Skip to content

jonesim/encrypted-credentials

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
encrypted_credentials
encrypted_credentials
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
setup.py
setup.py
 
 

Repository files navigation

PyPI version

encrypted-credentials encrypts credentials to allow them to be securely added to git repositories.

It can import encrypted settings into Django defined in a python module and or a json file. Encrypted files are automatically generated.

Django settings

example

PRIVATE_settings.py

File stored in folder with django settings.py file

private_settings = {
  "AWS_ACCESS_KEY_ID":"ABCDEFGHIJKLMNOP",
  "AWS_SECRET_ACCESS_KEY":"ABCDEFGHIJKLMNOP"
}

settings.json

File stored in folder with django settings.py file

{
  "AWS_ACCESS_KEY_ID":"ABCDEFGHIJKLMNOP",
  "AWS_SECRET_ACCESS_KEY":"ABCDEFGHIJKLMNOP"
}

settings.py

from encrypted_credentials.django_credentials import add_encrypted_settings

add_encrypted_settings(globals())

Upon first execution a PRIVATE_KEY.env file will be generated with a random encryption key. DO NOT check this into repository. if PRIVATE_settings.py does not exist it will generate a template module.

set environment variable

export SETTINGS_KEY=FQQcgYWCBPE8l8IbHdcNie0WARbYHeFwCl4hIL3ecF0=
  1. If the settings.json file exists and settings.json.enc does not exist then settings.json.enc will be created.(development)
  2. If settings.json and settings.json.enc exist then they will be compared and if different settings.json.enc will be overwritten.(development)
  3. If settings.json does not exist then settings.json.enc will be used (production)

settings.json.enc and or PRIVATE_settings.enc can be checked into git as it is encrypted with Fernet AES128 encryption

Credential files

get_decrypted_file will automatically encrypt the original file and supply the decrypted data

from encrypted_credentials.encrypted_file import get_decrypted_file

get_decrypted_file('full_path/orginal.pem')

original.pem.enc can be checked into a repository

Credential files with Django

By default environment variable SETTINGS_KEY will be used as key

settings.py

CREDENTIAL_FOLDER = os.path.join(BASE_DIR, 'credentials')
CREDENTIAL_FILES = {
    'gmail': 'service-account-abcd.json',
    'drive': 'service-account-efgh.json',
}

service-account-abcd.json.enc

usage

from encrypted_credentials.django_credentials import get_credentials


credentials = get_credentials('gmail')

By default any keys in the private_settings file get added to the django setting file. For example a private_settings file of:

private_settings = {
  "AWS_ACCESS_KEY_ID":"ABCDEFGHIJKLMNOP",
  "AWS_SECRET_ACCESS_KEY":"ABCDEFGHIJKLMNOP"
}

The AWS_ACCESS_KEY_ID can be access by doing the following:

from django.conf import settings
KEY = settings.AWS_ACCESS_KEY_ID

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages