Use cryptography.Fernet to encrypt and store a tempfile, automatically store the key in keyring. Indended to thrawrt only the most basic filesystem scans for plaintext tokens.
Project description
Fernet Keyring Tempfile
WARNING: you should read the source code and understand this package, or do not use it. If you do choose to use it, then that is at your own risk. It is a naive and simple secret storage system. The main purpose is to avoid storing plaintext tokens on disk between python notebook sessions.
A better solution would be to use the
keyringpackage directly, but on windows there is some silly limit on the size of a password (1280 characters?) that means I need to save my secret to disk instead.When used as demonstrated below it does not guard against any serious attack, rather, it might stop a hypothetical file system scan from detecting an unencrypted token stored on disk. If an attacker has remote code execution, and can run a python script under your Username, then they can retrieve the secret as easily as you can by running the code similar to the example below. However if their process is running under another username, or they just got access to your storage device without remote code execution, then perhaps this method offers some level of protection.
This package uses cryptography.Fernet().encrypt() to encrypt and store a file
in your machines temporary folder (determined using tempfile.gettempdir()).
The key is generated using cryptography.Fernet.generate_key() and is
automatically stored in your system's secret storage using
keyring.set_password().
from fernet_keyring_tempfile import FernetKeyringTempfile
(
FernetKeyringTempfile(
application_name="TEST_APPLICATION_NAME"
)
.store("SECRET MESSAGE!".encode("utf-8"))
)
Later:
from fernet_keyring_tempfile import FernetKeyringTempfile
print(
FernetKeyringTempfile(
application_name"TEST_APPLICATION_NAME"
)
.load()
.decode("utf-8")
)
# >> "SECRET MESSAGE!"
Note that if the passphrase (e.g. "TEST_APPLICATION_NAME") appears in
plaintext in the example above then there is a hole in security since the
attacker can presumably also see your source code.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file fernet_keyring_tempfile-0.1.0.tar.gz.
File metadata
- Download URL: fernet_keyring_tempfile-0.1.0.tar.gz
- Upload date:
- Size: 3.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1abae8c18584ffcd09e534bbd7a3e327659d0cd65b7d8e1a3fea7eb818229a69 |
|
| MD5 | 66df38f5f97b53e4e0c97e50da718585 |
|
| BLAKE2b-256 | 5b5f44c5eb6852e307ccb6b1edd89b8fa9d3f3494ebec58019f12bb956b4a11b |
File details
Details for the file fernet_keyring_tempfile-0.1.0-py3-none-any.whl.
File metadata
- Download URL: fernet_keyring_tempfile-0.1.0-py3-none-any.whl
- Upload date:
- Size: 3.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a7f72be3998a36a1655c1099f223840808a0b26ca410832485ef48e5ff5d2c57 |
|
| MD5 | df8425ef337f93f8ac551fda32eca9c7 |
|
| BLAKE2b-256 | 23e1523005717b95ca6682925d06532f3d1328652da25726352f69fe55c9ddec |
