Skip to main content

Configuration and credential waterfall with user-in-the-loop prompting and CLI access.

Project description

Dworshak 🌊

dworshak is a cross-platform credential and config management solution. There are options to manage encrypted cresentials, store plaintext config to JSON, or to leverage traditional Pythonic .env files. dworshak is the CLI layer which allows your to edit and inspect values which you can also obtain programatically by using the wider dworshak ecosystem. The dworshak ecosystem is build to be a configuration and credential waterfall with user-in-the-loop prompting.


Quick Start

# Install the CLI (for most environments)
pipx install "dworshak[crypto]"

# Bootstrap the security layer
dworshak setup

# Register your API credential
dworshak secret set "rjn_api"  "username"

# -> You will then be prompted, 
#    with the input characters securely hidden.

# Alternatively, if you want to have the option to hide/show the secret value without introducing it to console history,
# use the web or gui input
dworshak prompt obtain secret "rjn_api" "password" --interface web 

TL;DR: Use dworshak to securely store and retrieve secrets, configs, and env values in scripts. Enjoy the Obtain pattern. Supports Termux, Alpine, macOS, Linux, Windows. Clean stdout means you can assign variables directly:

PORT=$(dworshak prompt obtain config myapp port -e)


dworshak helptree

SVG of Dworshak CLI helptree

helptree is utility funtion for Typer CLIs, imported from the typer-helptree library.


🏗 The Ultimate Vision

To become a stable credential management tool for scripting the flow of Emerson Ovation data and related APIs, supporting multiple projects in and beyond at the Maxson Wastewater Treatment Plant.

Furthermore, we want to offer Python developers a seamless configuration management experience that they can enjoy for years to come, on all of their devices. We especially love unlocking superuser gains and rollout in Termux environments.

The Secret Sauce Behind dworshk-secret: Use Industry-standard AES (Fernet) encryption to manage a local ~/.dworshak/ directory which includes a .key file, a vault.db encrypted credential file, and a config.json file for controlling defaults.

🚀 Attributes

  • Secure Vault: Fernet-encrypted SQLite storage for API credentials.
  • Root of Trust: A local .key file architecture that works identically on Windows and Termux.
  • CLI Entry: A typer-based interface for setup and credential management.

Bash Scripting

Use dworshak to prompt for Microsoft Fabric / Azure credentials

#!/usr/bin/env bash
set -euo pipefail

# Prompt human securely
SQL_PASSWORD=$(dworshak prompt ask \
  --message "Enter Fabric SQL password" \
  --hide --emit)

# Push into Azure Key Vault
az keyvault secret set \
  --vault-name my-fabric-vault \
  --name sql-password \
  --value "$SQL_PASSWORD"

echo "Secret stored in Azure Key Vault"

Use dworshak to prompt for AWS credentials

#!/usr/bin/env bash
set -euo pipefail

# 1. Human-friendly prompt
DB_PASSWORD=$(dworshak prompt ask \
  --message "Enter production DB password" \
  --hide --emit)

# 2. Push into AWS Secrets Manager
aws secretsmanager put-secret-value \
  --secret-id prod/db/password \
  --secret-string "$DB_PASSWORD"

echo "Secret stored in AWS Secrets Manager"

Recommended aliases:

alias dwobsec='dworshak prompt obtain secret'
alias dwobfig='dworshak prompt obtain config'
alias dwobenv='dworshak prompt obtain env'

Typical installation (macOS, Ubuntu, Windows 11, etc)

pipx install "dworshak[crypto]"

Termux installation

pkg install python-cryptography
pipx install dworshak --system-site-packages

iSH Alpine installation

apk add py3-cryptography 
pipx install dworshak --system-site-packages


Sister Projects in the Dworshak Ecosystem

pipx install dworshak
pip install dworshak-secret
pip install dworshak-config
pip install dworshak-env
pip install dworshak-prompt

Documentation

Read the docs

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dworshak-1.3.3.tar.gz (9.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

dworshak-1.3.3-py3-none-any.whl (7.3 kB view details)

Uploaded Python 3

File details

Details for the file dworshak-1.3.3.tar.gz.

File metadata

  • Download URL: dworshak-1.3.3.tar.gz
  • Upload date:
  • Size: 9.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for dworshak-1.3.3.tar.gz
Algorithm Hash digest
SHA256 70daafae33dc2a5f62fde281d2f56391687e8aa702535dc63f233c598ffd0fea
MD5 e24a01d7f2862c32564e4d7b8d4e4571
BLAKE2b-256 4c92b9e6a006bb7d6daaadf7fdee142696e62f55a728697e2504ea828856b1cc

See more details on using hashes here.

Provenance

The following attestation bundles were made for dworshak-1.3.3.tar.gz:

Publisher: publish.yml on City-of-Memphis-Wastewater/dworshak

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file dworshak-1.3.3-py3-none-any.whl.

File metadata

  • Download URL: dworshak-1.3.3-py3-none-any.whl
  • Upload date:
  • Size: 7.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for dworshak-1.3.3-py3-none-any.whl
Algorithm Hash digest
SHA256 329e64e5c5eb1ad5a7b383c0a900f34e740c301bd42b46d0e9103e7a8fcb835f
MD5 61cf7e45db271ae3d32340f0c0d5d5f1
BLAKE2b-256 e613849ce7fa1569bc8cd8225aff4ed03026872d1d9ec701505b83e13c32a123

See more details on using hashes here.

Provenance

The following attestation bundles were made for dworshak-1.3.3-py3-none-any.whl:

Publisher: publish.yml on City-of-Memphis-Wastewater/dworshak

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page