A lightweight package to manage users and tokens in a single file using asymmetric encryption.
Basic implementing (#1)
## Installation ```bash pip install tokenvault ``` ## Quickstart ```python from tokenvault import TokenVault vault = TokenVault() # you give this token to the user for authentication token = vault.add("alon@gmail.com", metadata={"name": "Alon Sababa", "Country": "Israel"}) vault.validate(token) {'name': 'Alon Sababa', 'Country': 'Israel'} assert vault.validate('not a token in the vault') is None vault.save("vault.db") TokenVault("vault.db").validate(token) {'name': 'Alon Sababa', 'Country': 'Israel'} ``` ## Encrypt the vault For added security, by adding a password to the vault, the file itself get encrypted and therefore the list of keys too. You can provide the password manually or it is automatically picked-up from the environment variable `TOKENVAULT_PASSWORD` if it exists. * You can share the environment variable with your team members and server secrets so that they decrypt the file automatically. ```python import os from tokenvault import TokenVault vault = TokenVault() token = vault.add("alon@gmail.com", metadata={"name": "Alon Sababa", "Country": "Israel"}) password = vault.generate_key() vault.save("vault.db", password=password) TokenVault("vault.db", password=password).validate(token) # using the environment variable os.environ['TOKENVAULT_PASSWORD'] = password TokenVault("vault.db").validate(token) {'name': 'Alon Sababa', 'Country': 'Israel'} ``` ## CLI An easy way to manage users manually is to use the CLI. * Default vault file is `vault.db` in the current directory. * When a password or token is generated, it is copied to the clipboard. You can add a flag to print it to the screen too. ``` tv --help Options: --version Show the version and exit. --help Show this message and exit. Commands: add Add a new key to the vault and copy the token to the clipboard encrypted Check if the vault is encrypted init Initialize a vault file in 'path' argument. list List existing keys in the vault remove Add a new key to the vault and copy the token to the clipboard validate Add a new key to the vault and copy the token to the clipboard ``` ### Quickstart without password: ```bash $ tv init vault.db --no-password # this copy the token to the clipboard $ tv add alon@gmail.com vault.db --metadata='{"some":"information"}' $ tv list vault.db alon $ tv validate <token> {'some': 'information'} $ tv remove alon@gmail.com vault.db ``` ### Quickstart with password: ```bash $ tv init vault.db --echo-password # this copy the password to the clipboard password: G99******** Vault created at vault.db and encrypted with password $ export TOKENVAULT_PASSWORD=G99******** $ tv add alon@gmail.com vault.db # this copy the token to the clipboard $ tv validate <token> {} # no metadata provided ``` Co-authored-by: xdssio <jonathan@xdss.io> Reviewed-on: #1main
parent
f0d2c33021
commit
5345290b4e
9 changed files (10 KiB → 487 KiB)
.gitignore
(8.6 KiB → 8.6 KiB)
README.md
(285 B → 3.2 KiB)
docs/images/logo.png
(0 B → 463 KiB)
pyproject.toml
(1.2 KiB → 1.0 KiB)
tests/key_test.py
(0 B → 625 B)
tests/password_test.py
(0 B → 2.0 KiB)
tokenvault/__init__.py
(3 B → 3.5 KiB)
tokenvault/cli.py
(0 B → 5.0 KiB)
tokenvault/config.py
(0 B → 142 B)
Loading…
Reference in new issue