Skip to main content

Configuration and credential waterfall with user-in-the-loop prompting and CLI access.

Project description

Dworshak 🌊

dworshak is a cross-platform credential and config management solution. There are options to manage encrypted cresentials, store plaintext config to JSON, or to leverage traditional Pythonic .env files. dworshak is the CLI layer which allows your to edit and inspect values which you can also obtain programatically by using the wider dworshak ecosystem. The dworshak ecosystem is build to be a configuration and credential waterfall with user-in-the-loop prompting.


Quick Start

# Install the CLI (for most environments)
pipx install "dworshak[crypto]"

# Bootstrap the security layer
dworshak setup

# Register your API credential
dworshak secret set "rjn_api"  "username"

# -> You will then be prompted, 
#    with the input characters securely hidden.

# Alternatively, if you want to have the option to hide/show the secret value without introducing it to console history,
# use the web or gui input
dworshak prompt obtain secret "rjn_api" "password" --interface web 

TL;DR: Use dworshak to securely store and retrieve secrets, configs, and env values in scripts. Enjoy the Obtain pattern. Supports Termux, Alpine, macOS, Linux, Windows. Clean stdout means you can assign variables directly:

PORT=$(dworshak prompt obtain config myapp port -e)


dworshak helptree

SVG of Dworshak CLI helptree

helptree is utility funtion for Typer CLIs, imported from the typer-helptree library.


🏗 The Ultimate Vision

To become a stable credential management tool for scripting the flow of Emerson Ovation data and related APIs, supporting multiple projects in and beyond at the Maxson Wastewater Treatment Plant.

Furthermore, we want to offer Python developers a seamless configuration management experience that they can enjoy for years to come, on all of their devices. We especially love unlocking superuser gains and rollout in Termux environments.

The Secret Sauce Behind dworshk-secret: Use Industry-standard AES (Fernet) encryption to manage a local ~/.dworshak/ directory which includes a .key file, a vault.db encrypted credential file, and a config.json file for controlling defaults.

🚀 Attributes

  • Secure Vault: Fernet-encrypted SQLite storage for API credentials.
  • Root of Trust: A local .key file architecture that works identically on Windows and Termux.
  • CLI Entry: A typer-based interface for setup and credential management.

Bash Scripting

Use dworshak to prompt for Microsoft Fabric / Azure credentials

#!/usr/bin/env bash
set -euo pipefail

# Prompt human securely
SQL_PASSWORD=$(dworshak prompt ask \
  --message "Enter Fabric SQL password" \
  --hide --emit)

# Push into Azure Key Vault
az keyvault secret set \
  --vault-name my-fabric-vault \
  --name sql-password \
  --value "$SQL_PASSWORD"

echo "Secret stored in Azure Key Vault"

Use dworshak to prompt for AWS credentials

#!/usr/bin/env bash
set -euo pipefail

# 1. Human-friendly prompt
DB_PASSWORD=$(dworshak prompt ask \
  --message "Enter production DB password" \
  --hide --emit)

# 2. Push into AWS Secrets Manager
aws secretsmanager put-secret-value \
  --secret-id prod/db/password \
  --secret-string "$DB_PASSWORD"

echo "Secret stored in AWS Secrets Manager"

Recommended aliases:

alias dwobsec='dworshak prompt obtain secret'
alias dwobfig='dworshak prompt obtain config'
alias dwobenv='dworshak prompt obtain env'

Typical installation (macOS, Ubuntu, Windows 11, etc)

pipx install "dworshak[crypto]"

Termux installation

pkg install python-cryptography
pipx install dworshak --system-site-packages

iSH Alpine installation

apk add py3-cryptography 
pipx install dworshak --system-site-packages


Sister Projects in the Dworshak Ecosystem

pipx install dworshak
pip install dworshak-secret
pip install dworshak-config
pip install dworshak-env
pip install dworshak-prompt

Documentation

Read the docs

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dworshak-1.3.5.2.tar.gz (9.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

dworshak-1.3.5.2-py3-none-any.whl (8.1 kB view details)

Uploaded Python 3

File details

Details for the file dworshak-1.3.5.2.tar.gz.

File metadata

  • Download URL: dworshak-1.3.5.2.tar.gz
  • Upload date:
  • Size: 9.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for dworshak-1.3.5.2.tar.gz
Algorithm Hash digest
SHA256 56f4662403c5a6b0a438b0ea2960310e360aaf07c2d286658638261498dc6ce9
MD5 133ecf949b6c14eeedc9ddf5e4bf96cd
BLAKE2b-256 6464efc297d91f1b044e271b54206dfcd01c11b249f9ea18c7f03b319ec73c70

See more details on using hashes here.

Provenance

The following attestation bundles were made for dworshak-1.3.5.2.tar.gz:

Publisher: publish.yml on City-of-Memphis-Wastewater/dworshak

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file dworshak-1.3.5.2-py3-none-any.whl.

File metadata

  • Download URL: dworshak-1.3.5.2-py3-none-any.whl
  • Upload date:
  • Size: 8.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for dworshak-1.3.5.2-py3-none-any.whl
Algorithm Hash digest
SHA256 846bc0d76ea77f1ea4652bae169aa97026601d0db446715ebdfb77323d54f846
MD5 1b3ffb47dea0ed4c3b73e4ba0dcbdef5
BLAKE2b-256 fa9a0dff3ca7a4039a21903443ae629b46e55a53b183397833f1d7b66025fcf0

See more details on using hashes here.

Provenance

The following attestation bundles were made for dworshak-1.3.5.2-py3-none-any.whl:

Publisher: publish.yml on City-of-Memphis-Wastewater/dworshak

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page