Extensible passphrase resolver, supporting prompting as well as passphrases stored in environment variables, files or keyrings
Some examples of smart passphrase descriptors:
pass:<passphrase>
to directly provide a passphrase inlineenv:<env-var-name>
to get the passphrase from an environment variable. The application may configure a custom environment dictionary, oros.osenviron()
is usedfile:<file-name>
to get the passphrase from the file at location pathname. The application may configure a base directory for relative paths, or the current working directory is used.fd:<file-descriptor-number>
read the passphrase from the provided file descriptor numberstdin:
to read from standard inputprompt:
to prompt the user with "Password: " and read from console with typed characters hidden (uses getpass)prompt:<prompt-string>
to prompt the user with a custom prompt string and read from console with typed characters hidden (uses getpass)keyring:<service-name>,<key-name>
to load the passphrase from keyring. The application may configure a prefix that will be prepended to either the service-name or the key-name or both, to define a unique namespace for the application.keyring:<key-name>
to load the passphrase from keyring, using a default service name configured by the application. The application may configure a prefix that will be prepended to key-name, to define a unique namespace for the application.none:
To provide aNone
value for the passphrase (useful for chaining defaults)empty:
To provide an empty passphrase
Command tool
A command tool, get-passphrase
, is provided that will expand a smart passphrase descriptor provided as an argument.