yaycl-crypt

Release 0.4.0

YAML Config Autoloader Encryption Support

Homepage PyPI Python

License
MIT
Install
pip install yaycl-crypt==0.4.0

Documentation

yaycl Encrypted Yaml Support

A yaycl plugin to seamlessly load encypted yamls, as well as helper methods for encrypting and decrypting yaycl yamls.

Usage

# Set the crypt key one of these ways:
conf = yaycl.Config('/path/to/yamls', crypt_key='my secret')
conf = yaycl.Config('/path/to/yamls', crypt_key_file='/path/to/a/file/containing/my/secret')

# Or set them after instantiating conf if you like (but it's a little less pretty):
conf._yaycl['crypt_key'] = 'my secret'
conf._yaycl['crypt_key_file'] = '/path/to/a/file/containing/my/secret'

# Or set the correspnding environment vars before loading python:
# - YAYCL_CRYPT_KEY corresponds to 'crypt_key' kwarg
# - YAYCL_CRYPT_KEY_FILE corresponds to 'crypt_key_file' kwarg

# Assuming you've loaded "test.yaml" from your yaml conf dir,
# this will encrypt it and remove the unencrypted version:

yaycl_crypt.encrypt_yaml(conf, 'test')

# Encrypted yamls have the extension '.eyaml', and (assuming the crypt key is set)
# will be loaded just like an unencrypted yaml. If the yaml being loaded has no extension,
# yaycl_crypt will append the extension '.e' to the unencrypted yaml name

# To decrypt:
yaycl_crypt.decrypt_yaml(conf, 'test')

# As before (but going the other way), the .eyaml file will be deleted,
# leaving just the unencrypted yaml file in the conf dir

Notes

  • If both an encrypted an unencrypted yaml exist, yaycl_crypt will issue a warning and punt to the next yaycl loader, which is most likely the default loader. This means the unencrypted yaml gets loaded, under the assumption that an unencrypted yaml next to an encrypted yaml probably means the unencrypted yaml is being actively edited.
  • If yaycl_crypt.decrypt_yaml is called, and an unencrypted yaml already exists, yaycl_crypt will refuse to overwrite the existing unencrypted conf, again under the assumption that the unencrypted conf is being actively worked on. If it isn't, the simplest way to remove it is likely to encrypt it first to delete the unencrypted file, then decrypt it.
  • yaycl_crypt.encrypt_yaml has no similar qualms about overwriting encrypted yamls, since the most likely reason for using this function is to write config changes in a recently unencrypted config file.
  • Both encrypt_yaml and decrypt_yaml take a delete kwarg, which defaults to True. If set to False, encrypt_yaml will not delete the unencrypted config of the same name, and decrypt_yaml will similarly not delete its encrypted counterpart.
  • yaml_crypt isn't guaranteed to be completely "secure"; its main goal is to obfuscate configuration files with private data in a way that is not trivial to circumvent. Anyone with access to a python interpreter that can read your eyaml files has access to your secret key.

Coverage Status Build Status

Stats

Dependencies
3
Dependent packages
0
Dependent repositories
11
Total releases
7
Latest release
First release
Stars
3
Forks
1
Watchers
1
Contributors
2
Repository size
25.4 KB
SourceRank
8

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.4.0
0.3.0
0.2.0
0.1.2
0.1.1
v0.1.1
v0.1.0

Contributors

Sean Myers Ronny Pfannschmidt


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2022-01-05 07:46:46 UTC

Login to resync this project