3.5.1-py3-none-any.whl.

File metadata

File hashes

Hashes for dworshak_secret-1.3.5.1-py3-none-any.whl
Algorithm Hash digest
SHA256 75ae2f771861c2e51f7f7ccfe597c561b52378a26e5c3d747ed7c271fcda0b27
MD5 bbcb64f4751760ca3fe6ab54320c316b
BLAKE2b-256 523004b01842e61e231874c9d63388ab0436b4e14d8525853b11e4c62af65a2d

See more details on using hashes here.

Provenance

The following attestation bundles were made for dworshak_secret-1.3.5.1-py3-none-any.whl:

Publisher: publish.yml on City-of-Memphis-Wastewater/dworshak-secret

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page