API between repository secrets and nefarious individuals
About the project:
Locksmith acts as a liaison between precious client secrets and public version control. Locksmith uses GPG to encrypt secrets (API keys, database passwords, etc.). Rather than storing plaintext passwords as hardcoded values in your code, locksmith exposes a simple API for decrypting your passwords and running your app.
To keep development unencumbered, locksmith only requires your password when you run your app, not every time you access a secret. In addition, tools like pinentry enable you to cache your password locally, so you only ever have to enter your password once, if you desire.
This is one of my favorite projects, I use it all over willcarh.art 🤗
PythonView on GitHub View on PyPI
locksmith acts as an interface between secrets and the Python code using them.
A simple use case
Consider the following scenario: Your cool new app requires a slick, unique API key to run. Perhaps your framework requires you to put this API key in a manifest.json file. However, your manifest file(s) need to be checked into GitHub, thus exposing your precious API key.
locksmith provides a layer of security to prevent you from having to type out your secrets in plaintext anywhere in your repository.
Once you've installed and set up
locksmith (see here for instructions),
locksmith exposes a simple API:
In your code, replace:
api_key = D4kTnNOp5lwKYJGwHkai
lock = Locksmith("your_username")
api_key = lock.get_secret('API_KEY')
It's that easy!
locksmith uses GPG to encrypt secrets, so you know they'll be safe.