A simple utility for using GCP Cloud KMS to encrypt and decrypt secrets and storing them in GCS.

These details have not been verified by PyPI

Project links

Homepage

Development Status
- 3 - Alpha
Environment
- Console
Intended Audience
- Developers
License
- OSI Approved :: Apache Software License
Programming Language
- Python :: 3 :: Only
Topic
- Security

Project description

gkms

gkms is a simple utility for using GCP Cloud KMS to encrypt and decrypt secrets and storing them in GCS.

Installation

pip install gkms

Setup

Please see https://googleapis.github.io/google-cloud-python/latest/core/auth.html for authentication with Google Cloud SDK.

Usage

CLI

gkms encrypt \
    --project my-project \
    --location global \
    --ring my-key-ring \
    --key my-crypto-key \
    --bucket my-bucket \
    --target my-target.txt \
    --secret my-secret.txt

gkms decrypt \
    --project my-project \
    --bucket my-bucket \
    --target my-target.txt

gkms reencrypt \
    --project my-project \
    --bucket my-bucket \
    --target my-target.txt

Python

import gkms

gkms.encrypt(
    project='my-project',
    location='global',
    keyring='my-key-ring',
    cryptokey='my-crypto-key',
    bucket='my-bucket',
    target='my-secret.txt',
    secret_name='my-secret.txt',
)

decrypted = gkms.decrypt(
    project='my-project',
    bucket='my-bucket',
    target='my-secret.txt',
)

gkms.reencrypt(
    project='my-project',
    bucket='my-bucket',
    target='my-secret.txt',
)

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Getting Started

Set up your virual environment however you like.

pip install -e .[dev]

You're ready to start developing!

Running Tests

pytest

Disclaimer

gkms merely allows you to keep your secrets in GCS buckets allowing you to specify permissions via IAM roles. This does not replace projects like HashiCorp Vault! Attackers who gain access to your service accounts will have access to the secrets.

Project details

These details have not been verified by PyPI

Project links

Homepage

Development Status
- 3 - Alpha
Environment
- Console
Intended Audience
- Developers
License
- OSI Approved :: Apache Software License
Programming Language
- Python :: 3 :: Only
Topic
- Security

Release history Release notifications | RSS feed

This version

0.0.1

Jul 30, 2019

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

gkms-0.0.1.tar.gz (4.4 kB view details)

Uploaded Jul 30, 2019 Source

Built Distribution

gkms-0.0.1-py3-none-any.whl (10.0 kB view details)

Uploaded Jul 30, 2019 Python 3

File details

Details for the file gkms-0.0.1.tar.gz.

File metadata

Download URL: gkms-0.0.1.tar.gz
Upload date: Jul 30, 2019
Size: 4.4 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.0.1 requests-toolbelt/0.9.1 tqdm/4.32.2 CPython/3.7.3

File hashes

Hashes for gkms-0.0.1.tar.gz
Algorithm	Hash digest
SHA256	`a2ba2f2b3feb0bd41fd0515f18253ef6596fcb3a45552549dfa7a1e8079e2077`
MD5	`db3d4af7933e709a6d5be6a84475a21d`
BLAKE2b-256	`6d77d822b67016551aa5d928531ac452cfce2f1dd6a5b2360929cb1ae75692c7`

See more details on using hashes here.

File details

Details for the file gkms-0.0.1-py3-none-any.whl.

File metadata

Download URL: gkms-0.0.1-py3-none-any.whl
Upload date: Jul 30, 2019
Size: 10.0 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.0.1 requests-toolbelt/0.9.1 tqdm/4.32.2 CPython/3.7.3

File hashes

Hashes for gkms-0.0.1-py3-none-any.whl
Algorithm	Hash digest
SHA256	`55f76ae51f74eed566dd29bf1439d09e30b956d88d595b387e47a37d80393682`
MD5	`320117b84b36cd9d8df13e21c297a940`
BLAKE2b-256	`197c34c7a9b509621da628ce46d00fcdcd8e197085690fda3cad22b2c66ea366`