Skip to main content

YAML Config Autoloader Encryption Support

Project description

# yaycl Encrypted Yaml Support

A [yaycl](https://github.com/seandst/yaycl) plugin to seamlessly load encypted yamls,
as well as helper methods for encrypting and decrypting yaycl yamls.

# Usage

```python
# Set the crypt key one of these ways:
conf = yaycl.Config('/path/to/yamls', crypt_key='my secret')
conf = yaycl.Config('/path/to/yamls', crypt_key_file='/path/to/a/file/containing/my/secret')

# Or set them after instantiating conf if you like (but it's a little less pretty):
conf._yaycl['crypt_key'] = 'my secret'
conf._yaycl['crypt_key_file'] = '/path/to/a/file/containing/my/secret'

# Or set the correspnding environment vars before loading python:
# - YAYCL_CRYPT_KEY corresponds to 'crypt_key' kwarg
# - YAYCL_CRYPT_KEY_FILE corresponds to 'crypt_key_file' kwarg

# Assuming you've loaded "test.yaml" from your yaml conf dir,
# this will encrypt it and remove the unencrypted version:

yaycl_crypt.encrypt_yaml(conf, 'test')

# Encrypted yamls have the extension '.eyaml', and (assuming the crypt key is set)
# will be loaded just like an unencrypted yaml. If the yaml being loaded has no extension,
# yaycl_crypt will append the extension '.e' to the unencrypted yaml name

# To decrypt:
yaycl_crypt.decrypt_yaml(conf, 'test')

# As before (but going the other way), the .eyaml file will be deleted,
# leaving just the unencrypted yaml file in the conf dir
```

# Notes

- If both an encrypted an unencrypted yaml exist, `yaycl_crypt` will issue a warning
and punt to the next `yaycl` loader, which is most likely the default loader. This
means the unencrypted yaml gets loaded, under the assumption that an unencrypted yaml
next to an encrypted yaml probably means the unencrypted yaml is being actively edited.
- If `yaycl_crypt.decrypt_yaml` is called, and an unencrypted yaml already exists,
`yaycl_crypt` will refuse to overwrite the existing unencrypted conf, again under the
assumption that the unencrypted conf is being actively worked on. If it isn't, the
simplest way to remove it is likely to encrypt it first to delete the unencrypted file,
then decrypt it.
- `yaycl_crypt.encrypt_yaml` has no similar qualms about overwriting encrypted yamls, since
the most likely reason for using this function is to write config changes in a recently
unencrypted config file.
- Both `encrypt_yaml` and `decrypt_yaml` take a `delete` kwarg, which defaults to `True`.
If set to `False`, `encrypt_yaml` will *not* delete the unencrypted config of the same
name, and `decrypt_yaml` will similarly *not* delete its encrypted counterpart.
- `yaml_crypt` isn't guaranteed to be completely "secure"; its main goal is to obfuscate
configuration files with private data in a way that is not trivial to circumvent.
Anyone with access to a python interpreter that can read your eyaml files has access
to your secret key.

[![Coverage Status](https://coveralls.io/repos/seandst/yaycl-crypt/badge.svg?branch=master)](https://coveralls.io/r/seandst/yaycl-crypt?branch=master)
[![Build Status](https://travis-ci.org/seandst/yaycl-crypt.svg?branch=master)](https://travis-ci.org/seandst/yaycl-crypt)



Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

yaycl-crypt-0.4.0.tar.gz (7.1 kB view details)

Uploaded Source

Built Distribution

yaycl_crypt-0.4.0-py2.py3-none-any.whl (7.6 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file yaycl-crypt-0.4.0.tar.gz.

File metadata

  • Download URL: yaycl-crypt-0.4.0.tar.gz
  • Upload date:
  • Size: 7.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for yaycl-crypt-0.4.0.tar.gz
Algorithm Hash digest
SHA256 75e2ddb54209836f44980a1e9ead2e3eac358340c31339c6b456fdf312e575b1
MD5 ad7598626f8952350d7a596a7a814c8d
BLAKE2b-256 2b7684039e80013db0cf59964aa2c001bcb8130b234d65ec361a7bfc6d7ec5db

See more details on using hashes here.

File details

Details for the file yaycl_crypt-0.4.0-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for yaycl_crypt-0.4.0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 6b775ec40aa0fcfb132987efc409414e17b226ebab2e82767ba92554b84c0e54
MD5 833c53e5ed822c8b740fa5318fffce13
BLAKE2b-256 36350d8363fb8ce5331f03c18777d17ebc1c365409c22752ebed6c1db7b82a11

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page