History backend that can encrypt the xonsh shell commands history.
Project description
History backend that encrypt the xonsh shell commands history file
to prevent leaking sensitive data from the commands history
(keys, passwords, hosts, names).
If you like the idea click ⭐ on the repo and tweet now.
Installation
To install use pip:
xpip install xontrib-history-encrypt
# or: xpip install -U git+https://github.com/anki-code/xontrib-history-encrypt
Usage
xontrib load history_encrypt
# Now your commands will be managed by xontrib-history-encrypt.
history info
# backend: xontrib-history-encrypt
# sessionid: 374eedc9-fc94-4d27-9ab7-ebd5a5c87d12
# filename: /home/user/.local/share/xonsh/xonsh-history-encrypt.txt
# commands: 1
Supported encryption
You can set the encryption type before loading the xontrib:
$XONSH_HISTORY_ENCRYPTOR = 'base64'(default) - command's text encoding but without encryption. It can save from the massive scanning the file system for keywords (i.e. password, key) as well as reading the history file by not experienced user. And yes, it can be decoded in five minutes.
To more strong encryption use custom encryption like in the demo below.
Custom encryption demo
Here is the implementation of Fernet (AES CBC + HMAC) that was strongly recommended on stackoverflow. It will be the part of this xontrib in the future.
Add this to the RC file i.e. /tmp/rc:
from cryptography.fernet import Fernet
def fernet_key():
print('[xontrib-history-encrypt] Enter the key or press enter to create new: ', end='')
key = input()
if not key.strip():
key = Fernet.generate_key()
print('[xontrib-history-encrypt] Save the key and use it next time: ', key.decode())
return key
def fernet_encrypt(message: bytes, key: bytes) -> bytes:
return Fernet(key).encrypt(message)
def fernet_decrypt(token: bytes, key: bytes) -> bytes:
return Fernet(key).decrypt(token)
$XONSH_HISTORY_ENCRYPTOR = {
'key': fernet_key,
'enc': lambda data, key: fernet_encrypt(data.encode(), key).decode(),
'dec': lambda data, key: fernet_decrypt(data.encode(), key).decode()
}
xontrib load history_encrypt
Then run the xonsh shell:
bash
xonsh --rc /tmp/rc
# [xontrib-history-encrypt] Enter the key or press enter to create new: <Enter>
# [xontrib-history-encrypt] Save the key and use it next time: q_eaCZ01bt_9lUQPZIhE6WvOeKUq0S2L4A7crxCZrCU=
echo 1
# 1
echo 2
# 2
exit
xonsh --rc /tmp/rc
# [xontrib-history-encrypt] Enter the key or press enter to create new: q_eaCZ01bt_9lUQPZIhE6WvOeKUq0S2L4A7crxCZrCU=
# History loaded!
Known issues
The history will be not saved in case of xonsh crash
The current implementation of history management is simple and when xonsh crash the history will be lost too.
Use history flush command to force writing to the disk before experiments.
Credits
- This package is the part of ergopack - the pack of ergonomic xontribs.
- This package was created with xontrib cookiecutter template.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for xontrib-history-encrypt-0.0.3.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ecb1bd2f8d00ac11a23262bcd23bd8296e8e1b4f98f0bf222456923ae1194e63 |
|
| MD5 | ce29cda484401d4d14bfff23916277c6 |
|
| BLAKE2b-256 | a0fbea281ecba3793af9a68988afb33310ffde7b7b19cc69be05b4e53a3a2084 |
Hashes for xontrib_history_encrypt-0.0.3-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 965f948c010c4c2e5cba71dff46267efbfcd663f28a68a14e57d0b93d5ce23a6 |
|
| MD5 | 357565889ee435b185a03ed3886327fe |
|
| BLAKE2b-256 | 27469002d6d417c9ee58fd74578c71cf91d607069dcd59ad17bbcc9ad327face |
