confsecrets.pbe
Provides secure, symmetric encryption without much around it.
Includes these exceptions:
confsecrets.pbe.InvalidSalt- raised for an invalid saltconfsecrets.pbe.MessageTooShort- raised when attempting to decrypt a message that has no room for IV, ciphertext, and MACconfsecrets.pbe.InvalidMessageAuthenticationCode- raised when decrypting a message with an invalid MACconfsecrets.pbe.PasswordTooSimple- raised whenPasswordUtilreceives a password that is not complex enough.confsecrets.pbe.PasswordNotShellSafe- raised whenPasswordUtilreceives a password that must be escaped from a Linux shell.
Includes these types:
confsecrets.pbe.PasswordUtil:PasswordUtil.check- a static method that checks a password for length, complexity, and shell safety.PasswordUtil.generate- a static method that generates a password matching above rules
confsecrets.pbe.PBEUtil- This is the heart of the module, providing secure, symmetric encryption.
confsecrets.vault
Implements a file-based container of encrypted material. Each piece of encrypted material is accessed via a key.
Includes these exceptions:
confsecrets.vault.VaultPathMissing- raised when no path has been providedconfsecrets.vault.VaultNotFound- raised for operating systems errors accessing the vaultconfsecrets.vault.VaultFormatError- raised when the vault is in an invalid format
Includes these types:
confsecrets.vault.Vault- A dictionary type that stores its values as encrypted, base64 encoded messages within a JSON or YAML file.confsecrets.vault.DefaultVault- A vault with global parameters that functions as a singleton
confsecrets.secrets
Provides objects that behave like strings or other types, which are backed by the vault.
Includes these types:
confsecrets.secrets.BaseSecret- A base secret simply knows how to set and get its value from a vault. If no vault is provided, it uses theDefaultVault.confsecrets.secrets.Secret- A secret that behaves like a string in string contexts, a bool in bool contexts, and so on.