Summary
confsecrets is a library providing secure symmetric cryptography based on PyCrypto, pycryptodome, or pycryptodomex to any Python project. A set of secrets are collected into a "vault" which is stored as a JSON file. All secrets share the same salt and binary key. The binary key is derived from a clear text key via PBKDF2.
Installation
confsecrets is best installed from your Python Package repository:
pip install confsecrets
This provides one top-level packages:
confsecrets
- general support for secrets management
There is also a confsecrets
command that you can use to create a new salt, manage the vault, etc.
Environment Variables
confsecrets.vault.DefaultVault
and the command-line, use the following environment variables:
CONFSECRETS_SALT
- a base64 encoded, 8-byte saltCONFSECRETS_KEY
- a plain text password or passphrase from which the binary key is derivedCONFSECSETS_PATH
- The path to a JSON-encoded vault file, which will be initialized if needed
Console Comands
-
confsecrets newsalt
- creates a new, base-64 encoded salt.
The--raw
argument causes this to be printed as python code, to be copied into a file. -
confsecrets list
- lists all secrets in a vault. -
confsecrets get <secret>
- gets a single secret. -
confsecrets put <secret> <value>
- updates a secret to the given value -
confsecrets rm <secret>
- removes a secret from a vault