{ "info": { "author": "German Gomez-Herrero", "author_email": "data@findhotel.net", "bugtrack_url": null, "classifiers": [ "Programming Language :: Python :: 2", "Programming Language :: Python :: 3" ], "description": "S3 backend for Python's keyring\n================================\n\n.. image:: https://travis-ci.org/FindHotel/s3keyring.svg?branch=master\n :target: https://travis-ci.org/FindHotel/s3keyring\n\n.. |PyPI| image:: https://img.shields.io/pypi/v/s3keyring.svg?style=flat\n :target: https://pypi.python.org/pypi/s3keyring\n\nThis module adds an `AWS S3`_ backend to Python's keyring_ module. The S3\nbackend will store the keyring credentials in an S3 bucket and use client and\nserver side encryption to keep the credentials safe both during transit and at\nrest. This backend is quite handy when you want to distribute credentials across\nmultiple machines. Access to the backend and to the encryption keys can be\nfinely tuned using AWS IAM policies.\n\n.. _AWS S3: https://aws.amazon.com/s3/\n.. _keyring: https://pypi.python.org/pypi/keyring\n.. _Key Management System: https://aws.amazon.com/kms/\n\n\nInstallation\n------------\n\nYou can install a stable release from Pypi::\n\n pip install s3keyring\n\n\nOr you can choose to install the development version::\n\n pip install git+https://github.com/InnovativeTravel/s3-keyring\n\n\nIn Mac OS X El Capitan and later you may run into permission issues\nwhen running `pip install`. A workaround is to install `s3keyring` using::\n\n sudo -H pip install --ignore-installed git+https://github.com/InnovativeTravel/s3-keyring\n\nA better solution is to install Python with homebrew so that `pip install` will\nnot attempt to install packages in any system directory::\n\n brew install python\n\n\n\n\nFor Admins: setting up the keyring\n------------------------------------------------\n\nIf you are just a user of the keyring and someone else has set up the keyring\nfor you then you can skip this section and go directly to ``For Keyring Users:\naccessing the keyring`` at the end of this README. Note that you will need \nadministrator privileges in your AWS account to be able to set up a new keyring \nas described below.\n\n\n\n\nS3 bucket\n~~~~~~~~~\n\nThe S3 keyring backend requires you to have read/write access to a S3 bucket.\nIf you want to use bucket ``mysecretbucket`` to store your keyring, you will\nneed to attach the following `IAM policy`_ to all the IAM user accounts or\nroles that will have read and write access to the keyring::\n\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\"\n ],\n \"Resource\": \"arn:aws:s3:::mysecretbucket\",\n \"Condition\": {}\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:DeleteObject\",\n \"s3:GetObject\",\n \"s3:PutObject\"\n ],\n \"Resource\": \"arn:aws:s3:::mysecretbucket/*\"\n }\n ]\n }\n\n.. _IAM policy: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-policies-for-amazon-ec2.html\n\nIf you want to create a policy that grants read-only access to the keyring then\nremove the ``s3:PutObject`` and ``s3:DeleteObject`` actions from the policy\nabove.\n\n\n\n\nEncryption key\n~~~~~~~~~~~~~~\n\nYou need to create a `KMS encryption key`_. Write down the ID of the\nKMS key that you create. You will need to share this KMS Key ID with the\nusers of the keyring.\n\n.. _KMS encryption key: http://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html\n\n\n**IMPORTANT**: You will need to grant read access to the KMS key to every IAM\nuser or role that needs to access the keyring.\n\n\n\n\nFor users: accessing the keyring\n---------------------------------------------\n\n\nOne-time configuration\n~~~~~~~~~~~~~~~~~~~~~~\n\nIf you haven't done so already, you will need to configure your local\ninstallation of the `AWS CLI`_ by running::\n\n aws configure\n\n.. _AWS CLI: http://docs.aws.amazon.com/cli\n\nThen configure the S3 Keyring::\n\n s3keyring configure\n\nYour keyring administrator will provide you with the ``KMS Key ID``,\n``Bucket`` and ``Namespace`` configuration options. Option ``AWS profile``\nallows you to specify the local `AWS CLI profile`_ you want to use to sign all\nrequests sent to AWS when accessing the keyring. Most users will want to use\nthe ``default`` profile.\n\n.. _AWS CLI profile: http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-multiple-profiles\n\n**IMPORTANT**: when deploying the `s3keyring` in EC2 instances that are granted\naccess to the keyring by means of an `IAM role` you should not specify a\ncustom AWS profile when configuring s3keyring in the instances.\n\n.. _IAM role: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html\n\n\nYou can configure the ``s3keyring`` module without user input by setting the\nfollowing environment variables: ``S3KEYRING_BUCKET``, ``S3KEYRING_NAMESPACE``,\n``S3KEYRING_KMS_KEY_ID``, ``S3KEYRING_AWS_PROFILE``. If these environment variables\nare properly set then you can configure the ``s3keyring`` module with::\n\n s3keyring configure --no-ask\n\n\n\nConfiguration profiles\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nYou can use ``s3keyring`` to store (read) secrets in (from) more than one\nbackend S3 keyring. A typical use case is creating different keyrings for \ndifferent user groups that have different levels of trust. For instance your \nkeyring administrator may have setup a S3 keyring that only IAM users with admin\nprivileges can access. Using the bucket, KMS Key ID and namespace provided by \nyour keyring admin you can configure a separate ``s3keyring`` profile to access\nthat admins-only keyring::\n\n s3keyring --profile administrators configure\n\nYour keyring admin may have also setup a separate S3 keyring to store secrets \nthat need to be accessed by EC2 instances that act as backend workers in a\nproject you are part of. To access that keyring you would configure a\nsecond ``s3keyring`` profile::\n\n s3keyring --profile website-workers configure\n\nThen, to store and retrieve secrets in the administrators keyring::\n\n s3keyring --profile administrators set SERVICE ACCOUNT PASSWORD \n s3keyring --profile administrators get SERVICE ACCOUNT\n\n\nAnd you could do the same for the ``website-workers`` keyring using option\n``--profile website-workers``.\n\n\n\nConfiguration file\n~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nBy default ``s3keyring`` reads configuration options from ``~/.s3keyring.ini``.\nYou can also store the configuration in a ``.s3keyring.ini`` file stored in your\ncurrent working directory by using::\n\n s3keyring configure --local\n\n\n``s3keyring`` will always read the configuration first from a ``.s3keyring.ini``\nfile under your current work directory. If it is not found then it will read it\nfrom ``~/.s3keyring.ini``.\n\n\n\n\nUsage\n-----\n\nThe ``s3keyring`` module provides the same API as Python's `keyring module`_.\nYou can access your S3 keyring programmatically from your Python code like\nthis::\n\n from s3keyring.s3 import S3Keyring\n kr = S3Keyring()\n kr.set_password('groupname', 'username', '123456')\n assert '123456' == kr.get_password('groupname', 'username')\n kr.delete_password('groupname', 'username')\n assert kr.get_password('groupname', 'username') is None\n\n\nYou can also use the keyring from the command line::\n\n # Store a password\n s3keyring set groupname username 123456\n # Retrieve it\n s3keyring get groupname username\n # Delete it\n s3keyring delete groupname username\n\n\n.. _keyring module: https://pypi.python.org/pypi/keyring\n\n\n\nRecommended workflow\n~~~~~~~~~~~~~~~~~~~~\n\nThis is how I use ``s3keyring`` in my Python projects.\n\nLet's assume that my project root directory looks something like this::\n\n setup.py\n my_module/\n __init__.py\n\n\nIn my project root directory I run::\n\n s3keyring configure --local\n\nI keep the generated ``.s3keyring.ini`` file as part of my project source code\n(i.e. under version control). Then in my project code I use the keyring like \nthis::\n\n from s3keyring.s3 import S3Keyring\n\n keyring = S3Keyring(config_file=\"/path/to/s3keyring.ini\")\n keyring.set_password('service', 'username', '123456')\n assert keyring.get_password('service', 'username') == '123456'\n\n\nContact\n-------\n\nIf you have questions, bug reports, suggestions, etc. please create an issue on\nthe `GitHub project page `_.\n\n\n\nLicense\n-------\n\nThis software is licensed under the `MIT license `_\n\nSee `License file `_\n\n\n\u00a9 2016 German Gomez-Herrero, and `FindHotel`_.\n\n.. _FindHotel: http://company.findhotel.net/\n\nAuthors\n=======\n\n`German Gomez-Herrero `_\n original idea and implementation\n\nThese people have contributed to ``s3keyring``, in alphabetical order:\n\n* `Ilya Kalinin `_\n\nChangelog\n=========\n\n0.2.2\n-----\n\n- Fix pycparser version to prevent bug in pycparser 2.15\n\n0.2.2\n-----\n\n- Change naming conventions: secret namespaces, groups and keys\n\n0.2.0\n-----\n\n- Don't use the local keychain if the s3keyring config file says so\n\n0.1.0\n-----\n\n- Doc fixes\n- New keyring method to list secrets associated to a service\n\n0.0.12\n------\n\n- Docs fixes\n- Fixes in the handling of project-specific configs\n\n0.0.2\n-----\n\n- Minor fixes in docs and package data\n\n0.0.1\n-----\n\n- Initial release (germangh)\n", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://github.com/findhotel/s3keyring", "keywords": "", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "s3keyring", "package_url": "https://pypi.org/project/s3keyring/", "platform": "", "project_url": "https://pypi.org/project/s3keyring/", "project_urls": { "Homepage": "http://github.com/findhotel/s3keyring" }, "release_url": "https://pypi.org/project/s3keyring/0.2.4/", "requires_dist": null, "requires_python": "", "summary": "S3 backend for Python's keyring module", "version": "0.2.4" }, "last_serial": 2965384, "releases": { "0.0.1": [ { "comment_text": "", "digests": { "md5": "ec8043ab3cb1b08f872b3e67e89b27a4", "sha256": "e6464155a261185a727f9817a622d9ed477a6846497bd20575d42eaac31cc791" }, "downloads": -1, "filename": "s3keyring-0.0.1.tar.gz", "has_sig": false, "md5_digest": "ec8043ab3cb1b08f872b3e67e89b27a4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9269, "upload_time": "2016-06-08T17:47:08", "url": "https://files.pythonhosted.org/packages/99/57/2c5853b6ac482d3f595ea7ba85ec59026ca4e0fa3f91ae3bd5bccb8cf60d/s3keyring-0.0.1.tar.gz" } ], "0.0.11": [ { "comment_text": "", "digests": { "md5": "9ad6115a79f4dc00348002e4bfd80cc0", "sha256": "5766a26c85f03081f3f1898fc8c3cafa22001706a0e35657f23d909b881fd487" }, "downloads": -1, "filename": "s3keyring-0.0.11.tar.gz", "has_sig": false, "md5_digest": "9ad6115a79f4dc00348002e4bfd80cc0", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10424, "upload_time": "2016-06-09T09:40:42", "url": "https://files.pythonhosted.org/packages/20/05/bef35f4296db6b3ab7b79a6be97023eee6a34db1eb6a1fa585ecff9fa983/s3keyring-0.0.11.tar.gz" } ], "0.0.12": [ { "comment_text": "", "digests": { "md5": "6d85f842931c70bbeef6ef275dd18964", "sha256": "84e723ec666ce01c190a571307f9520541eeb1ba524d700854f0b18da1a6ad6a" }, "downloads": -1, "filename": "s3keyring-0.0.12.tar.gz", "has_sig": false, "md5_digest": "6d85f842931c70bbeef6ef275dd18964", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10438, "upload_time": "2016-06-09T09:42:51", "url": "https://files.pythonhosted.org/packages/a4/90/09563cb225a90c3118eebf701ba3cf72a1bcdf815716085708cec8ad8860/s3keyring-0.0.12.tar.gz" } ], "0.0.2": [ { "comment_text": "", "digests": { "md5": "5342e05089e84c0c4274e0da3e40e172", "sha256": "479c397a26feb1e2e77f2e55610c1bcd7a5b870544319c55bdb0c15b210f3e33" }, "downloads": -1, "filename": "s3keyring-0.0.2.tar.gz", "has_sig": false, "md5_digest": "5342e05089e84c0c4274e0da3e40e172", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9506, "upload_time": "2016-06-08T18:00:20", "url": "https://files.pythonhosted.org/packages/03/31/86ccc382ebe137bedd97a818925821f024439f0586f044d71e15e3ced2df/s3keyring-0.0.2.tar.gz" } ], "0.0.7": [ { "comment_text": "", "digests": { "md5": "b0a6914069991efc313e1cbcceccc502", "sha256": "039fde22d011cbaab652fb522a97abcabbce74b5aa99267ff956e658ca2f1021" }, "downloads": -1, "filename": "s3keyring-0.0.7.tar.gz", "has_sig": false, "md5_digest": "b0a6914069991efc313e1cbcceccc502", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9584, "upload_time": "2016-06-08T19:18:13", "url": "https://files.pythonhosted.org/packages/ee/5d/66301ea9764c46cbbc8cf67fdd2a3ae2c28741b974b0efbb4a45526b1e4c/s3keyring-0.0.7.tar.gz" } ], "0.0.8": [ { "comment_text": "", "digests": { "md5": "96dd0e160b6e8eb36c69a878e4459507", "sha256": "492a9aee7762b72b012fa11b13edf823f23931206a2974f06a723c303ec8811a" }, "downloads": -1, "filename": "s3keyring-0.0.8.tar.gz", "has_sig": false, "md5_digest": "96dd0e160b6e8eb36c69a878e4459507", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10419, "upload_time": "2016-06-09T08:15:07", "url": "https://files.pythonhosted.org/packages/fc/d6/b3f3c8837923387819d9fb2614e94198c617d2b5d4d49b516936dc51abf5/s3keyring-0.0.8.tar.gz" } ], "0.0.9": [ { "comment_text": "", "digests": { "md5": "f9d3fd2b0bd348889e5e41cb5a3c640d", "sha256": "0f1367f2e9cb9503166198d5ac35db2ce88a818871ff15236608d32391c56e5a" }, "downloads": -1, "filename": "s3keyring-0.0.9.tar.gz", "has_sig": false, "md5_digest": "f9d3fd2b0bd348889e5e41cb5a3c640d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10424, "upload_time": "2016-06-09T09:38:11", "url": "https://files.pythonhosted.org/packages/13/09/acb71019e4be7c7124a8e27f10fb7180cc3177ff126944d0285ec4cec648/s3keyring-0.0.9.tar.gz" } ], "0.1.0": [ { "comment_text": "", "digests": { "md5": "e2483b82f3ba42e48614d3f00c80e84c", "sha256": "e6f2ac5bec27e46fe1dc98e7bb8298aca40d44ea64ba185650a2e13ba08e031e" }, "downloads": -1, "filename": "s3keyring-0.1.0.tar.gz", "has_sig": false, "md5_digest": "e2483b82f3ba42e48614d3f00c80e84c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10565, "upload_time": "2016-06-18T12:53:08", "url": "https://files.pythonhosted.org/packages/cb/ae/f2a96bf0e6406fe5769a79052d7f1c7bfb11280fc914b8b0b07337d3d396/s3keyring-0.1.0.tar.gz" } ], "0.2.0": [ { "comment_text": "", "digests": { "md5": "ce31e4c46ba7f5de4f6ab2906cb69acf", "sha256": "b9de74bf8595a13b226a094ac0b32e45c84d03eebfa70ff5456b54038fbdb8aa" }, "downloads": -1, "filename": "s3keyring-0.2.0.tar.gz", "has_sig": false, "md5_digest": "ce31e4c46ba7f5de4f6ab2906cb69acf", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10594, "upload_time": "2016-07-02T05:58:54", "url": "https://files.pythonhosted.org/packages/68/bf/d45b2e5709582e978f15fe08680954ede6aea4aa3a02744779c58b95a167/s3keyring-0.2.0.tar.gz" } ], "0.2.1": [ { "comment_text": "", "digests": { "md5": "90636f880e457f036751ca845e1ac8f9", "sha256": "08d8bf501e3caf3d35a2bcf8eef778078b262d16c4f875553ba011e8096737b4" }, "downloads": -1, "filename": "s3keyring-0.2.1.tar.gz", "has_sig": false, "md5_digest": "90636f880e457f036751ca845e1ac8f9", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10601, "upload_time": "2016-07-03T18:22:25", "url": "https://files.pythonhosted.org/packages/0f/33/651d497041bc5df02c31bdfba2e2954713e2dd22d7ef24a3a8deb9df4aaa/s3keyring-0.2.1.tar.gz" } ], "0.2.2": [ { "comment_text": "", "digests": { "md5": "285d47d3e792beb3120cdfd594148b4b", "sha256": "309f0f72d23dd7dee850e999ac864382034c82e2d2d6edc37aa3ef929dabacbb" }, "downloads": -1, "filename": "s3keyring-0.2.2.tar.gz", "has_sig": false, "md5_digest": "285d47d3e792beb3120cdfd594148b4b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10890, "upload_time": "2016-10-01T13:29:15", "url": "https://files.pythonhosted.org/packages/d1/d2/90190bd161a53cc27423977663f2c3122e6a66fd0bafd3faa671ab2107a5/s3keyring-0.2.2.tar.gz" } ], "0.2.3": [ { "comment_text": "", "digests": { "md5": "0a941b4f929f1bafa20c1ae3401627b9", "sha256": "aa7683b043584e36e9ed7b7572b7418ae9169e4426c0acb6074acf4e7909f6b3" }, "downloads": -1, "filename": "s3keyring-0.2.3.tar.gz", "has_sig": false, "md5_digest": "0a941b4f929f1bafa20c1ae3401627b9", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10999, "upload_time": "2016-10-18T15:15:16", "url": "https://files.pythonhosted.org/packages/1b/60/2a448ff24be7f930207639a6a72f071fc46b09fec557a9316dc3e12d202e/s3keyring-0.2.3.tar.gz" } ], "0.2.4": [ { "comment_text": "", "digests": { "md5": "5662598aea18436ed502c8f374498f69", "sha256": "2e50cd6de4db87b37a927ed3d31bdc54a80497103a15bd12fa22288ddfc446fb" }, "downloads": -1, "filename": "s3keyring-0.2.4.tar.gz", "has_sig": false, "md5_digest": "5662598aea18436ed502c8f374498f69", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 11075, "upload_time": "2017-06-21T15:48:52", "url": "https://files.pythonhosted.org/packages/d2/9e/1857f9b95b18395004c1c18d8e1a7b78bc6c2fe5796d8944ff1109c94c7a/s3keyring-0.2.4.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "5662598aea18436ed502c8f374498f69", "sha256": "2e50cd6de4db87b37a927ed3d31bdc54a80497103a15bd12fa22288ddfc446fb" }, "downloads": -1, "filename": "s3keyring-0.2.4.tar.gz", "has_sig": false, "md5_digest": "5662598aea18436ed502c8f374498f69", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 11075, "upload_time": "2017-06-21T15:48:52", "url": "https://files.pythonhosted.org/packages/d2/9e/1857f9b95b18395004c1c18d8e1a7b78bc6c2fe5796d8944ff1109c94c7a/s3keyring-0.2.4.tar.gz" } ] }