Scan a repo for secrets and encrypt/decrypt them in-place.
Project description
superencrypt
https://pypi.org/project/superencryptx/0.1.0/
CLI to scan a repo for secrets (including env files, Dockerfiles, compose files, and YAML/TOML/JSON/INI-style configs), encrypt them in-place, and decrypt them later using a key.
Why
superencrypt helps you keep accidental secrets out of your repo history by encrypting sensitive values in-place while keeping files versionable.
Install
pip install superencryptx
No venv (recommended)
pipx install superencryptx
System install (no venv)
python3 -m pip install --user superencryptx
Quick start
# Encrypt in-place (generates a key, prints it, and writes .superencrypt.key)
superencrypt encrypt
# Decrypt in-place (use in CI/CD pipelines)
superencrypt decrypt --key-file .superencrypt.key
Usage
# Encrypt in-place (generates a key, prints it, and writes .superencrypt.key)
superencrypt encrypt
# Decrypt in-place (provide key or key file)
superencrypt decrypt --key-file .superencrypt.key
# Scan only (no changes)
superencrypt scan
# Scan a single file
superencrypt scan --file path/to/file
# Encrypt/decrypt a single file
superencrypt encrypt --file path/to/file
superencrypt decrypt --file path/to/file --key-file .superencrypt.key
Pipeline example
export SUPERENCRYPT_KEY="$(cat .superencrypt.key)"
superencrypt decrypt --key "$SUPERENCRYPT_KEY"
Notes
- Encrypted values are stored as
ENC[<token>]. - Key file
.superencrypt.keyshould be protected and not committed. - Use
scanfirst to review matches.
Development
https://pypi.org/project/superencryptx/0.1.0/
python -m venv .venv
source .venv/bin/activate
pip install -e .
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file superencryptx-0.1.1.tar.gz.
File metadata
- Download URL: superencryptx-0.1.1.tar.gz
- Upload date:
- Size: 9.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0bc46c8fdc47497d40aed27471eb204be6216ade7fe5acdd6d40e476c082ae08
|
|
| MD5 |
0d6e13ea9f964fd8c347b84741a532ef
|
|
| BLAKE2b-256 |
e89911df9edbb3a262d07a75a2ef2b281ef6afdf61ee478218550c5f207a3e20
|
File details
Details for the file superencryptx-0.1.1-py3-none-any.whl.
File metadata
- Download URL: superencryptx-0.1.1-py3-none-any.whl
- Upload date:
- Size: 10.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a7817c11062826739a7c1b7fc09535e5dedda485a914f8c251068daac90ce8bf
|
|
| MD5 |
1897ecdc99615b7cc9bba13194896a0c
|
|
| BLAKE2b-256 |
6ce44edae9af3eb75f7e2dbb542d7f885b7a1b7cac6813531e67e61dae65895c
|
