Skip to main content

An un-audited security tool to encrypt Python code.

Project description

Tool to encrypt local Python source code with AES-256, and dynamically load and run it, and bring it into the Lockdown namespace. Uses HMAC for integrity check, AES-256 in counter mode for encryption.

THIS HAS NOT BEEN AUDITED FOR SECURITY HOLES. USE AT OWN RISK. I’M NOT RESPONSIBLE FOR YOUR FAILURE TO HEED THAT WARNING.

Example usage:

#!/bin/bash
lockdown lockedfiles.vault secret/creds.py secret/my_funcs.py
# Enter and repeat password.
# Now would be a good time to delete the files you locked,
# but make sure not to lose that vault file.

In Python:

#!/usr/bin/env python
from lockdown import Lockdown
locker = Lockdown('lockedfiles.vault')
# Enter password.
locker.unlock()

# Login with encrypted credentials. Python files aren't there!
# Note: It collapsed the path.
# (so it's locker.creds, not locker.secret.creds)
some_login(locker.creds.USERNAME, locker.creds.PASSWORD)

# Call a function.
# NOTE: These can't import vaulted files within functions.
# Files are lost after unlocking!
locker.my_funcs.scoobydoo()

# To leave files out, do this instead:
locker.unlock(delete=False)

You can see the potential uses, for example locking up a file with secret keys and credentials with a master password, or disabling functionality of a script and not exposing the source unless the password is available.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

lockdown-0.4.1.tar.gz (4.8 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page