Encryption tool for application configs.
Almost all applications have configuration of some kind, and often this config is sensitive - database passwords, SMTP account details, API keys etc.
These days it’s common to use public source control; which means you can no longer store your application’s sensitive config with your code.
Sesame provides a simple way to encrypt (and decrypt) your application’s config so it can be safely stored in public source control.
Sesame leans on a little known project called keyczar, which was originally built by members of the Google Security Team.
Keyczar in turn builds upon pycrypto, and aims to provide sane defaults for your crypto.
To install sesame, simply:
$ pip install sesame
The interface to Sesame is intended to be as simple as possible. There are only two commands: encrypt and decrypt and each of these has only two parameters available: config and keyfile.
When calling encrypt the keyfile parameter is optional - if you do not supply it, Sesame will prompt you to generate a new key.
$ sesame -h
usage: sesame encrypt [-h] -c CONFIG [-k KEYFILE]
-h, --help show this help message and exit
-c CONFIG, --config CONFIG
Path to your app config
-k KEYFILE, --keyfile KEYFILE
Path to keyczar encryption key
When using Flask-Script you can benefit from (almost) automatic integration:
# create your Flask app and Flask-Script manager as usual
app = Flask("test")
manager = Manager(app)
# include the sesame manager
from sesame.flask.script import manager as sesame_manager
Then sesame’s encrypt/decrypt commands are available via your manage script:
$ ./manage.py sesame
Please provide a command:
Encrypt/decrypt Flask application config
decrypt Decrypt a config file
encrypt Encrypt a config file
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.