token-vault

xdssio

token-vault

A lightweight package to manage users and tokens in a single file using asymmetric encryption.

Basic implementing (#1)

## Installation

```bash
pip install tokenvault
```

## Quickstart

```python
from tokenvault import TokenVault

vault = TokenVault()
# you give this token to the user for authentication
token = vault.add("alon@gmail.com", metadata={"name": "Alon Sababa",
                                              "Country": "Israel"})
vault.validate(token)
{'name': 'Alon Sababa', 'Country': 'Israel'}

assert vault.validate('not a token in the vault') is None

vault.save("vault.db")
TokenVault("vault.db").validate(token)
{'name': 'Alon Sababa', 'Country': 'Israel'}
```

## Encrypt the vault

For added security, by adding a password to the vault, the file itself get encrypted and therefore the list of keys
too.
You can provide the password manually or it is automatically picked-up from the environment
variable `TOKENVAULT_PASSWORD` if it exists.

* You can share the environment variable with your team members and server secrets so that they decrypt the file
  automatically.

```python
import os
from tokenvault import TokenVault

vault = TokenVault()
token = vault.add("alon@gmail.com", metadata={"name": "Alon Sababa", "Country": "Israel"})
password = vault.generate_key()
vault.save("vault.db", password=password)

TokenVault("vault.db", password=password).validate(token)
# using the environment variable
os.environ['TOKENVAULT_PASSWORD'] = password
TokenVault("vault.db").validate(token)
{'name': 'Alon Sababa', 'Country': 'Israel'}
```

## CLI

An easy way to manage users manually is to use the CLI.

* Default vault file is `vault.db` in the current directory.
* When a password or token is generated, it is copied to the clipboard. You can add a flag to print it to the screen
  too.

```
tv --help

Options:
  --version  Show the version and exit.
  --help     Show this message and exit.

Commands:
  add        Add a new key to the vault and copy the token to the clipboard
  encrypted  Check if the vault is encrypted
  init       Initialize a vault file in 'path' argument.
  list       List existing keys in the vault
  remove     Add a new key to the vault and copy the token to the clipboard
  validate   Add a new key to the vault and copy the token to the clipboard

```

### Quickstart without password:

```bash
$ tv init vault.db --no-password
# this copy the token to the clipboard
$ tv add alon@gmail.com vault.db --metadata='{"some":"information"}'
$ tv list vault.db
alon
$ tv validate <token>
{'some': 'information'}
$ tv remove alon@gmail.com vault.db
```

### Quickstart with password:

```bash
$ tv init vault.db --echo-password # this copy the password to the clipboard
password: G99********
Vault created at vault.db and encrypted with password

$ export TOKENVAULT_PASSWORD=G99********
$ tv add alon@gmail.com vault.db  # this copy the token to the clipboard
$ tv validate <token>
{} # no metadata provided
```

Co-authored-by: xdssio <jonathan@xdss.io>
Reviewed-on: #1

main

JONATHAN ALEXANDER

parent f0d2c33021

commit 5345290b4e

9 changed files (10 KiB → 487 KiB)

Split Unified

					
								.gitignore
								
									(8.6 KiB → 8.6 KiB)

					
								README.md
								
									(285 B → 3.2 KiB)

					
								docs/images/logo.png
								
									(0 B → 463 KiB)

					
								pyproject.toml
								
									(1.2 KiB → 1.0 KiB)

					
								tests/key_test.py
								
									(0 B → 625 B)

					
								tests/password_test.py
								
									(0 B → 2.0 KiB)

					
								tokenvault/__init__.py
								
									(3 B → 3.5 KiB)

					
								tokenvault/cli.py
								
									(0 B → 5.0 KiB)

					
								tokenvault/config.py
								
									(0 B → 142 B)