confsecrets.pbe
Provides secure, symmetric encryption without much around it.
Includes these exceptions:
confsecrets.pbe.InvalidSalt
- raised for an invalid saltconfsecrets.pbe.MessageTooShort
- raised when attempting to decrypt a message that has no room for IV, ciphertext, and MACconfsecrets.pbe.InvalidMessageAuthenticationCode
- raised when decrypting a message with an invalid MACconfsecrets.pbe.PasswordTooSimple
- raised whenPasswordUtil
receives a password that is not complex enough.confsecrets.pbe.PasswordNotShellSafe
- raised whenPasswordUtil
receives a password that must be escaped from a Linux shell.
Includes these types:
confsecrets.pbe.PasswordUtil
:PasswordUtil.check
- a static method that checks a password for length, complexity, and shell safety.PasswordUtil.generate
- a static method that generates a password matching above rules
confsecrets.pbe.PBEUtil
- This is the heart of the module, providing secure, symmetric encryption.
confsecrets.vault
Implements a file-based container of encrypted material. Each piece of encrypted material is accessed via a key.
Includes these exceptions:
confsecrets.vault.VaultPathMissing
- raised when no path has been providedconfsecrets.vault.VaultNotFound
- raised for operating systems errors accessing the vaultconfsecrets.vault.VaultFormatError
- raised when the vault is in an invalid format
Includes these types:
confsecrets.vault.Vault
- A dictionary type that stores its values as encrypted, base64 encoded messages within a JSON or YAML file.confsecrets.vault.DefaultVault
- A vault with global parameters that functions as a singleton
confsecrets.secrets
Provides objects that behave like strings or other types, which are backed by the vault.
Includes these types:
confsecrets.secrets.BaseSecret
- A base secret simply knows how to set and get its value from a vault. If no vault is provided, it uses theDefaultVault
.confsecrets.secrets.Secret
- A secret that behaves like a string in string contexts, a bool in bool contexts, and so on.