GPG based env file encryptor utility.
Project description
PyEnv-Encrypt
GPG based env file encryptor utility.
PyEnv-Encrypt selectively encrypts and decrypts the fields of config files keeping the keys readable. For example, consider an environment variable file .env with the following values.
SOMEVAR="hello world"
ANOTHERVAR="test"
Running pyenc .env will encrypt the text fields into:
SOMEVAR="!ENC#~ hQGMA8pKDfwTzwbdAQv/c0/3Had47hxV6zuNmkBuOjv3bSGGGWzLGHVAN7ryL3tx =Y8Nr"
ANOTHERVAR="!ENC#~ hQGMA8pKDfwTzwbdAQv+JRBiVJB3rFqjONyXbBuN6pwzfHkHR43rbSIGX0o/B0zU =ljcz"
Features
- Encryption support for the following file types.
- .env
- yaml
- json
- Recursive update of all text fields.
- Automatic decision of encryption or decryption based on file contents.
Installation
You can install pyenv-encrypt directly from PyPI using pip.
pip install pyenv-encrypt
Alternatively, clone this repo and install with pip.
git clone https://github.com/akhlakm/pyenv-encrypt.git
cd pyenv-encrypt
pip install -e .
Dependencies
The gpg utility must be installed in your system. GPG comes built-in with most versions of Linux OS. For Mac, use homebrew: brew install gpg.
See the official installation instructions for more info. Run the following command to check if GPG is installed.
gpg --version
Python dependencies:
- python-dotenv
- pyyaml
Commandline Usage
After installation, use the pyenc command to encrypt or decrypt your config/env files directly from terminal.
pyenc .env
Multiple files can also be processed.
pyenc .env vault.yaml data.json
pyenc will toggle between encryption and decryption. To force encryption or decryption specify -e or -d respectively.
pyenc -e .env vault.yaml data.json
To make sure you do not commit unencrypted files, you can setup a githook for your repository. See an example pre-commit file here.
Use As A Python Module
import os
from pyenv_enc import enc
# User ID for GPG
USERID = os.environ.get("USER")
# Check if a encryption key-pair exists for the userid,
# or, create a new one.
enc.check_gpg_pubkey(USERID)
# Encrypt a value
text = "hello world"
encrypted = enc.gpg_encrypt(USERID, text)
print(encrypted)
# Decrypt a value
decrypted = enc.gpg_decrypt(encrypted)
print(decrypted)
# Recursively encrypt the string fields of a dictionary.
# This is useful to encrypt JSON, YAML, TOML files.
mydict = {
"key1": 1234,
"key2": "hello world",
"key3": ["hello", "world"],
"key4": {"foo": "bar"}
}
encrypted_dict = enc.encrypt_data(USERID, mydict)
print(encrypted_dict)
# Decrypt the dictionary.
print(enc.decrypt_data(encrypted_dict))
About
LICENSE MIT Copyright 2023 Akhlak Mahmood
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file pyenv-encrypt-0.1.2.tar.gz.
File metadata
- Download URL: pyenv-encrypt-0.1.2.tar.gz
- Upload date:
- Size: 5.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.17
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 029b782bd789d1a9d9f39969ea15dbcd0c3a4d71db2fca5863a6f5c27c22ea87 |
|
| MD5 | 8a0a34bc5e49bd19466a84f960f66754 |
|
| BLAKE2b-256 | db09e68add6aec496613dd9d01c9ed944a5fac0e9e2377e829806118af0d5cce |
File details
Details for the file pyenv_encrypt-0.1.2-py3-none-any.whl.
File metadata
- Download URL: pyenv_encrypt-0.1.2-py3-none-any.whl
- Upload date:
- Size: 6.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.17
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a8e95b30a226a25411b476d520f2354bdb48c37471164f7c557645be98f4e615 |
|
| MD5 | e609da489c1f1a57a12c47df23cf74fc |
|
| BLAKE2b-256 | b111d9e406c981d9936dad81d995e7aacfda74eef55f694c9cff2952bd51d786 |
