Pythonic way of keeping secrets secure in JSON
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Have you ever used JSON as your config? Have you keep secrets in config as plain text, that you dont want to? Then this is the right tool for you.
JackSON is the simple and flexible file extension of JSON file types written in python (in less than 50 lines of code), this extension allows the users to keep their secrets in environment variables and pass the reference to those environment variables into the JSON file(jackson). The secrets in the environment variables will be read securely in to the in memory dict.

The problem that it solves:

  • Retrive secrest from env variables.
  • Retrive secrets from remote/servers(HSMs).

How to JackSON

JackSON is exported as python package. You can install it via pip.
pip install --user jackson

export foo=10
export bar=100

Example JackSON config file.

    "_comment1": "Value from foo env variable",
    "key1": "",
    "_comment2": "Value from bar env variable",
    "key2": "",
    "_comment3": "Value from python module",
    "key3": "!a.b",
    "_comment4": "key/value pair similar to json",
    "key4": "value4"

Inside the code.

import jackson
import json    # For converting JackSON --> JSON
d = json.load("./config.jackson"))

And this is how it looks.

    "key4": "value4",
    "key3": "reached",
    "key2": "100",
    "key1": "10",
    "_comment4": "key/value pair similar to json",
    "_comment3": "Value from python module",
    "_comment2": "Value from bar env variable",
    "_comment1": "Value from foo env variable"

Key Feature:

  • Reference to environment variables.
  • Reference to the code, which will resolves to secret variable.

Pull request are more than an appriciation.