Simple encrypted secrets for Python
Project description
secrets-vault
Simple encrypted secrets for Python.
Inspired by Rails encrypted secrets, but for Python. It can be used as a standalone CLI tool or as a library.
The vault is JSON encoded and encrypted using symmetric encryption.
Quick start
- Install
pip install secrets-vault. - Run
secrets-vault init. - Two files will be created:
master.keyandsecrets.json.enc. - You can now edit your secrets by running
secrets-vault edit, or list them viasecrets-vault get.
Important: Keep the master.key safe. Do NOT commit it to VCS. The secrets.json.enc file is safe to commit.
Reading secrets via CLI
List all secrets:
$ secrets-vault get
> my-user: foo
> my-password: supersecret
Get one secret:
$ secrets-vault get my-password
> supersecret
Reading secrets from code
from secrets_vault import SecretsVault
vault = SecretsVault()
password = vault.get('my-password')
Editing secrets
To edit secrets, run secrets-vault edit, the file will be decrypted and your editor will open.
Any saved changes will be encrypted and saved to the file on disk when you close the editor.
Providing the master.key file
File on disk
By default, the vault will look for the master key in a file located at ./master.key.
Environment variable
You can also provide it via an environment variable MASTER_KEY. For example:
MASTER_KEY=my-super-secret-master-key secrets-vault edit
In application code
You can load the master_key from anywhere else and provide it when initializing the class:
from secrets_vault import SecretsVault
# Load from somewhere else
master_key = 'my-super-secret-master-key'
vault = SecretsVault(master_key=master_key)
Configuring the default filepaths
You can also configure the filepaths at which your secrets.json.enc and master.key files are located.
from secrets_vault import SecretsVault
vault = SecretsVault(master_key_filepath=..., secrets_filepath=...)
Changelog
0.1.0
- Initial release
Security Disclosure
If you discover any issue regarding security, please disclose the information responsibly by sending an email to dyer.linseed0@icloud.com. Do NOT create a Issue on the GitHub repo.
Contributing
Please check for any existing issues before openning a new Issue. If you'd like to work on something, please open a new Issue describing what you'd like to do before submitting a Pull Request.
License
See LICENSE.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file secrets-vault-0.1.0.tar.gz.
File metadata
- Download URL: secrets-vault-0.1.0.tar.gz
- Upload date:
- Size: 6.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8037f173736dc1661f89ee5cdf353fd430a3fc600c6b858012c6f485ecadc159 |
|
| MD5 | 4a4d3b7cb402963949e93a855b6b93e4 |
|
| BLAKE2b-256 | 99a5550bb31fa47cd9503b3a7961eee2f20fabdf7e83d9f978af94c07896d649 |
File details
Details for the file secrets_vault-0.1.0-py3-none-any.whl.
File metadata
- Download URL: secrets_vault-0.1.0-py3-none-any.whl
- Upload date:
- Size: 6.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3bbd08608eb1b46f5399ef4bf92395a1ddb3aa22812d7d21010d2d6267a0d411 |
|
| MD5 | db6396b613832f7f7695c2d1695c74af |
|
| BLAKE2b-256 | d19fa632d663f762871d88308f323ef0af13c1b470600f1b34c7bd6251fc45ea |
