Python library for encrypting and decrypting hiera-eyaml YAML files

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for bernardovale from gravatar.com bernardovale

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Bernardo Vale
  • Tags hiera , eyaml , puppet , encryption , pkcs7 , yaml
  • Requires: Python >=3.12
Classifiers
Report project as malware

Project description

hiera-eyaml

Python library for encrypting and decrypting hiera-eyaml values. Cross-compatible with the Ruby gem — files encrypted by Ruby can be decrypted by Python and vice versa.

Installation

pip install hiera-eyaml
# or
uv add hiera-eyaml

Usage

import hiera_eyaml

# Load keys from files
public_key = hiera_eyaml.load_key(path="keys/public_key.pkcs7.pem")
private_key = hiera_eyaml.load_key(path="keys/private_key.pkcs7.pem")

# Encrypt a value
encrypted = hiera_eyaml.encrypt_value("my secret", public_key_pem=public_key)
# => "ENC[PKCS7,MIIBiQYJKoZI...]"

# Decrypt a value
plain = hiera_eyaml.decrypt_value(encrypted, private_key_pem=private_key, public_key_pem=public_key)
# => "my secret"

# Decrypt all ENC[...] markers in a file
plain_yaml = hiera_eyaml.decrypt_file(
    "secrets.eyaml",
    private_key_pem=private_key,
    public_key_pem=public_key,
)

# Decrypt with DEC::PKCS7[...]! markers (eyaml format)
eyaml_output = hiera_eyaml.decrypt_text(
    yaml_text,
    private_key_pem=private_key,
    public_key_pem=public_key,
    eyaml=True,
)

Key loading

Keys can be loaded from files, environment variables, or base64-encoded environment variables:

# From file
key = hiera_eyaml.load_key(path="/path/to/key.pem")

# From environment variable (PEM string)
key = hiera_eyaml.load_key(env_var="EYAML_PUBLIC_KEY")

# From base64-encoded environment variable
key = hiera_eyaml.load_key(b64_env_var="EYAML_PUBLIC_KEY_B64")

Priority: env_var > b64_env_var > path.

Key generation

This library does not generate keys. Use OpenSSL:

openssl req -x509 -nodes -newkey rsa:2048 \
  -keyout private_key.pkcs7.pem \
  -out public_key.pkcs7.pem \
  -batch

Or the Ruby gem: eyaml createkeys.

What this library does NOT support

  • CLI — use the Ruby gem for command-line usage
  • Plugin system — only PKCS7 encryption
  • Re-encryption / edit mode — no DEC → ENC conversion
  • Hiera backend — no Puppet integration
  • Config file loading — all configuration via function parameters

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for bernardovale from gravatar.com bernardovale

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Bernardo Vale
  • Tags hiera , eyaml , puppet , encryption , pkcs7 , yaml
  • Requires: Python >=3.12
Classifiers

Release history Release notifications | RSS feed

This version

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

hiera_eyaml-0.1.1.tar.gz (5.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

hiera_eyaml-0.1.1-py3-none-any.whl (7.2 kB view details)

Uploaded Python 3

File details

Details for the file hiera_eyaml-0.1.1.tar.gz.

File metadata

  • Download URL: hiera_eyaml-0.1.1.tar.gz
  • Upload date:
  • Size: 5.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for hiera_eyaml-0.1.1.tar.gz
Algorithm Hash digest
SHA256 7c4a6c82ba1a4fb323d58ef0ecf3f761078215b4ca8981e0a4d629ccaeb79733
MD5 622010551897a3faa6dbe67d6d437392
BLAKE2b-256 ba80d709982ba5b910ccf79e3fa57e65f4b02ecda5721cfae2f5206ba3f2c30d

See more details on using hashes here.

Provenance

The following attestation bundles were made for hiera_eyaml-0.1.1.tar.gz:

Publisher: publish.yml on bernardoVale/hiera-eyaml

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file hiera_eyaml-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: hiera_eyaml-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 7.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for hiera_eyaml-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 25f489de3df1fd84a33da00c47664ed86efe6b3a0da0828dd6eb5a33da7bd8e0
MD5 2a01e985b972ba630302e8b954a601c7
BLAKE2b-256 9b32fc40476b2699de00b3c53a876a5d6380f225526e91b2c6e5babdc948541d

See more details on using hashes here.

Provenance

The following attestation bundles were made for hiera_eyaml-0.1.1-py3-none-any.whl:

Publisher: publish.yml on bernardoVale/hiera-eyaml

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page