SecondGuard API & Encryption Library
This library makes rate-limited encryption really simple!
Ask SecondGuard for a key to encrypt the secret locally, and then encrypt the secret for storage in the database of your choice:
>>> from secondguard import sg_encrypt_secret >>> >>> to_save_in_db = sg_encrypt_secret('Attack at dawn!', 'YOUR_SEED_PUB_HASH', 'YOUR API_TOKEN') >>> print(to_save_in_db) SG-AESCFB-v1$bytes$e6febe465a7e957ec221ef959cf167bb1a99f8fa7b826eefe689897ce4c6bc5f$5d99ef93c817caad405d5ae3ff076c863c33bae49d39a45fd3f2b9c1d77f5a45$Ma5T5YUKVxLHj8PLm9a0sg==$y5hrM5c4faEHlzUCRQmU
When you want to decrypt that data in the future, you’ll ask SecondGuard for the original key to decrypt:
>>> from secondguard import sg_decrypt_secret >>> >>> sg_decrypt_secret(to_save_in_db, 'YOUR_API_TOKEN') 'Attack at dawn!'
You can also decrypt locally using your private seed. To verify this is working as designed, turn off your internet connection(or audit the code path) and then run:
>>> from secondguard import sg_decrypt_from_priv_seed >>> >>> sg_decrypt_from_priv_seed(to_save_in_db, 'YOUR_PRIVATE_SEED') 'Attack at dawn!'
See test_secondguard.py for examples for all methods. Feel free to audit the code to confirm that all encryption is taking place locally and SecondGuard never sees your plaintext or ciphertext.
To get started:
$ pip install secondguard
Note that if you use an outdated version of pip you may get a scary InsecurePlatformWarning warning installing any package (including secondguard). As always, you should upgrade your pip to the latest version before installing any new software:
$ pip install --upgrade pip
Advanced users can download the source code and build from source:
$ python setup.py build $ python setup.py install
You can also use python3 (replace pip3 with pip).