Simple encrypted secrets for Python
Project description
secrets-vault
Simple encrypted secrets for Python.
Inspired by Rails encrypted secrets, but for Python. It can be used as a standalone CLI tool or as a library.
The vault is JSON encoded and encrypted using symmetric encryption.
Quick start
- Install
pip install secrets-vault
. - Run
secrets-vault init
. - Two files will be created:
master.key
andsecrets.json.enc
. - You can now edit your secrets by running
secrets-vault edit
, or list them viasecrets-vault get
.
Important: Keep the master.key
safe. Do NOT commit it to VCS. The secrets.json.enc
file is safe to commit.
Reading secrets via CLI
List all secrets:
$ secrets-vault get
> my-user: foo
> my-password: supersecret
Get one secret:
$ secrets-vault get my-password
> supersecret
Reading secrets from code
from secrets_vault import SecretsVault
vault = SecretsVault()
password = vault.get('my-password')
Editing secrets
Interactive editor
To edit secrets, run secrets-vault edit
, the file will be decrypted and your editor will open.
$ secrets-vault edit
>>> Opening secrets file in editor...
{
"foo": "bar"
}
Any saved changes will be encrypted and saved to the file on disk when you close the editor.
CLI command
You can also set secrets from the CLI with a key and value:
$ secrets-vault set foo bar
In code
You can also edit secrets from code:
from secrets_vault import SecretsVault
vault = SecretsVault()
vault.set('foo', 'bar')
vault.persist()
Deleting secrets
You can delete secrets from the CLI with a key:
$ secrets-vault del foo
Or via the application code like this:
from secrets_vault import SecretsVault
vault = SecretsVault()
vault.delete('foo')
vault.persist()
Providing the master.key file
File on disk
By default, the vault will look for the master key in a file located at ./master.key
.
Environment variable
You can also provide it via an environment variable MASTER_KEY
. For example:
MASTER_KEY=my-super-secret-master-key secrets-vault edit
In application code
You can load the master_key from anywhere else and provide it when initializing the class:
from secrets_vault import SecretsVault
# Load from somewhere else
master_key = 'my-super-secret-master-key'
vault = SecretsVault(master_key=master_key)
Configuring the default filepaths
You can also configure the filepaths at which your secrets.json.enc
and master.key
files are located.
from secrets_vault import SecretsVault
vault = SecretsVault(master_key_filepath=..., secrets_filepath=...)
Changelog
0.1.4
- Add del command
0.1.3
- Add set command
0.1.2
- Initial release
Security Disclosure
If you discover any issue regarding security, please disclose the information responsibly by sending an email to dyer.linseed0@icloud.com. Do NOT create a Issue on the GitHub repo.
Contributing
Please check for any existing issues before openning a new Issue. If you'd like to work on something, please open a new Issue describing what you'd like to do before submitting a Pull Request.
License
See LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for secrets_vault-0.1.4-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 7065e161aa1d888321c3a051a829fbb21088287973ed4a7b38eaaaacd0b7926b |
|
MD5 | 0d15deecf21f4cafe50d57655802e820 |
|
BLAKE2b-256 | 4c955d35b50480c05580c58e9ae1f5578bbc93bca53c228d156876d748a61cdc |