DEPRECATED: Please note this project is now deprecated in favour of a bash implementation you can see at sesame.sh
Almost all applications have configuration of some kind, and often this config is sensitive - database passwords, SMTP account details, API keys etc.
These days it's common to use public source control; which means you can no longer store your application's sensitive config with your code.
Sesame provides a simple way to encrypt (and decrypt) your application's config so it can be safely stored in public source control.
Sesame leans on a little known project called keyczar, which was originally built by members of the Google Security Team.
Keyczar in turn builds upon pycrypto which aims to provide sane defaults for your Python crypto.
To install sesame
, simply:
$ pip install sesame
The interface to Sesame intentionally resembles that of tar
. There are only two
sub-commands: encrypt
and decrypt
as described below:
usage: sesame encrypt [-h] [-k KEYFILE] [-f]
outputfile inputfile [inputfile ...]
positional arguments:
outputfile Encrypted file to be created
inputfile Files to be encrypted
optional arguments:
-h, --help show this help message and exit
-k KEYFILE, --keyfile KEYFILE
Path to keyczar encryption key
-f, --force Force overwrite of existing encrypted file
usage: sesame decrypt [-h] [-k KEYFILE] [-f] [-O OUTPUT_DIR] [-T] inputfile
positional arguments:
inputfile File to be decrypted
optional arguments:
-h, --help show this help message and exit
-k KEYFILE, --keyfile KEYFILE
Path to keyczar encryption key
-f, --force Force overwrite of existing decrypted file
-O OUTPUT_DIR, --output-dir OUTPUT_DIR
Extract files into a specific directory
-T, --try-all Search for keys from current directory and try all of
them