Python library for encrypting and decrypting hiera-eyaml YAML files

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for bernardovale from gravatar.com bernardovale

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Bernardo Vale
  • Tags hiera , eyaml , puppet , encryption , pkcs7 , yaml
  • Requires: Python >=3.13
Classifiers
Report project as malware

Project description

hiera-eyaml

Python library for encrypting and decrypting hiera-eyaml values. Cross-compatible with the Ruby gem — files encrypted by Ruby can be decrypted by Python and vice versa.

Installation

pip install hiera-eyaml
# or
uv add hiera-eyaml

Usage

import hiera_eyaml

# Load keys from files
public_key = hiera_eyaml.load_key(path="keys/public_key.pkcs7.pem")
private_key = hiera_eyaml.load_key(path="keys/private_key.pkcs7.pem")

# Encrypt a value
encrypted = hiera_eyaml.encrypt_value("my secret", public_key_pem=public_key)
# => "ENC[PKCS7,MIIBiQYJKoZI...]"

# Decrypt a value
plain = hiera_eyaml.decrypt_value(encrypted, private_key_pem=private_key, public_key_pem=public_key)
# => "my secret"

# Decrypt all ENC[...] markers in a file
plain_yaml = hiera_eyaml.decrypt_file(
    "secrets.eyaml",
    private_key_pem=private_key,
    public_key_pem=public_key,
)

# Decrypt with DEC::PKCS7[...]! markers (eyaml format)
eyaml_output = hiera_eyaml.decrypt_text(
    yaml_text,
    private_key_pem=private_key,
    public_key_pem=public_key,
    eyaml=True,
)

Key loading

Keys can be loaded from files, environment variables, or base64-encoded environment variables:

# From file
key = hiera_eyaml.load_key(path="/path/to/key.pem")

# From environment variable (PEM string)
key = hiera_eyaml.load_key(env_var="EYAML_PUBLIC_KEY")

# From base64-encoded environment variable
key = hiera_eyaml.load_key(b64_env_var="EYAML_PUBLIC_KEY_B64")

Priority: env_var > b64_env_var > path.

Key generation

This library does not generate keys. Use OpenSSL:

openssl req -x509 -nodes -newkey rsa:2048 \
  -keyout private_key.pkcs7.pem \
  -out public_key.pkcs7.pem \
  -batch

Or the Ruby gem: eyaml createkeys.

What this library does NOT support

  • CLI — use the Ruby gem for command-line usage
  • Plugin system — only PKCS7 encryption
  • Re-encryption / edit mode — no DEC → ENC conversion
  • Hiera backend — no Puppet integration
  • Config file loading — all configuration via function parameters

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for bernardovale from gravatar.com bernardovale

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Bernardo Vale
  • Tags hiera , eyaml , puppet , encryption , pkcs7 , yaml
  • Requires: Python >=3.13
Classifiers

Release history Release notifications | RSS feed

0.1.1

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

hiera_eyaml-0.1.0.tar.gz (5.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

hiera_eyaml-0.1.0-py3-none-any.whl (7.2 kB view details)

Uploaded Python 3

File details

Details for the file hiera_eyaml-0.1.0.tar.gz.

File metadata

  • Download URL: hiera_eyaml-0.1.0.tar.gz
  • Upload date:
  • Size: 5.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for hiera_eyaml-0.1.0.tar.gz
Algorithm Hash digest
SHA256 5128ef5fde5287e5e65213dfc7c83e20140acc58c062d49374639db4464fbcac
MD5 a481ef73ae0c0fc7a6adcfdb3377b27e
BLAKE2b-256 d83eb22f021935641d9ba235a03b584cb3367a4f7e88819326cdeb3862ee5986

See more details on using hashes here.

Provenance

The following attestation bundles were made for hiera_eyaml-0.1.0.tar.gz:

Publisher: publish.yml on bernardoVale/hiera-eyaml

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file hiera_eyaml-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: hiera_eyaml-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 7.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for hiera_eyaml-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 260aa77a67384edaddfbbbe6c7508536f25225b3186779bac3d784e921b1580f
MD5 a726d19d6d062fa048d3e2370329987a
BLAKE2b-256 fcbf94c6409206eab38a68a732c2e01cf6cec994c8b2c07226c9fa54658a5c8f

See more details on using hashes here.

Provenance

The following attestation bundles were made for hiera_eyaml-0.1.0-py3-none-any.whl:

Publisher: publish.yml on bernardoVale/hiera-eyaml

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page