pstore


Namepstore JSON
Version 2.5.0 PyPI version JSON
download
home_pagehttps://github.com/ossobv/pstore#jump
SummaryPython Protected Password Store library and client
upload_time2024-09-18 12:53:56
maintainerNone
docs_urlNone
authorWalter Doekes
requires_pythonNone
licenseLGPLv3
keywords password encrypted sharing cli
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            |PSTORE|
========

*pstore :: Python Protected Password Store*

.. _`back to top`:

Quick jump: _`Summary` \| `Usage examples`_ \|
`Installation`_ \| `FAQ`_

Do you want to store and share passwords? With pstore you store the
encrypted passwords on a remote server. All encryption is done locally
by the command line interface, so the server never sees your unencrypted
passwords.

Summary 
--------

(`back to top`_)

pstore allows you to store and retrieve passwords and other sensitive
data in a safe manner. The permission system allows you to share these
secrets with others on the same pstore server.

For passwords and other secret items, you encrypt them on the client
side automatically with the pstore client. This way the pstore server
never has any knowledge of the secret content, and your data is secure
(\*) even when the server is breached.

Encryption is done using GPG. One of the admins installs your public key
on the pstore server. After that you're ready to go.

(\*) Security of course depends on everyone using strong secret keys and
everyone keeping them private.

Usage examples 
---------------

(`back to top`_)

You have set your ``.pstorerc``:

::

    $ cat ~/.pstorerc 
    --store-url=https://my.pstore.server/

List all machines that contain example in the name:

::

    $ pstore example
      Machine                   User access
    ------------------------------------------------------------------------
    + new.example.com           joe, walter
    + walter.example.com        walter

List machine password for ``walter.example.com``:

::

    $ pstore walter.example.com
    ip-address = 1.2.3.4
    password = wAlTeR!

Add a new machine password, also accessible for joe:

::

    $ pstore -c walter2.example.com +joe
    Type new machine password: 
    Type new machine password again: 

    $ pstore example
      Machine                   User access
    ------------------------------------------------------------------------
    + new.example.com           joe, walter
    + walter.example.com        walter
    + walter2.example.com       joe, walter

    $ pstore walter2.example.com
    password = abc

Add a public (unencrypted) and shared (encrypted) property to the new
machine:

::

    $ printf walter2 | pstore walter2.example.com -ps ssh-username
    $ cat ssl-cert.key | pstore walter2.example.com -pe ssl-cert.key
    $ pstore walter2.example.com
    ssh-username = walter2
    ssl-cert.key = (1533 byte encrypted)
    password = abc

See the ``contrib`` directory for bash completion scripts and a *dirty
hack* to supply the password to the *ssh* client automatically.

Installation 
-------------

(`back to top`_)

Installing the pstore client is a matter of running
``pip install ./pstore-<version>.tar.gz``. This will install the
necessary requirements and install the pstore binary in your path.

Installing the pstore server is a little bit more work:

1. Install ``pstore``, the client (see above).
2. Refer to the Django project for detailed django installation
   procedures. But it should basically be something like this:

   -  Make a virtualenv (optional).
   -  Install the requirements from requirements.txt (optional, the
      django-pstore installation does this too).
   -  Install ``django-pstore``.
   -  Copy ``pstore/settings.py.template`` to ``pstore/settings.py`` and
      configure as needed. Those comfortable with Django, can choose to
      integrate it into a different project. Don't forget to set the
      ``DATABASES`` and ``SECRET_KEY`` variables.
   -  Make known where your settings are, by exporting the
      ``DJANGO_SETTINGS_PATH`` and/or ``DJANGO_SETTINGS_MODULE``
      environment variables with the right values.

3. Run ``django-admin.py syncdb``. It will create the necessary tables
   and an admin account for you.
4. Check and alter ``pstore/wsgi.py`` as needed.
5. You can now run the development server to test:
   ``django-admin.py runserver``. When you're done testing you should
   set it up on a proper webserver (nginx+uwsgi, apache+mod\_wsgi or
   whatever floats your boat). *Don't forget to tell the wsgi server
   your virtualenv path if you're using that.*

Set up users and keys:

1. If you used the supplied ``pstore/settings.py`` you'll surf to
   ``localhost:8000`` (or where the site is running). Supply your admin
   credentials.
2. Go to ``Auth -> Users``. Add users as appropriate.
3. Go to ``Pstore -> Public keys``. Add a single public key for every
   user that should be using the system. A GPG public key can be
   extracted from your keyring using
   ``gpg --export --armor my@email.addr``. The ``key`` value should look
   something like this. The ``description`` is for human consumption
   only.

   ::

       -----BEGIN PGP PUBLIC KEY BLOCK-----
       Version: GnuPG v1.4.11 (GNU/Linux)
       |
       mI0EULkssgEEAKeoPrMO5CHxoO8/KTXLA1FP2IQr4n3Og+DvsziIZ6vdcDmhtcsx
       ...
       AK968N1Yrw+ytDuus3s7xPXYAw==
       =TEm/
       -----END PGP PUBLIC KEY BLOCK-----

   If you have good reasons, you can go old style and use the SSH public
   key here, like this:

   ::

       ssh-rsa AAAAq2qMaC2...fBPcPsqMcwqsMHnBCzA= myname@myserver

   Using GPG is preferred however.

Set up the client:

1. You'll install the pstore client package on all machines that you'll
   want to connect from.
2. Set up ``~/.pstorerc``. You can put anything in there that you see in
   ``pstore --help``, but generally you'll want one or more
   ``--store-url=`` items in there. And possibly a ``--user=``.
3. Type ``pstore -c my.first.machine`` to create a password for
   *my.first.machine*.

You're ready to go. Call the pstore client with ``--help`` and
``--help --verbose`` for more help and tips.

FAQ 
----

(`back to top`_)

How do I install a downloaded tgz?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

::

    sudo pip install ./pstore-<version>.tar.gz
    sudo pip install ./django-pstore-<version>.tar.gz

For the client you'll only need the first package.

configure: error: no acceptable C compiler found in $PATH
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.. or various other compile related errors when running ``pip install``.

Make sure you have a C compiler (gcc) and python development headers.

::

    sudo apt-get install build-essential
    sudo apt-get install python3-dev

Or you could install the dependencies manually.

::

    # for the client and server
    sudo apt-get install python3-gpg python3-pycryptodome
    # for the server
    sudo apt-get install python3-django python3-mysqldb

fatal error: gpgme.h: No such file or directory
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

pygpgme requires the libgpgme development headers.

::

    sudo apt-get install libgpgme-dev

Couldn't find index page for 'pstore' (maybe misspelled?)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make sure you install the ``pstore`` package before installing
``django-pstore``. This shouldn't be necessary anymore, as we've
uploaded that package to PyPI.

How do I uninstall?
~~~~~~~~~~~~~~~~~~~

Uninstalling the client package is done using *pip*:

::

    sudo pip uninstall pstore

You may need to ``rm /usr/local/bin/pstore`` manually.

For the server, you'll probably need to do more than just uninstalling
``django-pstore``. After all, you put the app in a Django project and
you created a database for it.

Note that dependencies like Django, pycryptodome, gpg, aren't
uninstalled automatically.

ImportError: No module named pstorelib.bytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

When running ``./bin/pstore`` when developing, you'll need to tell it
where the packages are:

::

    export PYTHONPATH=`pwd`

NOTICE: re-using cached password
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To make the application usable, decryption passphrase information has to
be cached. Preferably, this is done using some kind of password agent
like *gpg-agent*. If such an agent is unavailable, we cache the password
in cleartext in memory for the duration of the pstore command.

The NOTICE is there to remind you that it is not as safe as it could be.

How do I make password caching agents forget my password?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your graphical desktop environment generally starts a password caching
daemon. That could be *seahorse-agent* or *gpg-agent* or something else.

I couldn't find a way to reliably clear the *seahorse-agent* password
cache. I only found reliable ways to kill it by accident (on Ubuntu
10.04).

The *gpg-agent* (gnupg-agent package) seemed more stable. (Log out and
in after install.) Making it forget your cached passphrase is a matter
of sending it a ``SIGHUP``.

::

    pkill -HUP gpg-agent

*(If you're now wondering, like me, who then caches your decrypted
private ssh key: it's the ssh-agent, even though it's the gnome-keyring
who asked for the password. Clearing the ssh-agent cache is a matter of
doing ``ssh-add -D``.)*

Issues with large file support
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

When running the integration test, you could see something like this:

::

    * Large file support (adding large public file):
    backend error: could not connect to http://127.0.0.1:8000

      FAIL: could not write large unencrypted file
      > NOTICE: not encrypting the value

This is likely caused by apparmor(1) on the mysqld. We need read/write
permissions in /tmp.

Further, you may need to increase the ``max_allowed_packet`` to
something higher than ``16MB`` if you want to store larger files.

(`back to top`_)


.. |PSTORE| image:: assets/pstore-head.png
    :alt: Pstore
            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/ossobv/pstore#jump",
    "name": "pstore",
    "maintainer": null,
    "docs_url": null,
    "requires_python": null,
    "maintainer_email": null,
    "keywords": "password encrypted sharing cli",
    "author": "Walter Doekes",
    "author_email": "wjdoekes+pstore@osso.nl",
    "download_url": "https://files.pythonhosted.org/packages/f0/5a/346fdb4fe6bb47e2c328811da7a07051b94d544d83e31450b84b7b554456/pstore-2.5.0.tar.gz",
    "platform": null,
    "description": "|PSTORE|\n========\n\n*pstore :: Python Protected Password Store*\n\n.. _`back to top`:\n\nQuick jump: _`Summary` \\| `Usage examples`_ \\|\n`Installation`_ \\| `FAQ`_\n\nDo you want to store and share passwords? With pstore you store the\nencrypted passwords on a remote server. All encryption is done locally\nby the command line interface, so the server never sees your unencrypted\npasswords.\n\nSummary \n--------\n\n(`back to top`_)\n\npstore allows you to store and retrieve passwords and other sensitive\ndata in a safe manner. The permission system allows you to share these\nsecrets with others on the same pstore server.\n\nFor passwords and other secret items, you encrypt them on the client\nside automatically with the pstore client. This way the pstore server\nnever has any knowledge of the secret content, and your data is secure\n(\\*) even when the server is breached.\n\nEncryption is done using GPG. One of the admins installs your public key\non the pstore server. After that you're ready to go.\n\n(\\*) Security of course depends on everyone using strong secret keys and\neveryone keeping them private.\n\nUsage examples \n---------------\n\n(`back to top`_)\n\nYou have set your ``.pstorerc``:\n\n::\n\n    $ cat ~/.pstorerc \n    --store-url=https://my.pstore.server/\n\nList all machines that contain example in the name:\n\n::\n\n    $ pstore example\n      Machine                   User access\n    ------------------------------------------------------------------------\n    + new.example.com           joe, walter\n    + walter.example.com        walter\n\nList machine password for ``walter.example.com``:\n\n::\n\n    $ pstore walter.example.com\n    ip-address = 1.2.3.4\n    password = wAlTeR!\n\nAdd a new machine password, also accessible for joe:\n\n::\n\n    $ pstore -c walter2.example.com +joe\n    Type new machine password: \n    Type new machine password again: \n\n    $ pstore example\n      Machine                   User access\n    ------------------------------------------------------------------------\n    + new.example.com           joe, walter\n    + walter.example.com        walter\n    + walter2.example.com       joe, walter\n\n    $ pstore walter2.example.com\n    password = abc\n\nAdd a public (unencrypted) and shared (encrypted) property to the new\nmachine:\n\n::\n\n    $ printf walter2 | pstore walter2.example.com -ps ssh-username\n    $ cat ssl-cert.key | pstore walter2.example.com -pe ssl-cert.key\n    $ pstore walter2.example.com\n    ssh-username = walter2\n    ssl-cert.key = (1533 byte encrypted)\n    password = abc\n\nSee the ``contrib`` directory for bash completion scripts and a *dirty\nhack* to supply the password to the *ssh* client automatically.\n\nInstallation \n-------------\n\n(`back to top`_)\n\nInstalling the pstore client is a matter of running\n``pip install ./pstore-<version>.tar.gz``. This will install the\nnecessary requirements and install the pstore binary in your path.\n\nInstalling the pstore server is a little bit more work:\n\n1. Install ``pstore``, the client (see above).\n2. Refer to the Django project for detailed django installation\n   procedures. But it should basically be something like this:\n\n   -  Make a virtualenv (optional).\n   -  Install the requirements from requirements.txt (optional, the\n      django-pstore installation does this too).\n   -  Install ``django-pstore``.\n   -  Copy ``pstore/settings.py.template`` to ``pstore/settings.py`` and\n      configure as needed. Those comfortable with Django, can choose to\n      integrate it into a different project. Don't forget to set the\n      ``DATABASES`` and ``SECRET_KEY`` variables.\n   -  Make known where your settings are, by exporting the\n      ``DJANGO_SETTINGS_PATH`` and/or ``DJANGO_SETTINGS_MODULE``\n      environment variables with the right values.\n\n3. Run ``django-admin.py syncdb``. It will create the necessary tables\n   and an admin account for you.\n4. Check and alter ``pstore/wsgi.py`` as needed.\n5. You can now run the development server to test:\n   ``django-admin.py runserver``. When you're done testing you should\n   set it up on a proper webserver (nginx+uwsgi, apache+mod\\_wsgi or\n   whatever floats your boat). *Don't forget to tell the wsgi server\n   your virtualenv path if you're using that.*\n\nSet up users and keys:\n\n1. If you used the supplied ``pstore/settings.py`` you'll surf to\n   ``localhost:8000`` (or where the site is running). Supply your admin\n   credentials.\n2. Go to ``Auth -> Users``. Add users as appropriate.\n3. Go to ``Pstore -> Public keys``. Add a single public key for every\n   user that should be using the system. A GPG public key can be\n   extracted from your keyring using\n   ``gpg --export --armor my@email.addr``. The ``key`` value should look\n   something like this. The ``description`` is for human consumption\n   only.\n\n   ::\n\n       -----BEGIN PGP PUBLIC KEY BLOCK-----\n       Version: GnuPG v1.4.11 (GNU/Linux)\n       |\n       mI0EULkssgEEAKeoPrMO5CHxoO8/KTXLA1FP2IQr4n3Og+DvsziIZ6vdcDmhtcsx\n       ...\n       AK968N1Yrw+ytDuus3s7xPXYAw==\n       =TEm/\n       -----END PGP PUBLIC KEY BLOCK-----\n\n   If you have good reasons, you can go old style and use the SSH public\n   key here, like this:\n\n   ::\n\n       ssh-rsa AAAAq2qMaC2...fBPcPsqMcwqsMHnBCzA= myname@myserver\n\n   Using GPG is preferred however.\n\nSet up the client:\n\n1. You'll install the pstore client package on all machines that you'll\n   want to connect from.\n2. Set up ``~/.pstorerc``. You can put anything in there that you see in\n   ``pstore --help``, but generally you'll want one or more\n   ``--store-url=`` items in there. And possibly a ``--user=``.\n3. Type ``pstore -c my.first.machine`` to create a password for\n   *my.first.machine*.\n\nYou're ready to go. Call the pstore client with ``--help`` and\n``--help --verbose`` for more help and tips.\n\nFAQ \n----\n\n(`back to top`_)\n\nHow do I install a downloaded tgz?\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n::\n\n    sudo pip install ./pstore-<version>.tar.gz\n    sudo pip install ./django-pstore-<version>.tar.gz\n\nFor the client you'll only need the first package.\n\nconfigure: error: no acceptable C compiler found in $PATH\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n.. or various other compile related errors when running ``pip install``.\n\nMake sure you have a C compiler (gcc) and python development headers.\n\n::\n\n    sudo apt-get install build-essential\n    sudo apt-get install python3-dev\n\nOr you could install the dependencies manually.\n\n::\n\n    # for the client and server\n    sudo apt-get install python3-gpg python3-pycryptodome\n    # for the server\n    sudo apt-get install python3-django python3-mysqldb\n\nfatal error: gpgme.h: No such file or directory\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\npygpgme requires the libgpgme development headers.\n\n::\n\n    sudo apt-get install libgpgme-dev\n\nCouldn't find index page for 'pstore' (maybe misspelled?)\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMake sure you install the ``pstore`` package before installing\n``django-pstore``. This shouldn't be necessary anymore, as we've\nuploaded that package to PyPI.\n\nHow do I uninstall?\n~~~~~~~~~~~~~~~~~~~\n\nUninstalling the client package is done using *pip*:\n\n::\n\n    sudo pip uninstall pstore\n\nYou may need to ``rm /usr/local/bin/pstore`` manually.\n\nFor the server, you'll probably need to do more than just uninstalling\n``django-pstore``. After all, you put the app in a Django project and\nyou created a database for it.\n\nNote that dependencies like Django, pycryptodome, gpg, aren't\nuninstalled automatically.\n\nImportError: No module named pstorelib.bytes\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nWhen running ``./bin/pstore`` when developing, you'll need to tell it\nwhere the packages are:\n\n::\n\n    export PYTHONPATH=`pwd`\n\nNOTICE: re-using cached password\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nTo make the application usable, decryption passphrase information has to\nbe cached. Preferably, this is done using some kind of password agent\nlike *gpg-agent*. If such an agent is unavailable, we cache the password\nin cleartext in memory for the duration of the pstore command.\n\nThe NOTICE is there to remind you that it is not as safe as it could be.\n\nHow do I make password caching agents forget my password?\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nYour graphical desktop environment generally starts a password caching\ndaemon. That could be *seahorse-agent* or *gpg-agent* or something else.\n\nI couldn't find a way to reliably clear the *seahorse-agent* password\ncache. I only found reliable ways to kill it by accident (on Ubuntu\n10.04).\n\nThe *gpg-agent* (gnupg-agent package) seemed more stable. (Log out and\nin after install.) Making it forget your cached passphrase is a matter\nof sending it a ``SIGHUP``.\n\n::\n\n    pkill -HUP gpg-agent\n\n*(If you're now wondering, like me, who then caches your decrypted\nprivate ssh key: it's the ssh-agent, even though it's the gnome-keyring\nwho asked for the password. Clearing the ssh-agent cache is a matter of\ndoing ``ssh-add -D``.)*\n\nIssues with large file support\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nWhen running the integration test, you could see something like this:\n\n::\n\n    * Large file support (adding large public file):\n    backend error: could not connect to http://127.0.0.1:8000\n\n      FAIL: could not write large unencrypted file\n      > NOTICE: not encrypting the value\n\nThis is likely caused by apparmor(1) on the mysqld. We need read/write\npermissions in /tmp.\n\nFurther, you may need to increase the ``max_allowed_packet`` to\nsomething higher than ``16MB`` if you want to store larger files.\n\n(`back to top`_)\n\n\n.. |PSTORE| image:: assets/pstore-head.png\n    :alt: Pstore",
    "bugtrack_url": null,
    "license": "LGPLv3",
    "summary": "Python Protected Password Store library and client",
    "version": "2.5.0",
    "project_urls": {
        "Homepage": "https://github.com/ossobv/pstore#jump"
    },
    "split_keywords": [
        "password",
        "encrypted",
        "sharing",
        "cli"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "f05a346fdb4fe6bb47e2c328811da7a07051b94d544d83e31450b84b7b554456",
                "md5": "b260d3bd6b23596982f2c5702afdadea",
                "sha256": "8f52e5159bbc00d964fe14d5dc0c12630e820d6404c525fd83cacec215c90905"
            },
            "downloads": -1,
            "filename": "pstore-2.5.0.tar.gz",
            "has_sig": false,
            "md5_digest": "b260d3bd6b23596982f2c5702afdadea",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 43271,
            "upload_time": "2024-09-18T12:53:56",
            "upload_time_iso_8601": "2024-09-18T12:53:56.535806Z",
            "url": "https://files.pythonhosted.org/packages/f0/5a/346fdb4fe6bb47e2c328811da7a07051b94d544d83e31450b84b7b554456/pstore-2.5.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-09-18 12:53:56",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "ossobv",
    "github_project": "pstore#jump",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": false,
    "requirements": [],
    "tox": true,
    "lcname": "pstore"
}
        
Elapsed time: 0.31909s