Skip to content

Initial working release

Latest
Compare
Choose a tag to compare
@sammck sammck released this 22 Feb 20:56

Extensible passphrase resolver, supporting prompting as well as passphrases stored in environment variables, files or keyrings

Some examples of smart passphrase descriptors:

  • pass:<passphrase> to directly provide a passphrase inline
  • env:<env-var-name> to get the passphrase from an environment variable. The application may configure a custom environment dictionary, or os.osenviron() is used
  • file:<file-name> to get the passphrase from the file at location pathname. The application may configure a base directory for relative paths, or the current working directory is used.
  • fd:<file-descriptor-number> read the passphrase from the provided file descriptor number
  • stdin: to read from standard input
  • prompt: to prompt the user with "Password: " and read from console with typed characters hidden (uses getpass)
  • prompt:<prompt-string> to prompt the user with a custom prompt string and read from console with typed characters hidden (uses getpass)
  • keyring:<service-name>,<key-name> to load the passphrase from keyring. The application may configure a prefix that will be prepended to either the service-name or the key-name or both, to define a unique namespace for the application.
  • keyring:<key-name> to load the passphrase from keyring, using a default service name configured by the application. The application may configure a prefix that will be prepended to key-name, to define a unique namespace for the application.
  • none: To provide a None value for the passphrase (useful for chaining defaults)
  • empty: To provide an empty passphrase

Command tool

A command tool, get-passphrase, is provided that will expand a smart passphrase descriptor provided as an argument.