Skip to main content

Python CLI to share secret files via github with symmetric encryption ed25519.

Project description


Python CLI to share secret files via github with symmetric encryption ed25519.

  • IMPORTANT: The secret files should be git-ignored to avoid oblivious leakage.
  • Temporarily supports only text files (only tested with .env).
  • Best used to store/share secrets and configurations.
  • Key should be a 32-byte long string, meanly 32 ASCII or two-byte UTF-8 characters.
  • (FAQ) If you share with GitHub (like the example), please notice that there's a 5 minutes cool-down on refreshing. Detail


  1. Install CLI: pip3 install symmetric-secrete-share.
  2. Check the Tutorial Chapter and sss --help.
  3. Recommended: set up a global key chain with sss key, or you would have to input a key every time.
  4. Get a config like $REPO_ROOT/tests/injection/sss.json. The JSON-schema in $schema of this file will help you write the config file.


  1. Get a config file like $REPO_ROOT/tests/injection/sss.json.

  2. Run CLI

    sss inject [-k TEXT] CONFIG_PATH


  1. Run CLI

    sss share [-k TEXT] CONFIG_PATH


  1. Run CLI

    sss key [-c/f/g] # -g: generate one key, -c: clear key chain, -f: force
  2. Upload the generated file to GitHub (or other platforms).

  3. Update the config file if needed.


  • There are 256**32==1,15e+77 keys of 32 of ASCII (one-byte utf-8 string).
  • To generate this kind of key, you can use sss key --generate.
  • There are 256**64==1.34e+154 keys of 64 of ASCII (two-byte utf-8 string).
  • To generate two-byte utf-8 string, a possibility is to use onlineutf8tools



In this tutorial, all commands are assumed to be run under the $REPO_ROOT. We are going to use these concepts and variables:

  • key chain: A file to share key, initialized with sss key.
  • key: This key contains 32 characters..
  • URL:

We are going to play with the folder test/injection, with the sss.json file inside it. To share your own file, a new config file should be created.

Setup a local key chain

sss key # create/edit
sss key -c # clear all keys

load files from URL

These code will generate a test/injection/target.env like test/example.env

sss inject ./tests/injection/sss.json # use key from initial key chain
sss inject -k "This key contains 32 characters." ./tests/injection/sss.json
sss inject ./tests/injection/sss.json -k "I'm a string with 32 characters." # fail

share files

Need to upload manually #TODO These code will generate a test/injection/target.encrypted

sss share ./tests/injection/sss.json # use key from initial key chain
sss share -k "This key contains 32 characters." ./tests/injection/sss.json

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

symmetric-secrete-share-0.0.7.tar.gz (11.3 kB view hashes)

Uploaded source

Built Distribution

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page