Encryption tool for application configs.
Almost all applications have configuration of some kind, and often this config is sensitive - database passwords, SMTP account details, API keys etc.
These days it’s common to use public source control; which means you can no longer store your application’s sensitive config with your code.
Sesame provides a simple way to encrypt (and decrypt) your application’s config so it can be safely stored in public source control.
Sesame leans on a little known project called keyczar, which was originally built by members of the Google Security Team.
Keyczar in turn builds upon pycrypto which aims to provide sane defaults for your Python crypto.
To install sesame, simply:
$ pip install --pre sesame
Since pip version 1.4 the --pre parameter is necessary since keyczar is still an alpha release. People using earlier versions of pip can omit the --pre.
The interface to Sesame intentionally resembles that of tar. There are only two sub-commands: encrypt and decrypt as described below:
usage: sesame encrypt [-h] [-k KEYFILE] [-f] outputfile inputfile [inputfile ...] positional arguments: outputfile Encrypted file to be created inputfile Files to be encrypted optional arguments: -h, --help show this help message and exit -k KEYFILE, --keyfile KEYFILE Path to keyczar encryption key -f, --force Force overwrite of existing encrypted file
usage: sesame decrypt [-h] [-k KEYFILE] [-f] [-O OUTPUT_DIR] [-T] inputfile positional arguments: inputfile File to be decrypted optional arguments: -h, --help show this help message and exit -k KEYFILE, --keyfile KEYFILE Path to keyczar encryption key -f, --force Force overwrite of existing decrypted file -O OUTPUT_DIR, --output-dir OUTPUT_DIR Extract files into a specific directory -T, --try-all Search for keys from current directory and try all of them