Secure key and secret management for SyftBox using 1Password integration
Project description
SyftWallet ๐
Unified secure management for both single secrets (API keys) and credentials (username + password) using 1Password integration
SyftWallet intelligently handles both types of secrets that exist in 1Password:
- ๐ Single Values: API keys, tokens, passwords (PASSWORD items)
- ๐ค Credentials: Username + password combinations (LOGIN items)
Features
๐ Security First
- ๐ก๏ธ Approval Required for All Access - No silent secret retrieval
- ๐ฅ๏ธ Native System Dialogs - Works in background tasks and all environments
- ๐ Multi-Platform Support - macOS, Windows, and Linux native dialogs
- โฐ Timeout Protection - Auto-deny after 5 minutes
- ๐ Full Context Display - App name, reason, and security warnings
- ๐ซ Zero Trust Model - Every access requires explicit user approval
- ๐ง Background Task Compatible - Unlike Jupyter widgets, works everywhere
๐พ Storage & Management
- ๐ Secure 1Password Integration - Primary storage using 1Password CLI
- ๐ Multiple Fallbacks - System keyring and environment variables
- โก Intelligent Caching - Configurable TTL for performance
- ๐ท๏ธ Tagging System - Organize secrets with tags
- ๐ Dynamic Vault Discovery - Automatically finds and searches all vaults
- ๐ง Smart Type Detection - LOGIN vs PASSWORD items handled intelligently
- ๐ค Credential Management - Full support for username + password combinations
๐จ User Experience
- โจ Beautiful Jupyter Display - Rich HTML rendering for notebooks
- ๐ฏ Interactive Search Widget - Search, select, and copy keys with one click
- ๐ฅ๏ธ CLI Interface - Command-line tool for easy management
- ๐ Status Monitoring - Check availability of all backends
Quick Start
Installation
pip install syft-wallet
Python API
import syft_wallet as wallet
# Store single secrets (API keys, tokens) - NO APPROVAL NEEDED
wallet.store("api_key", "secret123", tags=["api"])
# Store credentials (username + password) - NO APPROVAL NEEDED
wallet.store_credentials("github", "username", "password", tags=["git"])
# ๐ SECURE RETRIEVAL - REQUIRES USER APPROVAL WITH CONTEXT
api_key = wallet.get(
name="api_key",
app_name="my_application",
reason="Access API key for making authenticated requests"
)
github = wallet.get_credentials(
name="github",
app_name="git_client",
reason="Access GitHub credentials for repository operations"
)
# Specific field access with approval
username = wallet.get_username(
name="github",
app_name="auth_service",
reason="Get username for authentication display"
)
password = wallet.get_password(
name="github",
app_name="git_sync",
reason="Access password for repository push/pull operations"
)
# Browse and manage (no approval needed)
keys = wallet.list_keys() # Rich table with type info
status = wallet.status() # Status dashboard
wallet.search_keys() # Interactive search widget
wallet.show_status() # Terminal display
๐ Security: Native System Approval Required
Every secret access requires explicit approval via native system dialogs:
๐ macOS: Native AppleScript dialogs with system styling
๐ช Windows: Native MessageBox dialogs or PowerShell prompts
๐ง Linux: Zenity, KDialog, or XMessage depending on desktop
๐ Fallback: Rich CLI prompts if no GUI available
๐ง Works Everywhere: Unlike Jupyter widgets, native dialogs work in:
- โ Background processes and daemons
- โ Cron jobs and scheduled tasks
- โ Web servers and APIs
- โ CLI applications and scripts
- โ Jupyter notebooks and IDEs
Example approval dialog shows:
- ๐ Secret Name:
tinfoil_api_key - ๐ฑ Application:
syft-nsai - ๐ญ Reason:
Access Tinfoil AI API for running language models in secure enclaves - โ ๏ธ Security Warning: Only approve trusted applications
Benefits:
- โ Universal Compatibility - Works in any environment, not just notebooks
- โ No Silent Access - Every request requires explicit approval
- โ Full Context - Users see exactly why secrets are needed
- โ App Identification - Know which application is requesting access
- โ Timeout Protection - Requests auto-deny after 5 minutes
- โ System Integration - Uses native OS security patterns
CLI Usage
# Store a single secret
syft-wallet set api_key "secret123" --tags api
# Store credentials (interactive)
syft-wallet set-credentials github --username myuser --password mypass
# Retrieve secrets
syft-wallet get api_key
syft-wallet get-credentials github
# Show status with vault info
syft-wallet status
Integration with SyftBox
Works seamlessly with other SyftBox packages:
import syft_wallet as wallet
import syft_nsai as nsai
# Store your API key securely
wallet.store("tinfoil_api_key", "tk_your_key_here")
# syft-nsai will automatically retrieve it
# No hardcoded keys needed!
License
Apache 2.0 - See LICENSE file for details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
syft_wallet-0.1.1.tar.gz
(21.9 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file syft_wallet-0.1.1.tar.gz.
File metadata
- Download URL: syft_wallet-0.1.1.tar.gz
- Upload date:
- Size: 21.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4291d07ea249dc269f2e7fe4304ed61afc82cd087c7b49a9d8233daa5886c6a0
|
|
| MD5 |
13bc1da26f294c4df7f35ea8b39bb407
|
|
| BLAKE2b-256 |
44976d1075f02506a9153746a3c5294ccb7b1ae9349d7cd9adb6855bcaeb46e2
|
File details
Details for the file syft_wallet-0.1.1-py3-none-any.whl.
File metadata
- Download URL: syft_wallet-0.1.1-py3-none-any.whl
- Upload date:
- Size: 23.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7d7f87df91ca936d9068228a9605f38c710e5d17d734cb8c34642059ac09cac6
|
|
| MD5 |
8e76f11beeb9729f7c1d2996dac3d929
|
|
| BLAKE2b-256 |
281e75e68b14a5833b236d7047f2311d2c5fad0f79105c6730b859db68256b23
|
