PyPI - git-secret-protector - Versions diffs - 1.2.2__tar.gz → 1.3.0__tar.gz - Mend

git-secret-protector 1.2.2tar.gz → 1.3.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

{git_secret_protector-1.2.2 → git_secret_protector-1.3.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: git-secret-protector
-Version: 1.2.2
+Version: 1.3.0
 Summary: A tool for managing secrets in Git with AWS Parameter Store integration.
 Author: Duc Duong
 Author-email: duc.duong@c0x12c.com
@@ -10,11 +10,11 @@ Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
-Requires-Dist: boto3 (>=1.35.44,<2.0.0)
-Requires-Dist: google-auth (>=2.36.0,<3.0.0)
-Requires-Dist: google-cloud-secret-manager (>=2.20.2,<3.0.0)
-Requires-Dist: injector (>=0.22.0,<0.23.0)
-Requires-Dist: pycryptodome (>=3.20.0,<4.0.0)
+Requires-Dist: boto3 (>=1.43.27,<2.0.0)
+Requires-Dist: google-auth (>=2.53.0,<3.0.0)
+Requires-Dist: google-cloud-secret-manager (>=2.29.0,<3.0.0)
+Requires-Dist: injector (>=0.24.0,<0.25.0)
+Requires-Dist: pycryptodome (>=3.23.0,<4.0.0)
 Description-Content-Type: text/markdown
 # git-secret-protector
@@ -33,11 +33,11 @@ Description-Content-Type: text/markdown
 - pipx ([Download](https://pipx.pypa.io/stable/installation/))
-You can install the `git-secret-protector` module via pipx:
+- You can install the `git-secret-protector` module via pipx:
-```sh
-pipx install git-secret-protector
-```
+  ```sh
+  pipx install git-secret-protector
+  ```
 ## Usage
@@ -45,28 +45,36 @@ pipx install git-secret-protector
 #### 1.1. Create .gitattributes file
-Create a `.gitattributes` file in the root of your repository to define which files should be encrypted.
-Sample `.gitattributes` file:
-```
-dev/secrets* filter=sample-app-dev diff=sample-app-dev
+- Create a `.gitattributes` file in the root of your repository to define which files should be encrypted.
-prod/secrets* filter=sample-app-prod diff=sample-app-prod
+  Sample `.gitattributes` file:
-.gitattributes !filter !diff
-```
+  ```
+  dev/secrets* filter=sample-app-dev diff=sample-app-dev
+  prod/secrets* filter=sample-app-prod diff=sample-app-prod
+  .gitattributes !filter !diff
+  ```
 #### 1.2. Configure Git Filters
-Set up the Git clean and smudge filters base on the filters defined in the `.gitattributes` file.
+- Set up the Git clean and smudge filters base on the filters defined in the `.gitattributes` file.
-```sh
-git-secret-protector setup-filters
-```
+  ```sh
+  git-secret-protector setup-filters
+  ```
 This command will configure the Git clean and smudge filters based on the patterns defined in the `.gitattributes` file. The filters will automatically encrypt and decrypt files based on the specified patterns.
+- You can verify the configured filters in the `.git/config` file, for example:
+   ```ini
+   [filter "sample-app-dev"]
+       clean = git-secret-protector encrypt sample-app-dev
+       smudge = git-secret-protector decrypt sample-app-dev
+       required = true
+   ```
 #### 1.3. Configuration
@@ -98,55 +106,104 @@ The `config.ini` file contains settings that customize the behavior of the `git-
 #### 1.4. Set up AES key
+**Notes:**
 Before executing this command, ensure you have the necessary permissions to manage resources in the using Cloud Secret Storage Services.
-```sh
-git-secret-protector setup-aes-key <filter_name>
-```
+- Command to set up AES key
+  ```sh
+  git-secret-protector setup-aes-key <filter_name>
+  ```
+- Sample command to set up an AES key for the `sample-app-dev` filter:
-Sample command to set up an AES key for the `sample-app-dev` filter:
+  ```sh
+  git-secret-protector setup-aes-key sample-app-dev
+  ```
+#### 1.5. Verify filter functionality
+- Ensure that files are properly encrypted or decrypted by running:
-```sh
-git-secret-protector setup-aes-key sample-app-dev
-```
+  ```sh
+  git-secret-protector status
+  ```
+The status will display the files managed by the filter and their encryption status.
 ### 2. Installation Steps for Team Members
 #### 2.1. Pull AES Key and IV
+**Notes**
 Before encrypting or decrypting files, it's necessary to retrieve the relevant AES keys from the Cloud Secret Storage Service for filters:
-```sh
-git-secret-protector pull-aes-key <filter_name>
-```
+- Command to pull AES key
+  ```sh
+  git-secret-protector pull-aes-key <filter_name>
+  ```
 This command fetches the latest AES data key and IV from the Cloud Secret Storage Service for the designated filter and caches them locally for subsequent operations. This step ensures that you have the correct keys for encryption or decryption tasks related to the specified filter.
 #### 2.2. Configure Git Filters
-Set up the Git clean and smudge filters base on the filters defined in the `.gitattributes` file.
+- Set up the Git clean and smudge filters base on the filters defined in the `.gitattributes` file.
+  ```sh
+  git-secret-protector setup-filters
+  ```
-```sh
-git-secret-protector setup-filters
-```
+  Refer to [1.2. Configure Git Filters](#12-configure-git-filters) for instructions to verify if filters have been configured properly.
 #### 2.2. Decrypt secret files
-To decrypt secret files, you can use the following command:
+- Command to decrypt secret files:
+  ```sh
+  git-secret-protector decrypt-files <filter_name>
+  ```
+### 3. Common Usages
+#### 3.1. Add a File to a filter's managed list
+- **Add the file**
+  Update the `.gitattributes` file to include the file under a path that matches a filter pattern. For example, to add `live/dev/secret.auto.tfvars`, update the `.gitattributes` file as follows:
-```sh
-git-secret-protector decrypt-files <filter_name>
-```
+  ```text
+  live/dev/secret*.auto.tfvars filter=sample-app-dev diff=sample-app-dev
+  ```
+- **Encrypt the file**
-### 3. Additional Commands
+  Use the following command to encrypt the file under the specified filter:
-#### 3.1. View Encryption Status
+  ```sh
+  git-secret-protector encrypt-files <filter>
+  ```
+  Replace `<filter>` with the name of the filter (e.g., `sample-app-dev`).
+- **Verify encryption**
+  Confirm that the file has been encrypted by running:
+  ```sh
+  git-secret-protector status
+  ```
+  Sample output
+  ```
+  Filter: sample-app-dev
+    ./live/dev/secrets.auto.tfvars: Encrypted
+    ./config/slack/secrets.tf: Encrypted
+  Filter: sample-app-prod
+    ...
+  ```
-Command to obtain a comprehensive overview of the encryption status of files within the repository:
+- **Review before creating pull requests**
-```sh
-git-secret-protector status
-```
+  Inspect the pull request to ensure encrypted files are included. Verify everything is correct before clicking the `Create pull request` button.
 #### 3.2. Key Rotation
@@ -164,7 +221,7 @@ In case you need to rotate the AES key due to security reasons or a team member
   - Update the local cache.
-- Post-Rotation Code Reset:
+- Post-Rotation Code Reset
   After rotating the keys, it is necessary to clear the Git cache and re-checkout all files. This step ensures that the smudge filters are triggered, allowing the files to be decrypted with the new key.
@@ -178,7 +235,7 @@ In case you need to rotate the AES key due to security reasons or a team member
 ### 4. Logging
-Logs are stored in the `logs/` directory by default, and you can configure the log level and file rotation in the `config.ini` file.
+Logs are stored in the `.git_secret_protector/logs/` directory by default, and you can configure the log level and file rotation in the `config.ini` file.
 ## Development
@@ -192,7 +249,6 @@ Logs are stored in the `logs/` directory by default, and you can configure the l
 - **Integration Tests**: Located in the `tests/integration` directory, these tests interact with Secret Store in cloud and should be run manually.
   ```sh
   poetry run pytest tests/integration
   ```
@@ -211,30 +267,29 @@ If you encounter any issues while using the `git-secret-protector` tool, try the
 If the filters are not configured correctly, you might encounter errors when encrypting or decrypting files.
-**Solution**:
+- **Solution**:
 Re-setup the filters based on your `.gitattributes` file.
-```sh
-git-secret-protector setup-filters
-```
+  ```sh
+  git-secret-protector setup-filters
+  ```
 #### 2. Missing or Incorrect AES Key
-If you fail to encrypt or decrypt files due to a missing or incorrect AES key, you will need to ensure that the keys are
-correctly fetched from the Cloud Secret Storage Service.
+If you fail to encrypt or decrypt files due to a missing or incorrect AES key, you will need to ensure that the keys are correctly fetched from the Cloud Secret Storage Service.
-**Solution**:
+- **Solution**:
 Pull the latest AES keys from the Cloud Secret Storage Service for the relevant filters.
-```sh
-git-secret-protector pull-aes-key <filter_name>
-```
+  ```sh
+  git-secret-protector pull-aes-key <filter_name>
+  ```
 #### 3. Permissions Issues
 Lack of necessary permissions can result in errors while accessing Cloud Secret Storage Services.
-**Solution**:
+- **Solution**:
 Ensure that you have the required permissions to manage resources in your Cloud Secret Storage Service.
 ### Example Issue: File Decryption Failure
@@ -244,24 +299,23 @@ You receive an error when trying to decrypt files using the `decrypt-files` comm
 **Solution**:
-1. Ensure that you have pulled the latest AES keys:
+- Ensure that you have pulled the latest AES keys:
-    ```sh
-    git-secret-protector pull-aes-key <filter_name>
-    ```
+  ```sh
+  git-secret-protector pull-aes-key <filter_name>
+  ```
-2. Check if the filters are correctly set up:
+- Check if the filters are correctly set up:
-    ```sh
-    git-secret-protector setup-filters
-    ```
+  ```sh
+  git-secret-protector setup-filters
+  ```
-3. Attempt to decrypt the files again:
+- Attempt to decrypt the files again:
-    ```sh
-    git-secret-protector decrypt-files <filter_name>
-    ```
+  ```sh
+  git-secret-protector decrypt-files <filter_name>
+  ```
-If the issue persists, verify your configurations in the `config.ini` file, and consult the logs located in the `logs/`
-directory for more detailed error information.
+If the issue persists, verify your configurations in the `config.ini` file, and consult the logs located in the `logs/` directory for more detailed error information.

{git_secret_protector-1.2.2 → git_secret_protector-1.3.0}/README.md RENAMED Viewed

@@ -14,11 +14,11 @@
 - pipx ([Download](https://pipx.pypa.io/stable/installation/))
-You can install the `git-secret-protector` module via pipx:
+- You can install the `git-secret-protector` module via pipx:
-```sh
-pipx install git-secret-protector
-```
+  ```sh
+  pipx install git-secret-protector
+  ```
 ## Usage
@@ -26,28 +26,36 @@ pipx install git-secret-protector
 #### 1.1. Create .gitattributes file
-Create a `.gitattributes` file in the root of your repository to define which files should be encrypted.
-Sample `.gitattributes` file:
-```
-dev/secrets* filter=sample-app-dev diff=sample-app-dev
+- Create a `.gitattributes` file in the root of your repository to define which files should be encrypted.
-prod/secrets* filter=sample-app-prod diff=sample-app-prod
+  Sample `.gitattributes` file:
-.gitattributes !filter !diff
-```
+  ```
+  dev/secrets* filter=sample-app-dev diff=sample-app-dev
+  prod/secrets* filter=sample-app-prod diff=sample-app-prod
+  .gitattributes !filter !diff
+  ```
 #### 1.2. Configure Git Filters
-Set up the Git clean and smudge filters base on the filters defined in the `.gitattributes` file.
+- Set up the Git clean and smudge filters base on the filters defined in the `.gitattributes` file.
-```sh
-git-secret-protector setup-filters
-```
+  ```sh
+  git-secret-protector setup-filters
+  ```
 This command will configure the Git clean and smudge filters based on the patterns defined in the `.gitattributes` file. The filters will automatically encrypt and decrypt files based on the specified patterns.
+- You can verify the configured filters in the `.git/config` file, for example:
+   ```ini
+   [filter "sample-app-dev"]
+       clean = git-secret-protector encrypt sample-app-dev
+       smudge = git-secret-protector decrypt sample-app-dev
+       required = true
+   ```
 #### 1.3. Configuration
@@ -79,55 +87,104 @@ The `config.ini` file contains settings that customize the behavior of the `git-
 #### 1.4. Set up AES key
+**Notes:**
 Before executing this command, ensure you have the necessary permissions to manage resources in the using Cloud Secret Storage Services.
-```sh
-git-secret-protector setup-aes-key <filter_name>
-```
+- Command to set up AES key
+  ```sh
+  git-secret-protector setup-aes-key <filter_name>
+  ```
+- Sample command to set up an AES key for the `sample-app-dev` filter:
-Sample command to set up an AES key for the `sample-app-dev` filter:
+  ```sh
+  git-secret-protector setup-aes-key sample-app-dev
+  ```
+#### 1.5. Verify filter functionality
+- Ensure that files are properly encrypted or decrypted by running:
-```sh
-git-secret-protector setup-aes-key sample-app-dev
-```
+  ```sh
+  git-secret-protector status
+  ```
+The status will display the files managed by the filter and their encryption status.
 ### 2. Installation Steps for Team Members
 #### 2.1. Pull AES Key and IV
+**Notes**
 Before encrypting or decrypting files, it's necessary to retrieve the relevant AES keys from the Cloud Secret Storage Service for filters:
-```sh
-git-secret-protector pull-aes-key <filter_name>
-```
+- Command to pull AES key
+  ```sh
+  git-secret-protector pull-aes-key <filter_name>
+  ```
 This command fetches the latest AES data key and IV from the Cloud Secret Storage Service for the designated filter and caches them locally for subsequent operations. This step ensures that you have the correct keys for encryption or decryption tasks related to the specified filter.
 #### 2.2. Configure Git Filters
-Set up the Git clean and smudge filters base on the filters defined in the `.gitattributes` file.
+- Set up the Git clean and smudge filters base on the filters defined in the `.gitattributes` file.
+  ```sh
+  git-secret-protector setup-filters
+  ```
-```sh
-git-secret-protector setup-filters
-```
+  Refer to [1.2. Configure Git Filters](#12-configure-git-filters) for instructions to verify if filters have been configured properly.
 #### 2.2. Decrypt secret files
-To decrypt secret files, you can use the following command:
+- Command to decrypt secret files:
+  ```sh
+  git-secret-protector decrypt-files <filter_name>
+  ```
+### 3. Common Usages
+#### 3.1. Add a File to a filter's managed list
+- **Add the file**
+  Update the `.gitattributes` file to include the file under a path that matches a filter pattern. For example, to add `live/dev/secret.auto.tfvars`, update the `.gitattributes` file as follows:
-```sh
-git-secret-protector decrypt-files <filter_name>
-```
+  ```text
+  live/dev/secret*.auto.tfvars filter=sample-app-dev diff=sample-app-dev
+  ```
+- **Encrypt the file**
-### 3. Additional Commands
+  Use the following command to encrypt the file under the specified filter:
-#### 3.1. View Encryption Status
+  ```sh
+  git-secret-protector encrypt-files <filter>
+  ```
+  Replace `<filter>` with the name of the filter (e.g., `sample-app-dev`).
+- **Verify encryption**
+  Confirm that the file has been encrypted by running:
+  ```sh
+  git-secret-protector status
+  ```
+  Sample output
+  ```
+  Filter: sample-app-dev
+    ./live/dev/secrets.auto.tfvars: Encrypted
+    ./config/slack/secrets.tf: Encrypted
+  Filter: sample-app-prod
+    ...
+  ```
-Command to obtain a comprehensive overview of the encryption status of files within the repository:
+- **Review before creating pull requests**
-```sh
-git-secret-protector status
-```
+  Inspect the pull request to ensure encrypted files are included. Verify everything is correct before clicking the `Create pull request` button.
 #### 3.2. Key Rotation
@@ -145,7 +202,7 @@ In case you need to rotate the AES key due to security reasons or a team member
   - Update the local cache.
-- Post-Rotation Code Reset:
+- Post-Rotation Code Reset
   After rotating the keys, it is necessary to clear the Git cache and re-checkout all files. This step ensures that the smudge filters are triggered, allowing the files to be decrypted with the new key.
@@ -159,7 +216,7 @@ In case you need to rotate the AES key due to security reasons or a team member
 ### 4. Logging
-Logs are stored in the `logs/` directory by default, and you can configure the log level and file rotation in the `config.ini` file.
+Logs are stored in the `.git_secret_protector/logs/` directory by default, and you can configure the log level and file rotation in the `config.ini` file.
 ## Development
@@ -173,7 +230,6 @@ Logs are stored in the `logs/` directory by default, and you can configure the l
 - **Integration Tests**: Located in the `tests/integration` directory, these tests interact with Secret Store in cloud and should be run manually.
   ```sh
   poetry run pytest tests/integration
   ```
@@ -192,30 +248,29 @@ If you encounter any issues while using the `git-secret-protector` tool, try the
 If the filters are not configured correctly, you might encounter errors when encrypting or decrypting files.
-**Solution**:
+- **Solution**:
 Re-setup the filters based on your `.gitattributes` file.
-```sh
-git-secret-protector setup-filters
-```
+  ```sh
+  git-secret-protector setup-filters
+  ```
 #### 2. Missing or Incorrect AES Key
-If you fail to encrypt or decrypt files due to a missing or incorrect AES key, you will need to ensure that the keys are
-correctly fetched from the Cloud Secret Storage Service.
+If you fail to encrypt or decrypt files due to a missing or incorrect AES key, you will need to ensure that the keys are correctly fetched from the Cloud Secret Storage Service.
-**Solution**:
+- **Solution**:
 Pull the latest AES keys from the Cloud Secret Storage Service for the relevant filters.
-```sh
-git-secret-protector pull-aes-key <filter_name>
-```
+  ```sh
+  git-secret-protector pull-aes-key <filter_name>
+  ```
 #### 3. Permissions Issues
 Lack of necessary permissions can result in errors while accessing Cloud Secret Storage Services.
-**Solution**:
+- **Solution**:
 Ensure that you have the required permissions to manage resources in your Cloud Secret Storage Service.
 ### Example Issue: File Decryption Failure
@@ -225,23 +280,22 @@ You receive an error when trying to decrypt files using the `decrypt-files` comm
 **Solution**:
-1. Ensure that you have pulled the latest AES keys:
+- Ensure that you have pulled the latest AES keys:
-    ```sh
-    git-secret-protector pull-aes-key <filter_name>
-    ```
+  ```sh
+  git-secret-protector pull-aes-key <filter_name>
+  ```
-2. Check if the filters are correctly set up:
+- Check if the filters are correctly set up:
-    ```sh
-    git-secret-protector setup-filters
-    ```
+  ```sh
+  git-secret-protector setup-filters
+  ```
-3. Attempt to decrypt the files again:
+- Attempt to decrypt the files again:
-    ```sh
-    git-secret-protector decrypt-files <filter_name>
-    ```
+  ```sh
+  git-secret-protector decrypt-files <filter_name>
+  ```
-If the issue persists, verify your configurations in the `config.ini` file, and consult the logs located in the `logs/`
-directory for more detailed error information.
+If the issue persists, verify your configurations in the `config.ini` file, and consult the logs located in the `logs/` directory for more detailed error information.

{git_secret_protector-1.2.2 → git_secret_protector-1.3.0}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "git-secret-protector"
-version = "1.2.2"
+version = "1.3.0"
 description = "A tool for managing secrets in Git with AWS Parameter Store integration."
 authors = ["Duc Duong <duc.duong@c0x12c.com>"]
 readme = "README.md"
@@ -8,17 +8,17 @@ packages = [{ include = "git_secret_protector", from = "src" }]
 [tool.poetry.dependencies]
 python = ">=3.10,<3.14"
-boto3 = "^1.35.44"
-pycryptodome = "^3.20.0"
-google-cloud-secret-manager = "^2.20.2"
-injector = "^0.22.0"
-google-auth = "^2.36.0"
+boto3 = "^1.43.27"
+pycryptodome = "^3.23.0"
+google-cloud-secret-manager = "^2.29.0"
+injector = "^0.24.0"
+google-auth = "^2.53.0"
 [tool.poetry.group.dev.dependencies]
-pytest = "^8.3.2"
+pytest = "^9.0.3"
 mock = "^5.1.0"
-pyinstaller = "^6.10.0"
-tomlkit = "^0.13.2"
+pyinstaller = "^6.20.0"
+tomlkit = "^0.15.0"
 [tool.poetry.scripts]
 git-secret-protector = "git_secret_protector.main:main"

git-secret-protector 1.2.2__tar.gz → 1.3.0__tar.gz

git-secret-protector 1.2.2tar.gz → 1.3.0tar.gz