Project description

`secret`

A Rune-style type for sensitive values in Python

secret-type provides a convenient type (secret) to indicate that a value is considered sensitive, similar to the secret type in Google's Rune Lang.

Installation

pip install secret-type

Usage

>>> from secret_type import secret
>>> password = secret("a very secret value") # Secrets can be any primitive value

>>> print(password) # Runtime exceptions prevent logging
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "secret_type/containers/secret.py", line 91, in __str__
    raise SecretException()
secret_type.exceptions.SecretException: Secrets cannot be examined

>>> better_password = password + "!" # Operations derive new secrets
>>> >>> type(better_password)
<class 'secret_type.sequence.SecretStr'>

>>> better_password.dangerous_apply(print)
a very secret value!

Features

When marked as secret, values cannot be printed or logged; attempting to do so will raise an exception.
Secrets are "viral"; any operation on a secret will also return a secret.
Comparison operations with a secret are guaranteed to be constant-time.This helps avoid timing attacks.
A bool derived from a secret cannot be used for control flow.
Secrets cannot be used as indexes or keys for containers.
Internally, the underlying value is stored encrypted in memory, and is only decrypted when deriving a new value.
As soon as secrets are out of scope, the Garbage Collector is encouraged to immediately collect them.

Docs

For complete docs, see the Quickstart.

Comparison to Rune

Rune makes the following guarantees about a secret:

All operations on secrets occur in constant time, minimizing timing side-channel leakage.

Secrets cannot be used in conditional branches or memory addressing.

Even speculative branching and indexing on secrets are caught at compile-time to avoid Specter/Meltdown.

Secrecy is sticky: any value in part derived from a secret is considered secret until "revealed".

Secrets are automatically zeroed when no longer used

This projects attempts to do something similar, but with the runtime constraints of Python.

License

secret-type is distributed under the terms of the MIT license.

Project details

These details have not been verified by PyPI

Project links

Release history Release notifications | RSS feed

This version

0.3.0

Nov 29, 2022

0.2.0

Nov 29, 2022

0.1.0

Nov 28, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

secret_type-0.3.0.tar.gz (15.4 kB view details)

Uploaded Nov 29, 2022 Source

Built Distribution

secret_type-0.3.0-py3-none-any.whl (14.3 kB view details)

Uploaded Nov 29, 2022 Python 3

File details

Details for the file secret_type-0.3.0.tar.gz.

File metadata

Download URL: secret_type-0.3.0.tar.gz
Upload date: Nov 29, 2022
Size: 15.4 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: python-httpx/0.23.1

File hashes

Hashes for secret_type-0.3.0.tar.gz
Algorithm	Hash digest
SHA256	`1cda5a9d6b47eb963a9a70431165759cbb90d4260b13a0649d6fdffc74c2f7ff`
MD5	`ea19037eaf38f98ea62ba6eebf877ffe`
BLAKE2b-256	`10f3460f413c1a711282ea751490126cfee13bd1be3ab482557365c85370ada4`

See more details on using hashes here.

File details

Details for the file secret_type-0.3.0-py3-none-any.whl.

File metadata

Download URL: secret_type-0.3.0-py3-none-any.whl
Upload date: Nov 29, 2022
Size: 14.3 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: python-httpx/0.23.1

File hashes

Hashes for secret_type-0.3.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`44aa14b99fd274b7f58d3a3ea7ec42f96833f2e190464e85c2c903805b4f471c`
MD5	`6d16b02d0ccd01b43f5ab33fb2c1cb52`
BLAKE2b-256	`15b5e9c55a2ec41644bbc1b386e535a7c2dc56fd82015df68f2d1e9c76601419`