toru-vault 0.2.0__py3-none-any.whl → 0.3.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- toru_vault/vault.py +11 -2
- {toru_vault-0.2.0.dist-info → toru_vault-0.3.1.dist-info}/METADATA +52 -18
- {toru_vault-0.2.0.dist-info → toru_vault-0.3.1.dist-info}/RECORD +7 -7
- {toru_vault-0.2.0.dist-info → toru_vault-0.3.1.dist-info}/WHEEL +1 -1
- {toru_vault-0.2.0.dist-info → toru_vault-0.3.1.dist-info}/entry_points.txt +0 -0
- {toru_vault-0.2.0.dist-info → toru_vault-0.3.1.dist-info}/licenses/LICENSE +0 -0
- {toru_vault-0.2.0.dist-info → toru_vault-0.3.1.dist-info}/top_level.txt +0 -0
toru_vault/vault.py
CHANGED
|
@@ -20,6 +20,7 @@ _KEYRING_SERVICE_NAME = "bitwarden_vault"
|
|
|
20
20
|
_KEYRING_BWS_TOKEN_KEY = "bws_token"
|
|
21
21
|
_KEYRING_ORG_ID_KEY = "organization_id"
|
|
22
22
|
_KEYRING_STATE_FILE_KEY = "state_file"
|
|
23
|
+
_KEYRING_PROJECT_ID_KEY = "project_id"
|
|
23
24
|
|
|
24
25
|
def _get_from_keyring_or_env(key, env_var):
|
|
25
26
|
"""
|
|
@@ -125,7 +126,7 @@ def env_load(project_id=None, override=False):
|
|
|
125
126
|
Load all secrets related to the project into environmental variables.
|
|
126
127
|
|
|
127
128
|
Args:
|
|
128
|
-
project_id (str, optional): Project ID to filter secrets
|
|
129
|
+
project_id (str, optional): Project ID to filter secrets. If None, will try to get from keyring or PROJECT_ID environment variable
|
|
129
130
|
override (bool, optional): Whether to override existing environment variables
|
|
130
131
|
"""
|
|
131
132
|
try:
|
|
@@ -138,6 +139,10 @@ def env_load(project_id=None, override=False):
|
|
|
138
139
|
logger.error("ORGANIZATION_ID not found in keyring or environment variable")
|
|
139
140
|
return
|
|
140
141
|
|
|
142
|
+
# If project_id is not provided, try to get it from keyring or environment variable
|
|
143
|
+
if project_id is None:
|
|
144
|
+
project_id = _get_from_keyring_or_env(_KEYRING_PROJECT_ID_KEY, "PROJECT_ID")
|
|
145
|
+
|
|
141
146
|
secrets = load_secrets_env(client, organization_id, project_id)
|
|
142
147
|
|
|
143
148
|
set_env_vars(secrets, override)
|
|
@@ -171,7 +176,7 @@ def get(project_id=None, use_keyring=True):
|
|
|
171
176
|
Return a dictionary of all project secrets with JIT decryption
|
|
172
177
|
|
|
173
178
|
Args:
|
|
174
|
-
project_id (str, optional): Project ID to filter secrets
|
|
179
|
+
project_id (str, optional): Project ID to filter secrets. If None, will try to get from keyring or PROJECT_ID environment variable
|
|
175
180
|
use_keyring (bool, optional): Whether to use system keyring (True) or in-memory encryption (False)
|
|
176
181
|
|
|
177
182
|
Returns:
|
|
@@ -188,6 +193,10 @@ def get(project_id=None, use_keyring=True):
|
|
|
188
193
|
logger.error("ORGANIZATION_ID not found in keyring or environment variable")
|
|
189
194
|
return {}
|
|
190
195
|
|
|
196
|
+
# If project_id is not provided, try to get it from keyring or environment variable
|
|
197
|
+
if project_id is None:
|
|
198
|
+
project_id = _get_from_keyring_or_env(_KEYRING_PROJECT_ID_KEY, "PROJECT_ID")
|
|
199
|
+
|
|
191
200
|
from .in_memory import load_secrets_memory
|
|
192
201
|
all_secrets = load_secrets_memory(client, organization_id, project_id)
|
|
193
202
|
|
|
@@ -1,15 +1,22 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: toru-vault
|
|
3
|
-
Version: 0.
|
|
3
|
+
Version: 0.3.1
|
|
4
4
|
Summary: ToruVault: A simple Python package for managing Bitwarden secrets
|
|
5
5
|
Author: Toru AI
|
|
6
6
|
Author-email: ToruAI <mpaszynski@toruai.com>
|
|
7
7
|
License: MIT
|
|
8
8
|
Project-URL: Homepage, https://github.com/ToruAI/ToruVault
|
|
9
9
|
Project-URL: Issues, https://github.com/ToruAI/ToruVault/issues
|
|
10
|
+
Keywords: env manager,api key manager,secrets manager python,bitwarden python,environment variable manager,secret management,keyring,Bitwarden integration
|
|
10
11
|
Classifier: Programming Language :: Python :: 3
|
|
11
12
|
Classifier: License :: OSI Approved :: MIT License
|
|
12
13
|
Classifier: Operating System :: OS Independent
|
|
14
|
+
Classifier: Topic :: Security
|
|
15
|
+
Classifier: Topic :: Software Development :: Libraries :: Python Modules
|
|
16
|
+
Classifier: Intended Audience :: Developers
|
|
17
|
+
Classifier: Environment :: Console
|
|
18
|
+
Classifier: Topic :: System :: Systems Administration
|
|
19
|
+
Classifier: Topic :: Utilities
|
|
13
20
|
Requires-Python: >=3.6
|
|
14
21
|
Description-Content-Type: text/markdown
|
|
15
22
|
License-File: LICENSE
|
|
@@ -25,23 +32,23 @@ Dynamic: requires-python
|
|
|
25
32
|
|
|
26
33
|
# ToruVault
|
|
27
34
|
|
|
28
|
-
A
|
|
35
|
+
A secure Python secrets manager and environment variable manager for Bitwarden integration. Safely manage API keys and secrets in your Python applications.
|
|
29
36
|
|
|
30
37
|
|
|
31
|
-
|
|
32
39
|
|
|
33
40
|
|
|
34
41
|
|
|
35
42
|
## Features
|
|
36
43
|
|
|
37
|
-
- Load secrets from Bitwarden Secret Manager into environment variables
|
|
38
|
-
-
|
|
39
|
-
-
|
|
40
|
-
-
|
|
41
|
-
-
|
|
42
|
-
-
|
|
43
|
-
- Machine-specific secret protection
|
|
44
|
-
- Secure credential storage using
|
|
44
|
+
- **Secrets Manager for Python**: Load secrets from Bitwarden Secret Manager into environment variables
|
|
45
|
+
- **API Key Management**: Access and manage API keys securely in your Python applications
|
|
46
|
+
- **Environment Variable Manager**: Easily inject secrets as environment variables
|
|
47
|
+
- **Bitwarden Python Integration**: Seamless integration with Bitwarden Secret Manager
|
|
48
|
+
- **Secure In-Memory Caching**: Encrypted caching with automatic expiration (5 minutes)
|
|
49
|
+
- **Project-Based Secret Filtering**: Filter secrets by project ID
|
|
50
|
+
- **Secure Storage**: Machine-specific secret protection with proper file permissions
|
|
51
|
+
- **OS Keyring Integration**: Secure credential storage using your operating system's keyring
|
|
45
52
|
|
|
46
53
|
## Installation
|
|
47
54
|
|
|
@@ -118,6 +125,7 @@ Alternatively, you can set the following environment variables:
|
|
|
118
125
|
- `BWS_TOKEN`: Your Bitwarden access token
|
|
119
126
|
- `ORGANIZATION_ID`: Your Bitwarden organization ID
|
|
120
127
|
- `STATE_FILE`: Path to the state file (must be in an existing directory)
|
|
128
|
+
- `PROJECT_ID` (optional): Your Bitwarden project ID to filter secrets
|
|
121
129
|
- `API_URL` (optional): Defaults to "https://api.bitwarden.com"
|
|
122
130
|
- `IDENTITY_URL` (optional): Defaults to "https://identity.bitwarden.com"
|
|
123
131
|
|
|
@@ -144,7 +152,7 @@ python -m vault list --org-id YOUR_ORGANIZATION_ID
|
|
|
144
152
|
|
|
145
153
|
## Python Usage
|
|
146
154
|
|
|
147
|
-
### Loading secrets into environment variables
|
|
155
|
+
### Loading secrets into environment variables (Env Manager)
|
|
148
156
|
|
|
149
157
|
```python
|
|
150
158
|
import toru_vault as vault
|
|
@@ -159,6 +167,11 @@ print(os.environ.get("SECRET_NAME"))
|
|
|
159
167
|
# Load secrets for a specific project
|
|
160
168
|
vault.env_load(project_id="your-project-id")
|
|
161
169
|
|
|
170
|
+
# Alternatively, set PROJECT_ID environment variable and call without parameter
|
|
171
|
+
# export PROJECT_ID="your-project-id" # Linux/macOS
|
|
172
|
+
# set PROJECT_ID=your-project-id # Windows
|
|
173
|
+
vault.env_load() # Will use PROJECT_ID from environment
|
|
174
|
+
|
|
162
175
|
# Override existing environment variables (default: False)
|
|
163
176
|
vault.env_load(override=True)
|
|
164
177
|
```
|
|
@@ -178,6 +191,11 @@ secrets = vault.get(refresh=True)
|
|
|
178
191
|
# Get secrets for a specific project
|
|
179
192
|
secrets = vault.get(project_id="your-project-id")
|
|
180
193
|
|
|
194
|
+
# Alternatively, set PROJECT_ID environment variable and call without parameter
|
|
195
|
+
# export PROJECT_ID="your-project-id" # Linux/macOS
|
|
196
|
+
# set PROJECT_ID=your-project-id # Windows
|
|
197
|
+
secrets = vault.get() # Will use PROJECT_ID from environment
|
|
198
|
+
|
|
181
199
|
# Use in-memory encryption instead of system keyring
|
|
182
200
|
secrets = vault.get(use_keyring=False)
|
|
183
201
|
```
|
|
@@ -196,19 +214,20 @@ vault.env_load_all(override=True)
|
|
|
196
214
|
|
|
197
215
|
## Security Features
|
|
198
216
|
|
|
199
|
-
|
|
217
|
+
ToruVault provides robust security for your API keys and environment variables:
|
|
200
218
|
|
|
201
219
|
1. **OS Keyring Integration**: Securely stores BWS_TOKEN, ORGANIZATION_ID, and STATE_FILE in your OS keyring
|
|
202
|
-
2. **Memory Protection**: Secrets are
|
|
203
|
-
3. **
|
|
204
|
-
4. **
|
|
205
|
-
5. **
|
|
220
|
+
2. **Memory Protection**: Secrets are encrypted in memory using Fernet encryption (AES-128)
|
|
221
|
+
3. **Lazy Decryption**: Secrets are only decrypted when explicitly accessed
|
|
222
|
+
4. **Cache Expiration**: Cached secrets expire after 5 minutes by default
|
|
223
|
+
5. **Secure File Permissions**: Sets secure permissions on state files
|
|
224
|
+
6. **Machine-Specific Encryption**: Uses machine-specific identifiers for encryption keys
|
|
206
225
|
7. **Cache Clearing**: Automatically clears secret cache on program exit
|
|
207
226
|
8. **Environment Variable Protection**: Doesn't override existing environment variables by default
|
|
208
227
|
9. **Secure Key Derivation**: Uses PBKDF2 with SHA-256 for key derivation
|
|
209
228
|
10. **No Direct Storage**: Never stores secrets in plain text on disk
|
|
210
229
|
|
|
211
|
-
## Bitwarden
|
|
230
|
+
## Bitwarden Python Integration
|
|
212
231
|
|
|
213
232
|
### BWS_TOKEN
|
|
214
233
|
|
|
@@ -253,3 +272,18 @@ When working with secrets, always follow these important guidelines:
|
|
|
253
272
|
6. **Use Environment-Specific Secrets**: Use different secrets for development, staging, and production environments.
|
|
254
273
|
|
|
255
274
|
Remember that the vault package is designed to protect secrets once they're in your system, but you must handle the initial configuration securely.
|
|
275
|
+
|
|
276
|
+
## Why Choose ToruVault
|
|
277
|
+
|
|
278
|
+
ToruVault stands out as a comprehensive solution for Python developers who need:
|
|
279
|
+
|
|
280
|
+
- A reliable **secrets manager for Python** applications
|
|
281
|
+
- Secure **API key management** with encryption
|
|
282
|
+
- An **environment variable manager** that simplifies configuration
|
|
283
|
+
- Seamless **Bitwarden Python integration** for team secret sharing
|
|
284
|
+
|
|
285
|
+
By combining the security of Bitwarden with the convenience of Python's environment variables, ToruVault provides a robust solution for managing sensitive information in your applications.
|
|
286
|
+
|
|
287
|
+
## License
|
|
288
|
+
|
|
289
|
+
ToruVault is released under the MIT License. See the LICENSE file for details.
|
|
@@ -4,10 +4,10 @@ toru_vault/in_env.py,sha256=cr-Md7YODsRgeebPrzMcRsvojmVH4Mb-cmsUWFcj64k,6253
|
|
|
4
4
|
toru_vault/in_memory.py,sha256=Xt9F_a3it-SQ9f2lMdvO0e4aCkrcZR6bUujuMKHABS0,13608
|
|
5
5
|
toru_vault/lazy_dict.py,sha256=VRJAP-3SSk09GZh4le69kmHCoPzNOmP2ewWEEG5po6g,3054
|
|
6
6
|
toru_vault/py.typed,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
|
|
7
|
-
toru_vault/vault.py,sha256=
|
|
8
|
-
toru_vault-0.
|
|
9
|
-
toru_vault-0.
|
|
10
|
-
toru_vault-0.
|
|
11
|
-
toru_vault-0.
|
|
12
|
-
toru_vault-0.
|
|
13
|
-
toru_vault-0.
|
|
7
|
+
toru_vault/vault.py,sha256=10FVC6kV-IU9p5ptYG48hyrloC_cI75dTALN3tpnGBY,9361
|
|
8
|
+
toru_vault-0.3.1.dist-info/licenses/LICENSE,sha256=TbuuchABSutbmmaI1M232F22GsaI88_hwEvto5w_Ux4,1063
|
|
9
|
+
toru_vault-0.3.1.dist-info/METADATA,sha256=E7PIw2VqfddU6Yu1QeJdhZHYuzpnIJiLQtbi5HMijSI,10237
|
|
10
|
+
toru_vault-0.3.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
|
|
11
|
+
toru_vault-0.3.1.dist-info/entry_points.txt,sha256=dfqkbNftpmAv0iKzVgdkjymkCfj3TwzUrQm2PO7Xgxs,56
|
|
12
|
+
toru_vault-0.3.1.dist-info/top_level.txt,sha256=c9ulQ18kKs3HbkI5oeoLmnFTknjC0rY1BwsNLJKDua8,11
|
|
13
|
+
toru_vault-0.3.1.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|