SECRETS GUARD
====
Encrypts and decrypts private information, written in Python3.
## DESCRIPTION
Secrets Guard is a tool for encrypt and decrypt any kind of information.
The idea is create a store with a given model and then insert 'secrets' inside it.
It's similar the Linux tool `pass`, but uses AES instead of GPG and allows to create general purpose store containing any kind of info, not only passwords.
## REQUIREMENTS
Requires at least Python 3.
Requires 'pycryptodomex' library.
## INSTALLATION
```
pip3 install secrets-guard
```
The script can be used with `python3 -m secrets_guard ...`.
Along with the installation via pip, a script called `secrets` will be
installed, which is a shortcut for `python3 -m secrets_guard`.
## USAGE
Each command works either in interactive or batch mode, depending on the
provided arguments.
For example, if the `key` is not provided with `--key` it will be asked to the user.
### Global commands
#### list
For list all the store within a path (the default if not specified with `--path`)
the `list` command can be used.
```
secrets list
```
### Store commands
#### create
First of all, a store should be created using the command `create`.
For example, for create a basic password store with the name 'password':
```
secrets create password --fields Site Account Password Other
```
#### destroy
A store can be destroyed with `destroy`.
```
secrets destroy password
```
#### key
Changes the key of the store.
```
secrets key password newkey
```
#### clear
Removes all the secrets from a store.
```
secrets clear password
```
#### show
The entire content of a store can be seen using `show`.
```
secrets show password
```
#### grep
For search between the secrets' fields for a specific word (or regular expression) the command `grep` can be used.
```
secrets grep password MyPass
```
```
secrets grep password "^My.*word"
```
### Secret commands
#### add
A secret can be added to an existent store using `add` as follows:
```
secrets add password --data Site="Megavideo",Account="me@gmail.com",Password="MyPassword"
```
#### remove
A secret can be removed from a store using `remove`.
The ID of the secret to remove must be specified (it can be retrieved with `grep` or `show`).
```
secrets remove password 12
```
#### modify
The fields of a secret can be changed using `modify` as follows:
```
secrets modify password 11 --data Password="MyNewPassword"
```
### GIT Commands
For keep the local repository synchronized with a remote GIT repository, the following commands can be used.
(The repository should already be initialized and configured properly).
The whole repository can be pushed with `push`:
```
secrets push --message "Added Google Drive password"
```
And can be pulled with `pull`:
```
secrets pull
```
## HELP
For more details about the commands, use `help`:
```
NAME
secrets - encrypt and decrypt data
SYNOPSIS
secrets <COMMAND> [COMMAND_OPTIONS] [GENERAL_OPTIONS]
DESCRIPTION
Stores and retrieves encrypted data to/from files.
Each command can be used either in batch or interactive mode;
each mandatory but not specified argument will be required interactively.
One of the following command must be specified:
GLOBAL COMMANDS
list [--path <PATH>]
List the names of the stores found at the path specified
by --path (or at the default one if not specified).
e.g. secrets list
STORE COMMANDS
create [<STORE_NAME>] [--fields FIELDS] [--pull] [--push] [--sync] [--path <PATH>] [--key <STORE_KEY>]
Creates a new store at the given path using the given key.
The FIELDS must be expressed as a comma separated list of field names.
Furthermore some attributes can be expressed for the fields by appending
"+<attr_1><attr_2>..." after the field name.
The available attributes are
1) h: hidden (the user input is not shown)
2) m: mandatory (the field must contain a non empty string)
If --pull is given, 'git pull' is performed before performing the action.
If --push is given, 'git push' is performed after the action has been successfully performed.
The option --sync acts as '--pull --push'.
e.g. secrets create password --fields Site,Account,Password,Other
e.g. secrets create password --fields Site+m,Account+m,Password+mh,Other
destroy [<STORE_NAME>] [--pull] [--push] [--sync] [--path <PATH>]
Destroys the store at the given path.
If --pull is given, 'git pull' is performed before performing the action.
If --push is given, 'git push' is performed after the action has been successfully performed.
The option --sync acts as '--pull --push'.
e.g. secrets destroy password
key [<STORE_NAME>] [<NEW_STORE_KEY>] [--pull] [--push] [--path <PATH>] [--key <STORE_KEY>]
Changes the key of the store from STORE_KEY to NEW_STORE_KEY.
If --pull is given, 'git pull' is performed before performing the action.
If --push is given, 'git push' is performed after the action has been successfully performed.
e.g. secrets key newkey
clear [<STORE_NAME>] [--pull] [--push] [--sync] [--path <PATH>] [--key <STORE_KEY>]
Clears the content (all the secrets) of a store.
The model is left unchanged.
If --pull is given, 'git pull' is performed before performing the action.
If --push is given, 'git push' is performed after the action has been successfully performed.
The option --sync acts as '--pull --push'.
show [<STORE_NAME>] [--fields FIELDS] [--when] [--[r]sort SORT_FIELD] [--no-table] [--pull] [--path <PATH>] [--key <STORE_KEY>]
Decrypts and shows the content of an entire store.
If --fields is is given, FIELDS specify the fields to show and these must
be expressed as a comma separated list of field names.
The --when parameter shows also temporal info (add/last modify date).
The --sort and --rsort can be used for sort the secrets alphabetically by FIELD.
If --pull is given, 'git pull' is performed before performing the action.
e.g. secrets show password
e.g. secrets show password --sort Added
e.g. secrets show password --sort Modified
grep [<STORE_NAME>] [<SEARCH_PATTERN>] [--fields FIELDS] [--when] [--[r]sort SORT_FIELD] [--no-table] [--no-color] [--pull] [--path <PATH>] [--key <STORE_KEY>]
Performs a regular expression search between the data of the store.
The SEARCH_PATTERN can be any valid regular expression.
The matches will be highlighted unless --no-color is specified.
If --fields is is given, FIELDS specify the fields to show and these must
be expressed as a comma separated list of field names.
The --when parameter shows also temporal info (add/last modify date)
The --sort and --rsort can be used for sort the secrets alphabetically by SORT_FIELD.
If --pull is given, 'git pull' is performed before performing the action.
e.g. secrets grep password MyPass
e.g. secrets grep password "^My.*word" --fields Name,Other
SECRET COMMANDS
add [<STORE_NAME>] [--data DATA] [--pull] [--push] [--sync] [--path <PATH>] [--key <STORE_KEY>]
Inserts a new secret into a store.
The DATA must be expressed as a key=value comma separated list where the
key should be a field of the store.
If --pull is given, 'git pull' is performed before performing the action.
If --push is given, 'git push' is performed after the action has been successfully performed.
The option --sync acts as '--pull --push'.
e.g. secrets add password --data Site="Megavideo",Account="me@gmail.com",Password="MyPassword"
remove [<STORE_NAME>] [<SECRET_IDS>*] [--pull] [--push] [--sync] [--path <PATH>] [--key <STORE_KEY>]
Removes the secret(s) with the given SECRET_IDS from the store.
The SECRET_IDS should be a comma separated list of IDs retrieved
using the secrets grep or the show command.
If --pull is given, 'git pull' is performed before performing the action.
If --push is given, 'git push' is performed after the action has been successfully performed.
The option --sync acts as '--pull --push'.
e.g. secrets remove password 12
e.g. secrets remove password 12,14,15,7 11
modify [<STORE_NAME>] [<SECRET_ID>] [--data DATA] [--pull] [--push] [--sync] [--path <PATH>] [--key <STORE_KEY>]
Modifies the secret with the given SECRET_ID using the given DATA.
The DATA must be expressed as a key=value list.
If --pull is given, 'git pull' is performed before performing the action.
If --push is given, 'git push' is performed after the action has been successfully performed.
The option --sync acts as '--pull --push'.
e.g. secrets modify password 11 --data Password="MyNewPassword"
GIT COMMANDS
push [--message <COMMIT_MESSAGE>] [--path <PATH>]
Commits and pushes to the remote git repository.
Actually performs "git add ." , "git commit -m 'COMMIT_MESSAGE'" and
"git push" on the given path.
Note that the action is related to the whole repository,
not a particular store.
If the COMMIT_MESSAGE is not specified, a default commit message
will be created.
The credentials might be required by the the invoked git push routine.
e.g. secrets push
e.g. secrets push
e.g. secrets push --message "Added Google password"
Pull from the remote git branch.
Note that the action is related to the whole repository,
not a particular store.
e.g. secrets pull
GLOBAL OPTIONS
--help
Shows this help message.
--version
Shows the version number.
--verbose
Prints debug statements.
--no-keyring
Do not use the keyring for retrieve the password.
By default a password used for open a store is cached in the keyring
for further uses.
```
## LICENSE
Secrets Guard is [MIT licensed](./LICENSE).
Raw data
{
"_id": null,
"home_page": "https://github.com/Docheinstein/secrets-guard",
"name": "secrets-guard",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3",
"maintainer_email": "",
"keywords": "pass password private key encrypt decrypt crypt",
"author": "Stefano Dottore",
"author_email": "docheinstein@gmail.com",
"download_url": "",
"platform": null,
"description": "SECRETS GUARD\n====\n\nEncrypts and decrypts private information, written in Python3.\n\n## DESCRIPTION\n\nSecrets Guard is a tool for encrypt and decrypt any kind of information. \nThe idea is create a store with a given model and then insert 'secrets' inside it. \nIt's similar the Linux tool `pass`, but uses AES instead of GPG and allows to create general purpose store containing any kind of info, not only passwords.\n\n## REQUIREMENTS\n\nRequires at least Python 3. \nRequires 'pycryptodomex' library.\n\n## INSTALLATION\n\n```\npip3 install secrets-guard\n```\n\nThe script can be used with `python3 -m secrets_guard ...`. \nAlong with the installation via pip, a script called `secrets` will be\ninstalled, which is a shortcut for `python3 -m secrets_guard`.\n\n\n## USAGE\n\nEach command works either in interactive or batch mode, depending on the \nprovided arguments. \nFor example, if the `key` is not provided with `--key` it will be asked to the user.\n\n### Global commands\n\n#### list\nFor list all the store within a path (the default if not specified with `--path`)\nthe `list` command can be used.\n\n```\nsecrets list\n```\n\n### Store commands\n\n#### create\nFirst of all, a store should be created using the command `create`. \nFor example, for create a basic password store with the name 'password':\n\n```\nsecrets create password --fields Site Account Password Other\n```\n\n#### destroy\nA store can be destroyed with `destroy`.\n\n```\nsecrets destroy password\n```\n\n\n#### key\nChanges the key of the store.\n\n```\nsecrets key password newkey\n```\n\n#### clear\nRemoves all the secrets from a store.\n\n```\nsecrets clear password\n```\n\n#### show\nThe entire content of a store can be seen using `show`.\n\n```\nsecrets show password\n```\n\n#### grep\nFor search between the secrets' fields for a specific word (or regular expression) the command `grep` can be used.\n\n```\nsecrets grep password MyPass\n```\n```\nsecrets grep password \"^My.*word\"\n```\n\n### Secret commands\n\n#### add\nA secret can be added to an existent store using `add` as follows:\n\n```\nsecrets add password --data Site=\"Megavideo\",Account=\"me@gmail.com\",Password=\"MyPassword\"\n```\n\n#### remove\nA secret can be removed from a store using `remove`. \nThe ID of the secret to remove must be specified (it can be retrieved with `grep` or `show`).\n\n```\nsecrets remove password 12\n```\n\n#### modify\nThe fields of a secret can be changed using `modify` as follows:\n\n```\nsecrets modify password 11 --data Password=\"MyNewPassword\"\n```\n\n### GIT Commands\n\nFor keep the local repository synchronized with a remote GIT repository, the following commands can be used.\n(The repository should already be initialized and configured properly).\n\nThe whole repository can be pushed with `push`:\n\n```\nsecrets push --message \"Added Google Drive password\"\n```\n\nAnd can be pulled with `pull`:\n\n```\nsecrets pull\n```\n\n## HELP\nFor more details about the commands, use `help`:\n\n```\nNAME\n secrets - encrypt and decrypt data\n\nSYNOPSIS\n secrets <COMMAND> [COMMAND_OPTIONS] [GENERAL_OPTIONS]\n \nDESCRIPTION\n Stores and retrieves encrypted data to/from files.\n \n Each command can be used either in batch or interactive mode;\n each mandatory but not specified argument will be required interactively.\n \n One of the following command must be specified:\n \nGLOBAL COMMANDS \n list [--path <PATH>]\n List the names of the stores found at the path specified\n by --path (or at the default one if not specified).\n \n e.g. secrets list\n \nSTORE COMMANDS\n create [<STORE_NAME>] [--fields FIELDS] [--pull] [--push] [--sync] [--path <PATH>] [--key <STORE_KEY>]\n Creates a new store at the given path using the given key.\n The FIELDS must be expressed as a comma separated list of field names.\n \n Furthermore some attributes can be expressed for the fields by appending\n \"+<attr_1><attr_2>...\" after the field name.\n \n The available attributes are\n 1) h: hidden (the user input is not shown)\n 2) m: mandatory (the field must contain a non empty string)\n \n If --pull is given, 'git pull' is performed before performing the action.\n If --push is given, 'git push' is performed after the action has been successfully performed.\n The option --sync acts as '--pull --push'.\n \n e.g. secrets create password --fields Site,Account,Password,Other\n e.g. secrets create password --fields Site+m,Account+m,Password+mh,Other\n \n destroy [<STORE_NAME>] [--pull] [--push] [--sync] [--path <PATH>]\n Destroys the store at the given path.\n \n If --pull is given, 'git pull' is performed before performing the action.\n If --push is given, 'git push' is performed after the action has been successfully performed.\n The option --sync acts as '--pull --push'.\n\n e.g. secrets destroy password\n\n key [<STORE_NAME>] [<NEW_STORE_KEY>] [--pull] [--push] [--path <PATH>] [--key <STORE_KEY>]\n Changes the key of the store from STORE_KEY to NEW_STORE_KEY.\n \n If --pull is given, 'git pull' is performed before performing the action.\n If --push is given, 'git push' is performed after the action has been successfully performed.\n \n e.g. secrets key newkey\n \n clear [<STORE_NAME>] [--pull] [--push] [--sync] [--path <PATH>] [--key <STORE_KEY>]\n Clears the content (all the secrets) of a store.\n The model is left unchanged.\n \n If --pull is given, 'git pull' is performed before performing the action.\n If --push is given, 'git push' is performed after the action has been successfully performed.\n The option --sync acts as '--pull --push'.\n\n show [<STORE_NAME>] [--fields FIELDS] [--when] [--[r]sort SORT_FIELD] [--no-table] [--pull] [--path <PATH>] [--key <STORE_KEY>]\n Decrypts and shows the content of an entire store.\n If --fields is is given, FIELDS specify the fields to show and these must \n be expressed as a comma separated list of field names.\n The --when parameter shows also temporal info (add/last modify date).\n The --sort and --rsort can be used for sort the secrets alphabetically by FIELD.\n \n If --pull is given, 'git pull' is performed before performing the action.\n\n e.g. secrets show password\n e.g. secrets show password --sort Added\n e.g. secrets show password --sort Modified\n \n grep [<STORE_NAME>] [<SEARCH_PATTERN>] [--fields FIELDS] [--when] [--[r]sort SORT_FIELD] [--no-table] [--no-color] [--pull] [--path <PATH>] [--key <STORE_KEY>]\n Performs a regular expression search between the data of the store.\n The SEARCH_PATTERN can be any valid regular expression.\n The matches will be highlighted unless --no-color is specified.\n If --fields is is given, FIELDS specify the fields to show and these must \n be expressed as a comma separated list of field names.\n The --when parameter shows also temporal info (add/last modify date)\n The --sort and --rsort can be used for sort the secrets alphabetically by SORT_FIELD.\n \n If --pull is given, 'git pull' is performed before performing the action.\n\n e.g. secrets grep password MyPass\n e.g. secrets grep password \"^My.*word\" --fields Name,Other\n \nSECRET COMMANDS\n add [<STORE_NAME>] [--data DATA] [--pull] [--push] [--sync] [--path <PATH>] [--key <STORE_KEY>]\n Inserts a new secret into a store.\n The DATA must be expressed as a key=value comma separated list where the \n key should be a field of the store.\n \n If --pull is given, 'git pull' is performed before performing the action.\n If --push is given, 'git push' is performed after the action has been successfully performed.\n The option --sync acts as '--pull --push'.\n\n e.g. secrets add password --data Site=\"Megavideo\",Account=\"me@gmail.com\",Password=\"MyPassword\" \n\n remove [<STORE_NAME>] [<SECRET_IDS>*] [--pull] [--push] [--sync] [--path <PATH>] [--key <STORE_KEY>]\n Removes the secret(s) with the given SECRET_IDS from the store.\n The SECRET_IDS should be a comma separated list of IDs retrieved \n using the secrets grep or the show command.\n \n If --pull is given, 'git pull' is performed before performing the action.\n If --push is given, 'git push' is performed after the action has been successfully performed.\n The option --sync acts as '--pull --push'.\n\n e.g. secrets remove password 12\n e.g. secrets remove password 12,14,15,7 11\n \n modify [<STORE_NAME>] [<SECRET_ID>] [--data DATA] [--pull] [--push] [--sync] [--path <PATH>] [--key <STORE_KEY>]\n Modifies the secret with the given SECRET_ID using the given DATA.\n The DATA must be expressed as a key=value list.\n \n If --pull is given, 'git pull' is performed before performing the action.\n If --push is given, 'git push' is performed after the action has been successfully performed.\n The option --sync acts as '--pull --push'.\n\n e.g. secrets modify password 11 --data Password=\"MyNewPassword\"\n \nGIT COMMANDS\n push [--message <COMMIT_MESSAGE>] [--path <PATH>] \n Commits and pushes to the remote git repository.\n Actually performs \"git add .\" , \"git commit -m 'COMMIT_MESSAGE'\" and\n \"git push\" on the given path.\n Note that the action is related to the whole repository, \n not a particular store.\n\n If the COMMIT_MESSAGE is not specified, a default commit message \n will be created.\n The credentials might be required by the the invoked git push routine.\n \n e.g. secrets push\n e.g. secrets push\n e.g. secrets push --message \"Added Google password\"\n \n Pull from the remote git branch.\n Note that the action is related to the whole repository, \n not a particular store.\n\n e.g. secrets pull\n\nGLOBAL OPTIONS\n --help\n Shows this help message.\n \n --version\n Shows the version number.\n\n --verbose\n Prints debug statements.\n \n --no-keyring\n Do not use the keyring for retrieve the password.\n By default a password used for open a store is cached in the keyring\n for further uses.\n``` \n\n\n## LICENSE\nSecrets Guard is [MIT licensed](./LICENSE).\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Encrypts and decrypts private information",
"version": "0.19",
"project_urls": {
"Homepage": "https://github.com/Docheinstein/secrets-guard"
},
"split_keywords": [
"pass",
"password",
"private",
"key",
"encrypt",
"decrypt",
"crypt"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "c8e360486eaac45a9a05cf67024dfd6fe71426abc5264bac1c90ad70ed094059",
"md5": "c1dd3e22d8b2e1987cee4b927b3e24f9",
"sha256": "fbb03f413d06e40486b4bb027bbf5464316294275b394c26a115be5365452cda"
},
"downloads": -1,
"filename": "secrets_guard-0.19-py3-none-any.whl",
"has_sig": false,
"md5_digest": "c1dd3e22d8b2e1987cee4b927b3e24f9",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3",
"size": 13830,
"upload_time": "2024-01-11T22:09:25",
"upload_time_iso_8601": "2024-01-11T22:09:25.473818Z",
"url": "https://files.pythonhosted.org/packages/c8/e3/60486eaac45a9a05cf67024dfd6fe71426abc5264bac1c90ad70ed094059/secrets_guard-0.19-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-01-11 22:09:25",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "Docheinstein",
"github_project": "secrets-guard",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "secrets-guard"
}
JSON
