GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → sourcelair → sec

sourcelair / sec

Licence: MIT license
Tiny library for using secrets in Python applications

Programming Languages

python
139335 projects - #7 most used programming language

Labels

secrets

Projects that are alternatives of or similar to sec

Git-Secret
Go scripts for finding sensitive data like API key / some keywords in the github repository
Stars: ✭ 156 (+680%)
Mutual labels:  secrets
ssh-credentials-plugin
No description or website provided.
Stars: ✭ 23 (+15%)
Mutual labels:  secrets
carvel-secretgen-controller
secretgen-controller provides CRDs to specify what secrets need to be on Kubernetes cluster (to be generated or not)
Stars: ✭ 54 (+170%)
Mutual labels:  secrets
SecureStore
A .NET implementation of the cross-platform SecureStore (symmetrically-encrypted secrets) protocol
Stars: ✭ 62 (+210%)
Mutual labels:  secrets
vault-monkey
Extract secrets from your vault in a multi-machine cluster environment.
Stars: ✭ 12 (-40%)
Mutual labels:  secrets
secret config
Centralized Configuration and Secrets Management for Ruby and Rails applications.
Stars: ✭ 15 (-25%)
Mutual labels:  secrets
Kubernetes Secret Manager
Manage secrets with Vault inside a Kubernetes cluster
Stars: ✭ 231 (+1055%)
Mutual labels:  secrets
ink
A Logger backend that logs JSON
Stars: ✭ 64 (+220%)
Mutual labels:  secrets
githubsecrets
Manage your GitHub Actions secrets with a simple CLI
Stars: ✭ 41 (+105%)
Mutual labels:  secrets
secrets
Useful to get input on noecho, secrets, passwords, token, hints
Stars: ✭ 13 (-35%)
Mutual labels:  secrets
terraform-aws-ssm-parameter-store
Terraform module to populate AWS Systems Manager (SSM) Parameter Store with values from Terraform. Works great with Chamber.
Stars: ✭ 87 (+335%)
Mutual labels:  secrets
QR-secret-sharing
🔒 Create QR codes to secret-share a message. Ideal for cryptocurrency wallet recovery keys and passwords.
Stars: ✭ 94 (+370%)
Mutual labels:  secrets
ok-to-test
Example workflow configuration showing how to use GitHub Actions secrets in pull requests from forks 🍴🔑
Stars: ✭ 58 (+190%)
Mutual labels:  secrets
2ami
Your easy 2FA companion that keep the secrets secret.
Stars: ✭ 24 (+20%)
Mutual labels:  secrets
secrets
Not Yet Another Password Manager written in Go using libsodium
Stars: ✭ 28 (+40%)
Mutual labels:  secrets
Vault Secrets Gen
A Vault secrets plugin for generating high entropy passwords and passphrases.
Stars: ✭ 238 (+1090%)
Mutual labels:  secrets
actions
Load secrets into GitHub Actions
Stars: ✭ 47 (+135%)
Mutual labels:  secrets
airgap
Offline LiveUSB to generate and manage secret keys for things such as gpg, certificates, and cryptocurrency
Stars: ✭ 92 (+360%)
Mutual labels:  secrets
s3cr3t
A supercharged S3 reverse proxy
Stars: ✭ 55 (+175%)
Mutual labels:  secrets
vault-sidecar-injector
Kubernetes admission webhook for secure, seamless and dynamic handling of secrets in your applications
Stars: ✭ 55 (+175%)
Mutual labels:  secrets
View All Similar Projects ➔

Sec - Tiny Python library for using secrets

Build Status

Sec is a tiny Python library for using secrets. Simple to its core, Sec exposes just one function and offers no configurations options.

If you are developing web applications, then by most chances your application uses some sort of "secret" information (e.g. database passwords, API keys etc.) which hopefully 🙏 is not kept into the code base.

Since this kind of information is not kept in the database, it resides in an external place like a file (e.g. /run/secrets/aws-key) or an environment variable (e.g. DATABASE_URL).

All Sec does is provide a single, unique interface for accessing these information from a Python application.

Installation

You can install sec with Pipenv:

pipenv install sec

Requirements

Sec requires Python 3.6 (or greater) to work.

API Documentation

load(name, fallback=None)

The load method of Sec attempts to load the contents of a secret, based on a given name, in the following order:

  1. Load the contents of /run/secrets/{name} (name is lowercased here)
  2. Load the contents of the path found in the environment variable {name}_FILE (name is uppercased here)
  3. Load the content of the environment variable {name} (name is uppercased here)
  4. Return the value of the fallback argument if provided, or None

Quick Start Example

First, let's create some secret files

$ echo "mystiko" > /run/secrets/supersecret
$ export MYSECRET_FILE=/run/secrets/supersecret
$ export ANOTHER_SECRET=hello

Next, let's open up the Python interpreter and load these secrets in our application.

>>> import sec
>>> sec.load('mystiko')
'supersecret'
>>> sec.load('mysecret')
'supersecret'
>>> sec.load('another_secret')
'hello'

Use Cases

Docker Swarm Secrets

Docker Secrets lets services running on Docker Swarm get exclusive access to secret information that are encrypted at rest.

Although this feature is amazing, it cannot be used outside of Docker Swarm (e.g. in Docker on your local machine) so developers tend to create hacks and workarounds around this issue.

This is where sec comes into play. The following application code will work the same in production with Docker Secrets and in development with environment variables instead.

import sec

# The following line will work the same in development and production
database_url = sec.load('database_url')

Below you can see the corresponding Docker files that we set up to run the above application.

docker-compose.yml

version: "3.6"

services:
  web:
    image: company/app
    secrets:
      - database-url

secrets:
  settings:
    external:
      name: database-url

docker-compose.override.yml

version: "3.6"

services:
  web:
    build: .
    volumes:
      - .:/usr/src/app
    environment:
      DATABASE_URL: postgresql://user:password@postgres

  postgres:
    image: postgres:latest

secrets:
  settings:
    external:
      name: database-url

License

Sec is MIT Licensed.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].