utility tool that load secret information safely.
Project description
Welcome to pysecret Documentation
pysecret is a library to ease your life dealing with secret information.
For example, if you have a database connection information, so you can’t include it in your source code, but you want to easily and securely access it, then pysecret is the library for you. It provides several options out of the box:
Features:
access secret in environment variable from commandline, shell scripts, or Python.
access secret in json file from Python.
use AWS Key Management Service or AWS Secret Manager to access your secret info.
For large file or binary data encryption, I highly recommend you to use AWS Key Management Service and AWS Secret Manager to fetch your encryption key, then use windtalker library to encrypt it.
Load Data From Environment
The idea is: put your secret information in ~/.bashrc_pysecret file.
# content of ~/.bashrc_pysecret file
export DB_SECRET_MY_DB_PASSWORD="mypassword"
...And put source ~/.bashrc_pysecret into your ~/.bashrc / ~/.bash_profile / .zshrc …
Whenever you need your secret info:
Your interactive command line interface gives you easy access to those secrets.
You can put source ~/.bashrc_pysecret in your CI / CD scripts.
pysecret allows you to load secret value in python code. By doing this:
>>> from pysecret import EnvSecret
>>> env = EnvSecret()
>>> env.load_pysecret_script()
>>> env.get("DB_SECRET_MY_DB_PASSWORD")
mypasswordYou can write your secret to ~/.bashrc_pysecret file in a pythonic way:
from pysecret import EnvSecret
env = EnvSecret()
# will create ~/.bashrc_pysecret file if not exists
# will update ~/.bashrc_pysecret file too
# if you don't want to update ~/.bashrc_pysecret file, just set .set(..., temp=True)
env.set("DB_SECRET_MYDB_HOST", "123.456.789.000")
env.set("DB_SECRET_MYDB_USERNAME", "username")
env.set("DB_SECRET_MYDB_PASSWORD", "password")Load Data From Json File
The idea is, put your secret info in a json file and load info from it. You can create it manually by your own, or do it in pythonic way:
from pysecret import JsonSecret, get_home_path
SECRET_FILE = get_home_path(".pysecret.json")
js = JsonSecret.new(secret_file=SECRET_FILE)
# construct / update secret json file
js.set("mydb.host": "123.456.789.000")
js.set("mydb.username": "username")
js.set("mydb.password": "password")or you can just create $HOME/.pysecret.json includes:
{
"mydb": {
"host": "123.456.789.000",
"username": "username",
"password": "password
}
}Load secret safely:
host = js.get("mydb.host")
username = js.get("mydb.username")
password = js.get("mydb.password")AWS Key Management Service and Secret Manager Integration
Encrypt your secret and Read secret value using AWS Secret Manager with ``pysecret`` is super easy.
First, let’s create a aws secret:
from pysecret import AWSSecret
aws_profile = "my_aws_profile"
aws = AWSSecret(profile_name=aws_profile)
secret_id = "my-example-secret"
secret_data = dict(
host="www.example.com",
port=1234,
database="mydatabase",
username="admin",
password="mypassword",
metadata=dict(
creator="Alice",
)
)
aws.deploy_secret(name=secret_id, secret_data=secret_data)Now open your AWS Console https://console.aws.amazon.com/secretsmanager/home?region=us-east-1#/secret?name=my-example-secret (Replace us-east-1 to your region), you should be able to see the new AWS Secret has been created.
Now let’s retrive the secret value
>>> aws.get_secret_value(secret_id="my-example-secret", key="password")
mypassword
>>> aws.get_secret_value(secret_id="my-example-secret", key="metadata.creator")
AliceUse KMS Key to encrypt and decrypt text is easy
>>> from pysecret import AWSSecret
>>> aws_profile = "my_aws_profile"
>>> kms_key_id = "abcd1234-ab12-ab12-ab12-abcd1234abcd"
>>> aws = AWSSecret(profile_name=aws_profile)
>>> secret = "Hello World"
>>> encrypted_text = aws.kms_encrypt(kms_key_id, secret)
>>> decrypted_text = aws.kms_decrypt(encrypted_text)
>>> assert secret != encrypted_text
True
>>> assert secret == decrypted_text
TrueInstall
pysecret is released on PyPI, so all you need is:
$ pip install pysecretTo upgrade to latest version:
$ pip install --upgrade pysecretRelease history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pysecret-0.0.4.tar.gz.
File metadata
- Download URL: pysecret-0.0.4.tar.gz
- Upload date:
- Size: 31.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/41.0.0 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/2.7.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2de76d8a934a18ccb1edf9acfa6705cf773bd132c1a77c8d217d110ed8de12bf
|
|
| MD5 |
45005c37f00f71e9cd5279e2eb8ac5e1
|
|
| BLAKE2b-256 |
e55e7a3c5dad4f68e4d76f11707a95f8d87248061e01f1c100dcbfd28cf28185
|
File details
Details for the file pysecret-0.0.4-py2.py3-none-any.whl.
File metadata
- Download URL: pysecret-0.0.4-py2.py3-none-any.whl
- Upload date:
- Size: 54.7 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/41.0.0 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/2.7.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9e52e2e5ee8ead27e732a5f9d8d5cdb8be6acdc3bebacd23432a6eeff7e2bc14
|
|
| MD5 |
2dabdb17effd7eef64dde0b12a21695c
|
|
| BLAKE2b-256 |
032bbc2f0b418bd781d8bccbd10989834dad601461e12f726442fbf8ff7f66db
|
