Python CLI to share secret files via github with symmetric encryption ed25519.
Project description
symmetric-secrete-share
Python CLI to share secret files via github with symmetric encryption ed25519.
- IMPORTANT: The secret files should be git-ignored to avoid oblivious leakage.
- Temporarily supports only text files (only tested with
.env). - Best used to store/share secrets and configurations.
- Key should be a 32-byte long string, meanly 32 ASCII or two-byte UTF-8 characters.
- (FAQ) If you share with GitHub (like the example), please notice that there's a 5 minutes cool-down on refreshing. Detail
Use
- Install CLI:
pip3 install symmetric-secrete-share. - Check the Tutorial Chapter and
sss --help. - Recommended: set up a global key chain with
sss key, or you would have to input a key every time. - Get a config like
$REPO_ROOT/tests/injection/sss.json. The JSON-schema in$schemaof this file will help you write the config file.
inject
-
Get a config file like
$REPO_ROOT/tests/injection/sss.json. -
Run CLI
sss inject [-k TEXT] CONFIG_PATH
share
-
Run CLI
sss share [-k TEXT] CONFIG_PATH
key
-
Run CLI
sss key [-c/f/g] # -g: generate one key, -c: clear key chain, -f: force
-
Upload the generated file to GitHub (or other platforms).
-
Update the config file if needed.
Security
- There are
256**32==1,15e+77keys of 32 of ASCII (one-byte utf-8 string). - To generate this kind of key, you can use
sss key --generate. - There are
256**64==1.34e+154keys of 64 of ASCII (two-byte utf-8 string). - To generate two-byte utf-8 string, a possibility is to use onlineutf8tools
Contribute
- Created for Artcoin-Network, modifying a private repo Artcoin-Network/artificial-dev-config.
- To contribute, please fork the repo and run
poetry install. - Read more in CONTRIBUTE.md
Tutorial
In this tutorial, all commands are assumed to be run under the $REPO_ROOT. We are going to use these concepts and variables:
- key chain: A file to share key, initialized with
sss key. - key:
This key contains 32 characters.. - URL:
https://raw.githubusercontent.com/PabloLION/symmetric-secrete-share/main/tests/example.encrypted.
We are going to play with the folder test/injection, with the sss.json file inside it. To share your own file, a new config file should be created.
Setup a local key chain
sss key # create/edit
sss key -c # clear all keys
load files from URL
These code will generate a test/injection/target.env like test/example.env
sss inject ./tests/injection/sss.json # use key from initial key chain
sss inject -k "This key contains 32 characters." ./tests/injection/sss.json
sss inject ./tests/injection/sss.json -k "I'm a string with 32 characters." # fail
share files
Need to upload manually #TODO
These code will generate a test/injection/target.encrypted
sss share ./tests/injection/sss.json # use key from initial key chain
sss share -k "This key contains 32 characters." ./tests/injection/sss.json
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for symmetric-secrete-share-0.0.7.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1c051cbc3f38861e53258daef396ca5d70dbac7aa5e22746e95f3e7fc1709d73 |
|
| MD5 | a058d1708451b80f2f9bc84fb72f2bb7 |
|
| BLAKE2b-256 | 9cc9ff5de5e8c8af95d18a8ec162b546b9dc042a007ddc310aa33f8840870cea |
Hashes for symmetric_secrete_share-0.0.7-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 76bd6fb776f540c2eb892cdb3ba1153210c958cf39e35455e435f6a073810c2c |
|
| MD5 | 136672687cce64c0430c8964561caaff |
|
| BLAKE2b-256 | 1742e512e0809ae5e24782d18c99b722452073227564757f63798b2503f8ed66 |
