Skip to main content

Yet another secrets management toolkit

Project description

Hoba

PyPI version Build Status Made With License: MIT

Yet another secrets management toolkit based on passwordstore

hoba

Requirements

  • git
  • gnupg
  • pass
  • python 3.6+
  • pip 19.0.1+

Installation

$ pip install git+https://github.com/m-kus/hoba

Usage

All hoba commands work only if there is a hoba.yml file inside the current directory. File format will be described below.

Storing and sharing secrets

Pass is a great alternative to Hashicorp Vault and other enterprise secret storages, cause it's simple, safe, and portable. In my team we came to a pretty convenient scheme without loosing in security.

  1. All passwords encryption key, api keys, certificates, etc. are kept in a pass repo, which is gpg-encrypted and stored in git;
  2. Pass allows to implement simple access control policy for each tree node with inheritance;
  3. Each developer has to generate gpg key and add pubkey to the pass repo (keys are stored in .gpg-keys file);
  4. All developers have to import all keys from the repo and set maximum trust level;

You can do this manually, but there is a command which does pretty much the same:

$ hoba sync

Hoba can also spawn a shell with overrided PASSWORD_STORE_DIR environment variable:

$ hoba shell
$ pass

Deploying secrets

By default hoba looks for a default section inside the configuration file.

$ hoba gen

You can also specify target env:

$ hoba gen dev

Sample hoba configuration file:

password-store:
  repo_url: http://github.com/example.git
  repo_dir: ./.password-store
  
environments:
  dev:
    default:
  prod:
  
targets:
  - type: env_file
    output: ./.secrets/{ENV}.env
    variables:
      - DB_PASSWORD={ENV}/postgresql/password
    except:
      - dev

  - type: dir
    output: ./.secrets
    files:
      - ssl/example.com/cert_key:ssl/cert_key
      - ssl/example.com/dh_params:ssl/dh_params
    only:
      - prod

  - type: keyring
    output: ./.secrets/keyring_pass.cfg
    entries:
      - app@telegram:{ENV}/telegram/bot_api_key

Docker compose integration example:

version: "3.1"
services:
  nginx:
    environment:
      env_file:
      - ./.secrets/dev.env
    secrets:
      - cert_key
      - dh_params
      - source: keyring
        target: /root/.local/share/python_keyring/keyring_pass.cfg
    
secrets:
  cert_key:
    file: ./.secrets/ssl/cert_key
  dh_params:
    file: ./.secrets/ssl/dh_params
  keyring:
    file: ./.secrets/keyring_pass.cfg

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

hoba-0.1.2.tar.gz (6.2 kB view details)

Uploaded Source

Built Distribution

hoba-0.1.2-py3-none-any.whl (6.8 kB view details)

Uploaded Python 3

File details

Details for the file hoba-0.1.2.tar.gz.

File metadata

  • Download URL: hoba-0.1.2.tar.gz
  • Upload date:
  • Size: 6.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/0.12.17 CPython/3.7.0 Linux/4.15.0-54-generic

File hashes

Hashes for hoba-0.1.2.tar.gz
Algorithm Hash digest
SHA256 c5a192ba0ff0c040c56228c09738280dc8c3b28c06ab774ad5ccdb7308958eb6
MD5 7efd1a8a9353bb5cddfd34f43bd6ac50
BLAKE2b-256 f16137822bfc29f96e31ae71d1b750db2c950923616e25ce19c315d46a5336da

See more details on using hashes here.

File details

Details for the file hoba-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: hoba-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 6.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/0.12.17 CPython/3.7.0 Linux/4.15.0-54-generic

File hashes

Hashes for hoba-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 a72ed926c4d3c0dec28c938ff0dd246686eaf5a02e2fc4e9874590ec2e6b834c
MD5 0fd83b49d2e370b0c4409dc8f886965d
BLAKE2b-256 620eaaa237898e8baef27b4368c2747d5814a0f798901f8d290558f8325f39a8

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page