hoba

Release 0.1.2

Yet another secrets management toolkit

Homepage PyPI Python

Keywords
secret-management, password-store, devops, devops-tools, docker, docker-compose, gpg, pass, secrets
License
MIT
Install
pip install hoba==0.1.2

Documentation

Hoba

Build Status Made With License: MIT

Yet another secrets management toolkit based on passwordstore

hoba

Requirements

  • git
  • gnupg
  • pass
  • python 3.6+
  • pip 19.0.1+

Installation

$ pip install git+https://github.com/m-kus/hoba

Usage

All hoba commands work only if there is a hoba.yml file inside the current directory. File format will be described below.

Storing and sharing secrets

Pass is a great alternative to Hashicorp Vault and other enterprise secret storages, cause it's simple, safe, and portable. In my team we came to a pretty convenient scheme without loosing in security.

  1. All passwords encryption key, api keys, certificates, etc. are kept in a pass repo, which is gpg-encrypted and stored in git;
  2. Pass allows to implement simple access control policy for each tree node with inheritance;
  3. Each developer has to generate gpg key and add pubkey to the pass repo (keys are stored in .gpg-keys file);
  4. All developers have to import all keys from the repo and set maximum trust level;

You can do this manually, but there is a command which does pretty much the same:

$ hoba sync

Hoba can also spawn a shell with overrided PASSWORD_STORE_DIR environment variable:

$ hoba shell
$ pass

Deploying secrets

By default hoba looks for a default section inside the configuration file.

$ hoba gen

You can also specify target env:

$ hoba gen dev

Sample hoba configuration file:

password-store:
  repo_url: http://github.com/example.git
  repo_dir: ./.password-store
  
environments:
  dev:
    default:
  prod:
  
targets:
  - type: env_file
    output: ./.secrets/{ENV}.env
    variables:
      - DB_PASSWORD={ENV}/postgresql/password
    except:
      - dev

  - type: dir
    output: ./.secrets
    files:
      - ssl/example.com/cert_key:ssl/cert_key
      - ssl/example.com/dh_params:ssl/dh_params
    only:
      - prod

  - type: keyring
    output: ./.secrets/keyring_pass.cfg
    entries:
      - app@telegram:{ENV}/telegram/bot_api_key

Docker compose integration example:

version: "3.1"
services:
  nginx:
    environment:
      env_file:
      - ./.secrets/dev.env
    secrets:
      - cert_key
      - dh_params
      - source: keyring
        target: /root/.local/share/python_keyring/keyring_pass.cfg
    
secrets:
  cert_key:
    file: ./.secrets/ssl/cert_key
  dh_params:
    file: ./.secrets/ssl/dh_params
  keyring:
    file: ./.secrets/keyring_pass.cfg

Stats

Dependencies
8
Dependent packages
0
Dependent repositories
0
Total releases
2
Latest release
First release
Stars
2
Forks
0
Watchers
0
Contributors
1
Repository size
27.3 KB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.1.2
0.1.1

Contributors

Michael Zaikin


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-02-16 09:34:09 UTC

Login to resync this project