# groupenc: Group Encryption Utilities
Group Encryption utilities in Python, with a CLI.
# Installation
```bash
pip install groupenc
```
# Usage
## Bootstrap
To Bootstrap a vault, use:
```bash
groupenc bootstrap
```
It would typically create a file called `.groupenc.json` and a private key
/public key pair in `~/.groupenc_private` and `~/.groupenc_public`.
You can share your own identity with other people, so they
can induct you later:
```bash
groupenc id
```
It typically displays your public key.
## Secrets
To add a secret, use:
```bash
groupenc secret add --key password --value changeMe
```
To add a secret from a file, use:
```bash
groupenc secret add --key id_rsa_server --value @~/.ssh/id_rsa
```
To list secrets, use:
```bash
groupenc secret list
password
id_rsa_server
```
To display a secret, use:
```bash
groupenc secret show --key password
changeMe
```
To remove a secret, use:
```
groupenc secret remove --key password
```
## Induction
When you add someone else to the vault file, this process allows them to view secrets. To do that, an existing user
inducts them into the system.
```bash
groupenc induct --identity @~/other_id_rsa.pub
```
and then you transmit the new file across. They should be able to decode and view the secrets.
## Rotation
Sometimes, it is a good practice to rotate the encryption keys so people can't view updated secrets.
```bash
groupenc rotate
```
## Remove
When you want to remove people from a group, you simply remove them with a known public key, then rotate:
```
groupenc disown --identity @~/other_id_rsa.pub
groupenc rotate
```
Note that the secrets that they already have access to cannot be unshared/forgotten, so you should manually revoke their
accesses from any services. It is a good practice to share multiple vault files and induct people based on their actual
role/need to access.
## Running Unit Tests
```bash
pip install tox
tox
```
## Call for Testing Volunteers
The code was tested on Python 2.7, 3.8.
Please volunteer to test it and send in your patches (or) bug reports.
Design feedback always welcome.
Raw data
{
"_id": null,
"home_page": "http://github.com/guilt/groupenc",
"name": "groupenc",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "groupenc encryption group vault offline",
"author": "Karthik Kumar Viswanathan",
"author_email": "karthikkumar@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/29/fd/74d2d252909c8dd1e2cdd79f2364f79781d412d6c9cab15dcb77a55aa636/groupenc-0.3.0.tar.gz",
"platform": null,
"description": "# groupenc: Group Encryption Utilities\r\n\r\nGroup Encryption utilities in Python, with a CLI.\r\n\r\n# Installation\r\n\r\n```bash\r\npip install groupenc\r\n```\r\n\r\n# Usage\r\n\r\n## Bootstrap\r\n\r\nTo Bootstrap a vault, use:\r\n\r\n```bash\r\ngroupenc bootstrap\r\n```\r\n\r\nIt would typically create a file called `.groupenc.json` and a private key\r\n/public key pair in `~/.groupenc_private` and `~/.groupenc_public`.\r\n\r\nYou can share your own identity with other people, so they\r\ncan induct you later:\r\n\r\n```bash\r\ngroupenc id\r\n```\r\n\r\nIt typically displays your public key.\r\n\r\n## Secrets\r\n\r\nTo add a secret, use:\r\n\r\n```bash\r\ngroupenc secret add --key password --value changeMe\r\n```\r\n\r\nTo add a secret from a file, use:\r\n\r\n```bash\r\ngroupenc secret add --key id_rsa_server --value @~/.ssh/id_rsa\r\n```\r\n\r\nTo list secrets, use:\r\n\r\n```bash\r\ngroupenc secret list\r\npassword\r\nid_rsa_server\r\n```\r\n\r\nTo display a secret, use:\r\n\r\n```bash\r\ngroupenc secret show --key password\r\nchangeMe\r\n```\r\n\r\nTo remove a secret, use:\r\n\r\n```\r\ngroupenc secret remove --key password\r\n```\r\n\r\n## Induction\r\n\r\nWhen you add someone else to the vault file, this process allows them to view secrets. To do that, an existing user\r\ninducts them into the system.\r\n\r\n```bash\r\ngroupenc induct --identity @~/other_id_rsa.pub\r\n```\r\n\r\nand then you transmit the new file across. They should be able to decode and view the secrets.\r\n\r\n## Rotation\r\n\r\nSometimes, it is a good practice to rotate the encryption keys so people can't view updated secrets.\r\n\r\n```bash\r\ngroupenc rotate\r\n```\r\n\r\n## Remove\r\n\r\nWhen you want to remove people from a group, you simply remove them with a known public key, then rotate:\r\n\r\n```\r\ngroupenc disown --identity @~/other_id_rsa.pub\r\ngroupenc rotate\r\n```\r\n\r\nNote that the secrets that they already have access to cannot be unshared/forgotten, so you should manually revoke their\r\naccesses from any services. It is a good practice to share multiple vault files and induct people based on their actual\r\nrole/need to access.\r\n\r\n\r\n## Running Unit Tests\r\n\r\n```bash\r\npip install tox\r\ntox\r\n```\r\n\r\n## Call for Testing Volunteers\r\n\r\nThe code was tested on Python 2.7, 3.8.\r\n\r\nPlease volunteer to test it and send in your patches (or) bug reports.\r\nDesign feedback always welcome.\r\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "groupenc: Group Encryption Utilities",
"version": "0.3.0",
"project_urls": {
"Homepage": "http://github.com/guilt/groupenc"
},
"split_keywords": [
"groupenc",
"encryption",
"group",
"vault",
"offline"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "29fd74d2d252909c8dd1e2cdd79f2364f79781d412d6c9cab15dcb77a55aa636",
"md5": "fc059dcb7052ea9e0014a8c1efc4fd9b",
"sha256": "83bd0818c6500a7a8b5c4e27e34ddadb344db99eadd2afec2d67e2a8f78567cc"
},
"downloads": -1,
"filename": "groupenc-0.3.0.tar.gz",
"has_sig": false,
"md5_digest": "fc059dcb7052ea9e0014a8c1efc4fd9b",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 15932,
"upload_time": "2024-10-20T05:37:04",
"upload_time_iso_8601": "2024-10-20T05:37:04.606396Z",
"url": "https://files.pythonhosted.org/packages/29/fd/74d2d252909c8dd1e2cdd79f2364f79781d412d6c9cab15dcb77a55aa636/groupenc-0.3.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-10-20 05:37:04",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "guilt",
"github_project": "groupenc",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [],
"tox": true,
"lcname": "groupenc"
}
JSON
