Python client API to access SecureDrop Journalist REST API
Python SDK for SecureDrop
This SDK provides a convenient Python interface to the SecureDrop Journalist Interface API. The development of the SDK was primarily motivated by the creation of the SecureDrop Workstation based on Qubes OS.
The SDK is currently used by the SecureDrop Client that is a component of the SecureDrop Workstation. When used in Qubes OS, the SDK uses the securedrop-proxy service, as the VM which runs the client does not have network access by design.
IMPORTANT: This project is still under active development. We do not recommend using it in any production context.
virtualenv --python=python3 .venv source .venv/bin/activate pip install --require-hashes -r dev-requirements.txt make test
We cover all the API calls supported by the SecureDrop Journalist Interface API.
The tests are located in the
tests directory. This project uses vcrpy to record and then reply the API calls so that
developers will have repeatable results so that they may work offline.
vcrpy stores YAML
recordings of the API calls in the
To run all the test cases, use the following command.
To run a single test, use this following command, replace the test case name at the end.
make test TESTS=tests/test_api.py::TestAPI::test_error_unencrypted_reply
To test against a live development server, you will need to run the SecureDrop
developent container from the main SecureDrop repository on your host. This
can be done via
NUM_SOURCES=5 make -C securedrop dev.
In this repo, comment out the
@vcr decorator of the
setUp method in
test_api.py and execute which ever tests you want to run. If you want to
re-run all tests against the API, remove all the
.yml files in the
Generating test data for
To test or to generate new test data file for the
APIProxy class in
test_apiproxy.py file, you will have to setup
There should be one VM (let us call it
sd-journalist), where we can run
latest securedrop server code from the development branch using
NUM_SOURCES=5 make -C securedrop dev command. The same VM should also have
securedrop-proxy project installed, either from the source by hand or using
the latest Debian package from the FPF repository.
Below is an example configuration for proxy
host: 127.0.0.1 scheme: http port: 8081 target_vm: sd-svs dev: False
Then we can create our second developent VM called
sd-svs, in which we can checkout/develop
securedrop-sdk project. The required configuration file is at
We should also add a corresponding entry in
sd-svs sd-journalist allow @anyvm @anyvm deny
The above mentioned setup can also be created using
Now, delete any related JSON file under
data/ directory, or remove all of
them, and then execute
make test TEST=tests/test_apiproxy.py. This is
command will generate the new data files, which can be used in CI or any other
Note: Remember that file download checks don't read actual file path in the
APIProxy tests as it requires QubesOS setup. You can manually uncomment those lines to execute them on QubesOS setup.
To make a release, you should:
- Create a branch named
- Commit the changes.
- Create a PR and get the PR reviewed and merged into
git tag $new_version_numberand push the new tag.
- Checkout the new tag locally.
- Push the new release source tarball to the PSF's PyPI following this documentation.
- If you want to publish the new SDK release to the FPF PyPI mirror, Hop over to the the
securedrop-debian-packagingrepo and follow the build-a-package instructions to push the package up to our PyPI mirror: https://pypi.org/simple
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
The Python SecureDrop SDK is licensed in the GPLv3. See
LICENSE for more details.
Release history Release notifications
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size||File type||Python version||Upload date||Hashes|
|Filename, size securedrop_sdk-0.0.13-py3-none-any.whl (22.1 kB)||File type Wheel||Python version py3||Upload date||Hashes View|
|Filename, size securedrop-sdk-0.0.13.tar.gz (24.1 kB)||File type Source||Python version None||Upload date||Hashes View|
Hashes for securedrop_sdk-0.0.13-py3-none-any.whl