Python module for safely and cleanly using sensitive data in shared code.
Cronos uses a secure encryption method, AES256, to store passwords and sensitive values locally. Simple (and unsecure) Caesar Ciphers are used to create obfuscated keys in the cronos datastore. This means keys are simply human-unreadable and values are securely encrypted with a password file (defaults to your ssh private key).
Supports Linux and OS X.
- Python Pip:
pip install cronos
While global keys are stored in your code (such as the plaintext API_KEY in the examples below), Cronos uses the single interface get to initially prompt the user for the value at runtime. Cronos stores the encrypted value in a keystore called db.cronos. Upon a second call to get, Cronos performs a lookup and decryption.
You may want to add *.cronos to your .gitignore.
Using your ssh private key (id_rsa) as the default encryption key:
from cronos import cronos
c = cronos.Cronos()
myKey = c.get("API_KEY") # Prompt user for API_KEY if not already storedUsing mypassword.txt as the encryption key and /tmp/db.chronos as the db file:
from cronos import cronos
c = cronos.Cronos(passFile='mypassword.txt', storeFile='/tmp/db.chronos')
myKey = c.get("API_KEY") # Prompt user for API_KEY if not already stored