Skip to content
/ pyenv-encrypt Public

PyEnv-Encrypt selectively encrypts and decrypts the fields of ENV files keeping the keys readable.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

akhlakm/pyenv-encrypt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits

.github/workflows

.github/workflows

 
 

pyenv_enc

pyenv_enc

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

build.sh

build.sh

 
 

pre-commit

pre-commit

 
 

pyproject.toml

pyproject.toml

 
 

Repository files navigation

PyEnv-Encrypt

GPG based env file encryptor utility.

PyEnv-Encrypt selectively encrypts and decrypts the fields of config files keeping the keys readable. For example, consider an environment variable file .env with the following values.

SOMEVAR="hello world"
ANOTHERVAR="test"

Running pyenc .env will encrypt the text fields into:

SOMEVAR="!ENC#~ hQGMA8pKDfwTzwbdAQv/c0/3Had47hxV6zuNmkBuOjv3bSGGGWzLGHVAN7ryL3tx =Y8Nr"
ANOTHERVAR="!ENC#~ hQGMA8pKDfwTzwbdAQv+JRBiVJB3rFqjONyXbBuN6pwzfHkHR43rbSIGX0o/B0zU =ljcz"

Features

  • Encryption support for the following file types.
    • .env
    • yaml
    • json
  • Recursive update of all text fields.
  • Automatic decision of encryption or decryption based on file contents.

Installation

You can install pyenv-encrypt directly from PyPI using pip.

pip install pyenv-encrypt

Alternatively, clone this repo and install with pip.

git clone https://github.com/akhlakm/pyenv-encrypt.git
cd pyenv-encrypt
pip install -e .

Dependencies

The gpg utility must be installed in your system. GPG comes built-in with most versions of Linux OS. For Mac, use homebrew: brew install gpg.

See the official installation instructions for more info. Run the following command to check if GPG is installed.

gpg --version

Python dependencies:

  • python-dotenv
  • pyyaml

Commandline Usage

After installation, use the pyenc command to encrypt or decrypt your config/env files directly from terminal.

pyenc .env

Multiple files can also be processed.

pyenc .env vault.yaml data.json

pyenc will toggle between encryption and decryption. To force encryption or decryption specify -e or -d respectively.

pyenc -e .env vault.yaml data.json

To make sure you do not commit unencrypted files, you can setup a githook for your repository. See an example pre-commit file here.

Use As A Python Module

import os
from pyenv_enc import enc

# User ID for GPG
USERID = os.environ.get("USER")

# Check if a encryption key-pair exists for the userid,
# or, create a new one.
enc.check_gpg_pubkey(USERID)

# Encrypt a value
text = "hello world"
encrypted = enc.gpg_encrypt(USERID, text)
print(encrypted)

# Decrypt a value
decrypted = enc.gpg_decrypt(encrypted)
print(decrypted)

# Recursively encrypt the string fields of a dictionary.
# This is useful to encrypt JSON, YAML, TOML files.
mydict = {
    "key1": 1234,
    "key2": "hello world",
    "key3": ["hello", "world"],
    "key4": {"foo": "bar"}
}
encrypted_dict = enc.encrypt_data(USERID, mydict)
print(encrypted_dict)

# Decrypt the dictionary.
print(enc.decrypt_data(encrypted_dict))

About

LICENSE MIT Copyright 2023 Akhlak Mahmood

About

PyEnv-Encrypt selectively encrypts and decrypts the fields of ENV files keeping the keys readable.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

Version 0.1.2 Latest
Jun 18, 2023
+ 1 release

Languages