Encryption tool for application configs.
Almost all applications have configuration of some kind, and often this config is sensitive - database passwords, SMTP account details, API keys etc.
These days it’s common to use public source control; which means you can no longer store your application’s sensitive config with your code.
Sesame provides a simple way to encrypt (and decrypt) your application’s config so it can be safely stored in public source control.
Sesame leans on a little known project called keyczar, which was originally built by members of the Google Security Team.
Keyczar in turn builds upon pycrypto, and aims to provide sane defaults for your crypto.
To install sesame, simply:
$ pip install sesame
The interface to Sesame is intended to be as simple as possible. There are only two commands: encrypt and decrypt and each of these has only two parameters available: config and keyfile.
When calling encrypt the keyfile parameter is optional - if you do not supply it, Sesame will prompt you to generate a new key.
$ sesame -h usage: sesame encrypt [-h] -c CONFIG [-k KEYFILE] optional arguments: -h, --help show this help message and exit -c CONFIG, --config CONFIG Path to your app config -k KEYFILE, --keyfile KEYFILE Path to keyczar encryption key
When using Flask-Script you can benefit from (almost) automatic integration:
# create your Flask app and Flask-Script manager as usual app = Flask("test") manager = Manager(app) # include the sesame manager from sesame.flask.script import manager as sesame_manager manager.add_command("sesame", sesame_manager)
Then sesame’s encrypt/decrypt commands are available via your manage script:
$ ./manage.py sesame Please provide a command: Encrypt/decrypt Flask application config decrypt Decrypt a config file encrypt Encrypt a config file
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.