History backend that can encrypt the xonsh shell commands history.
Project description
History backend that encrypt the xonsh shell commands history file
to prevent leaking sensitive data from the commands history
(keys, passwords, hosts, names).
If you like the idea click ⭐ on the repo and tweet now.
Installation
To install use pip:
xpip install xontrib-history-encrypt
# or: xpip install -U git+https://github.com/anki-code/xontrib-history-encrypt
Usage: supported encryption
Base64 (default)
Base64 is not the real encrypter and implemented as fast way to encode history file and for education reasons. It can save you from the massive scanning the file system for keywords (i.e. password, key) as well as reading the history file by not experienced user. But it can be decoded in five minutes by the professional.
# Add to xonsh RC file
$XONSH_HISTORY_ENCRYPTOR = 'base64'
xontrib load history_encrypt
Fernet
The implementation of Fernet (AES CBC + HMAC) that was strongly recommended on stackoverflow. On first start it generates a key that you should save in secure place. Than you can use this key to decrypt the history.
# Add to xonsh RC file
$XONSH_HISTORY_ENCRYPTOR = 'fernet'
xontrib load history_encrypt
Custom
from xontrib.history_encrypt.fernet import *
$XONSH_HISTORY_ENCRYPTOR = {
'key': fernet_key,
'enc': lambda data, key: fernet_encrypt(data.encode(), key).decode(),
'dec': lambda data, key: fernet_decrypt(data.encode(), key).decode()
}
xontrib load history_encrypt
What should I know?
How to check the backend is working
history info
# backend: xontrib-history-encrypt
# sessionid: 374eedc9-fc94-4d27-9ab7-ebd5a5c87d12
# filename: /home/user/.local/share/xonsh/xonsh-history-encrypt.txt
# commands: 1
Some points about the backend
-
At start the backend read and decrypt all commands and this could take time. Basically we assume that you will use the xontrib on your servers and haven't so big history.
-
The commands are stored in the memory and flush to the disk at the exit from the shell. If the shell has crash there is no flushing to the disk and commands will be lost. Use
history flushcommand if you plan to run something experimental. -
The backend has minimal history management support in comparing with json or sqlite backends and you can find the lack of features.
If you want to improve something from the list PRs are welcome!
Credits
- This package is the part of ergopack - the pack of ergonomic xontribs.
- This package was created with xontrib cookiecutter template.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file xontrib-history-encrypt-0.0.4.tar.gz.
File metadata
- Download URL: xontrib-history-encrypt-0.0.4.tar.gz
- Upload date:
- Size: 5.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.58.0 CPython/3.9.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 465f7a72c9aec3533b1f623cd52e8153bbbaa7c9f6950d0437b74aaca7e56e94 |
|
| MD5 | f8e73b40c9a416e4380413067ad5f6dd |
|
| BLAKE2b-256 | 36050201268b78e0a9d30d7e9a83df3236c9fe817744724a61e7b1e741aedeb1 |
File details
Details for the file xontrib_history_encrypt-0.0.4-py3-none-any.whl.
File metadata
- Download URL: xontrib_history_encrypt-0.0.4-py3-none-any.whl
- Upload date:
- Size: 5.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.58.0 CPython/3.9.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5c7c43397216ccdebc05c5b9b7f5743f9097ecdd5f8656f17e4a2558103b36fb |
|
| MD5 | ce8edf5c8a974ea59191714e08143282 |
|
| BLAKE2b-256 | 9a0df4cb40edd9e789722b9095520a6e93c6087609317cd8424de6bcc4ecd54b |
