In-memory credential store with yubikey auth

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for philipbergen from gravatar.com philipbergen

Unverified details

These details have not been verified by PyPI
Meta
  • License: LICENSE.txt
  • Author: philipbergen
  • Tags yubikey, auth

Project description

In-memory credential store with yubikey authorization.

Stores a set of ID and VALUE for each KEY. Usually ID is the username and VALUE is the password. Neither field may contain newlines.

Command line interface

Usage:

salvus serve [daemon] [noauth] [-p PORT] [-e EXPIRY]
salvus auth [-p PORT]
salvus get <KEY> [-a]
salvus set <KEY> <ID> [-a]
salvus list [-a]
salvus kill
salvus ping
salvus -h

Options:

-h, --help

This help

-p PORT

Port to listen to (always on localhost) [default: 59999]

-e EXPIRY

Auth expiry in seconds, if 0 then get, set and list requires -a [default: 3600]

-a

Add auth to each command, so requires yubikey OTP

Interpreting the output

All errors are printed on stderr and the exit code will be non-zero.

If exit code is zero, the output will either be blank or in the case of get two lines, first the ID and second the secret.

When yubikey OTP (one time password) is needed, the prompt is output on stderr, so it can be separated from the desired output.

Examples

Starting the server:

salvus server

Touch the yubikey and the server starts on the default port.

Setting a credential:

salvus set github philipbergen

You will be prompted on stdout to enter the secret, press enter when you are done.

Getting a credential:

salvus get github

First line in the output on stdout is the ID (username) and the second is the secret (password).

If you have set up zero expiry (auth on each request), then you need to add -a to each call to get, set or list. In the case of get, you can separate prompts from results easily, since results are the only thing on stdout:

salvus get github -a > userpass

That will output Please touch the yubikey: on stderr, and the file userpass will contain two lines, the first is the username and the second line is password.

Killing the server:

salvus kill

This obviously requires yubikey OTP.

Pinging the server:

salvus ping

Never needs yubikey OTP. The only relevant output is the exit code, zero for server running, non-zero (and a reason on stderr) for connect failed.

Obvious flaw

TODO:

If the server is killed and a logger is started in its place, there will be no way for the user to determine that. Some phrase known only to the user could be set during server start and returned for verification upon presentation of yubikey OTP.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for philipbergen from gravatar.com philipbergen

Unverified details

These details have not been verified by PyPI
Meta
  • License: LICENSE.txt
  • Author: philipbergen
  • Tags yubikey, auth

Release history Release notifications | RSS feed

0.1.14

0.1.13

0.1.12

0.1.11

0.1.10

This version

0.1.9

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

salvus-0.1.9.tar.gz (5.2 kB view details)

Uploaded Source

File details

Details for the file salvus-0.1.9.tar.gz.

File metadata

  • Download URL: salvus-0.1.9.tar.gz
  • Upload date:
  • Size: 5.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for salvus-0.1.9.tar.gz
Algorithm Hash digest
SHA256 58ee52116e490f08c8ce9f0c2b4e366c513b524e349b905a2db2ff2bc13d5003
MD5 d0f061b5276f8a25663531330f710bbb
BLAKE2b-256 5df0507b531336675d09c49a7c330c8820fe72cec5c4de60956acd1e24788afd

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page