Metadata-Version: 1.1
Name: secretcrypt
Version: 1.0.4
Summary: Encrypt project secrets
Home-page: https://github.com/Zemanta/secretcrypt
Author: Nejc Saje, Zemanta
Author-email: nejc@saje.info
License: UNKNOWN
Download-URL: https://github.com/Zemanta/secretcrypt/tarball/0.1
Description: py-secretcrypt
        ==============
        
        |Circle CI|
        |Codecov|
        
        
        Utility for keeping your secrets encrypted. Also has a `Go
        version <https://github.com/Zemanta/go-secretcrypt>`__.
        
        For example, you have the following configuration file
        
        ::
        
            MY_SECRET=VerySecretValue!
        
        but you can't include that file in VCS because then your secret value
        would be exposed.
        
        With **secretcrypt**, you can encrypt your secret using your AWS KMS
        master key aliased *MyKey*:
        
        .. code:: bash
        
            $ encrypt-secret kms alias/MyKey
            Enter plaintext: VerySecretValue! # enter
            kms:region=us-east-1:CiC/SXeuXDGRADRIjc0qcE... # shortened for brevity
        
            # --- or --
            $ echo "VerySecretValue!" | encrypt-secret kms alias/MyKey  
            kms:region=us-east-1:CiC/SXeuXDGRADRIjc0qcE... # shortened for brevity
            # only use piping when scripting, otherwise your secrets will be stored
            # in your shell's history!
        
        use that secret in my config file
        
        .. code:: python
        
            from secretcrypt import Secret
            MY_SECRET=Secret('kms:region=us-east-1:CiC/SXeuXDGRADRIjc0qcE...')  # shortened for brevity
        
        and get the plaintext like
        
        .. code:: python
        
            print MY_SECRET.get()
            # VerySecretValue!
        
        If you are using very sensitive secrets, you can ensure the plaintext
        is not kept in memory and is only encrypted on demand by using a stricter
        version:
        
        .. code:: python
        
            from secretcrypt import StrictSecret
            MY_SECRET=StrictSecret('kms:region=us-east-1:CiC/SXeuXDGRADRIjc0qcE...')  # shortened for brevity
        
        and get the plaintext like
        
        .. code:: python
        
            print MY_SECRET.decrypt()
            # VerySecretValue!
        
        KMS
        ---
        
        The KMS option uses AWS Key Management Service. When encrypting and
        decrypting KMS secrets, you need to provide which AWS region the is to
        be or was encrypted on, but it defaults to ``us-east-1``.
        
        So if you use a custom region, you must provide it to secretcrypt:
        
        .. code:: bash
        
            encrypt-secret kms --region us-west-1 alias/MyKey
        
        Local encryption
        ----------------
        
        This mode is meant for local and/or offline development usage. It
        generates a local key in your %USER\_DATA\_DIR% (see
        `appdirs <https://pypi.python.org/pypi/appdirs>`__), so that the key
        cannot be accidentally committed to CVS.
        
        It then uses that key to symmetrically encrypt and decrypt your secrets.
        
        Password encryption - interactive only
        --------------------------------------
        
        The password encryption mode should not be used in your application - it is
        meant for easily sharing secrets among developers. It interactively prompts
        the user for a password when encrypting the secret. When decrypting, it
        prompts for the password again.
        
        
        .. |Circle CI| image:: https://circleci.com/gh/Zemanta/py-secretcrypt.svg?style=svg
           :target: https://circleci.com/gh/Zemanta/py-secretcrypt
        .. |Codecov| image:: https://codecov.io/gh/Zemanta/py-secretcrypt/branch/master/graph/badge.svg
          :target: https://codecov.io/gh/Zemanta/py-secretcrypt
        
        
        
        
        History
        -------
        
        1.0.4 (2020-09-21)
        ++++++++++++++++++
        
        - fixed reraise error in decrypt module
        
        
        1.0.3 (2017-11-02)
        ++++++++++++++++++
        
        - reverted scrypt parameter changes
        
        
        1.0.2 (2017-10-31)
        ++++++++++++++++++
        
        - changed scrypt parameters
        
        
        1.0.1 (2017-10-31)
        ++++++++++++++++++
        
        - Fixed readme formatting.
        
        
        1.0.0 (2017-10-31)
        ++++++++++++++++++
        
        * added password encryption/decryption
        
        0.9.1 (2017-03-28)
        ++++++++++++++++++
        
        * Python3 local module fixed issue with utf-8
        * unpinned dependencies
        
        0.4 (2016-03-02)
        ++++++++++++++++++
        
        * plaintexts are now returned as strings not as bytes
        
        0.3 (2016-03-02)
        ++++++++++++++++++
        
        * BREAKING CHANGE: introduced new semantics for Secret and a new StrictSecret
        
Keywords: secret,encrypt,decrypt,settings
Platform: UNKNOWN
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3.4
Classifier: Topic :: Security :: Cryptography
