A lightweight package to manage tokens in your application in a single encrypted file and asymmetric token encryption.
Project description
TokenVault
TokenVault is a lightweight package to manage users and validate them using tokens in your application in a single encrypted file and asymmetric token encryption.
It was designed to manage users within a file in a repository such that if the file is compromised, the tokens and metadata are still safe.
Installation
pip install tokenvault
Quickstart
from tokenvault import TokenVault
vault = TokenVault()
# you give this token to the user for authentication
token = vault.add("alon@gmail.com", metadata={"name": "Alon Sababa",
"Country": "Israel"})
vault.validate(token)
{'name': 'Alon Sababa', 'Country': 'Israel'}
assert vault.validate('not a token in the vault') is None
vault.save("vault.db")
TokenVault("vault.db").validate(token)
{'name': 'Alon Sababa', 'Country': 'Israel'}
Encrypt the vault
For added security, by adding a password to the vault, the file itself get encrypted and therefore the list of keys
too.
You can provide the password manually or it is automatically picked-up from the environment
variable TOKENVAULT_PASSWORD if it exists.
- You can share the environment variable with your team members and server secrets so that they decrypt the file automatically.
import os
from tokenvault import TokenVault
vault = TokenVault()
token = vault.add("alon@gmail.com", metadata={"name": "Alon Sababa", "Country": "Israel"})
password = vault.generate_key()
vault.save("vault.db", password=password)
TokenVault("vault.db", password=password).validate(token)
# using the environment variable
os.environ['TOKENVAULT_PASSWORD'] = password
TokenVault("vault.db").validate(token)
{'name': 'Alon Sababa', 'Country': 'Israel'}
CLI
An easy way to manage users manually is to use the CLI.
- Default vault file is
vault.dbin the current directory. - When a password or token is generated, it is copied to the clipboard. You can add a flag to print it to the screen too.
tv --help
Options:
--version Show the version and exit.
--help Show this message and exit.
Commands:
add Add a new key to the vault and copy the token to the clipboard
encrypted Check if the vault is encrypted
init Initialize a vault file in 'path' argument.
list List existing keys in the vault
remove Add a new key to the vault and copy the token to the clipboard
validate Add a new key to the vault and copy the token to the clipboard
Quickstart without password:
$ tv init vault.db --no-password
# this copy the token to the clipboard
$ tv add alon@gmail.com vault.db --metadata='{"some":"information"}'
$ tv list vault.db
alon
$ tv validate <token>
{'some': 'information'}
$ tv remove alon@gmail.com vault.db
Quickstart with password:
$ tv init vault.db --echo-password # this copy the password to the clipboard
password: G99********
Vault created at vault.db and encrypted with password
$ export TOKENVAULT_PASSWORD=G99********
$ tv add alon@gmail.com vault.db # this copy the token to the clipboard
$ tv validate <token>
{} # no metadata provided
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for tokenvault-0.0.1a1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1f0c97eb238954371d6fc140decfe364c64beb603f9435e294c14d46e50e8cba |
|
| MD5 | c4da5e8a0fc8a06ddae0f6d66f47801e |
|
| BLAKE2b-256 | 3ce1209a1b2a341cdf397640f9abcf2b11e42d523a1eed8bbbbd7d014efcb108 |
