simple_automation.vault.SymmetricVault

class simple_automation.vault.SymmetricVault(manager, file: str, keyfile=None, key=None)

Bases: simple_automation.vault.Vault

A SymmetricVault is a Vault which saves its context symmetrically encrypted. Content is encrypted with a salted key (+scrypt) using AES-256-GCM.

Initializes the vault from the given file and key/keyfile. If neither key nor keyfile is provided, the key will be read via getpass(). The key may be given as str or bytes. If the key is given a a str, it will automatically be converted to bytes (without encoding) before usage.

Parameters
  • manager (Manager) – The manager to which this vault is registered.

  • file (str) – The file which serves as the permanent storage.

  • keyfile (str, optional) – A file which contains the decryption key. Defaults to None.

  • key (str, optional) – The decryption key. Defaults to None.

Methods

copy

Copies a value from another vars object into this one.

decrypt

Decrypts the vault (using self.decrypt_content) and loads the content into our Vars.

decrypt_content

Decrypts the given ciphertext.

edit

Opens an $EDITOR containing the loaded content as a pretty printed json, and updates the internal representation as well as the original vault file, if the content changed after the editor exists.

encrypt

Encrypts the currently stored Vars (using self.encrypt_content) and overwrites the vault file.

encrypt_content

Encrypts the given plaintext.

get

Retrieves a variable by the given key.

get_key

Loads the decryption key.

kdf

Derives the actual aeskey from a given salt and the saved key.

set

Sets the given variable.

copy(key, other_vars)

Copies a value from another vars object into this one. Same as calling self.set(key, other_vars.get(key))

Parameters
  • key (str) – The key that should be copied.

  • other_vars (Vars) – The source variable storage where the key is copied from.

decrypt()

Decrypts the vault (using self.decrypt_content) and loads the content into our Vars.

decrypt_content(ciphertext: bytes)bytes

Decrypts the given ciphertext.

Parameters

ciphertext (bytes) – The bytes to decrypt.

Returns

The plaintext

Return type

bytes

edit()

Opens an $EDITOR containing the loaded content as a pretty printed json, and updates the internal representation as well as the original vault file, if the content changed after the editor exists.

encrypt()bytes

Encrypts the currently stored Vars (using self.encrypt_content) and overwrites the vault file.

encrypt_content(plaintext: bytes)bytes

Encrypts the given plaintext.

Parameters

plaintext (bytes) – The bytes to encrypt.

Returns

The ciphertext

Return type

bytes

get(key, default=None)

Retrieves a variable by the given key. If no such key exists, it returns the given default value or throws a KeyError if no default is set.

Parameters
  • key (str) – The key that should be read.

  • default (Any, optional) – If not None, this will be returned in case the key is unset. By default None.

Returns

The stored object.

Return type

Any

get_key()

Loads the decryption key.

kdf(salt)

Derives the actual aeskey from a given salt and the saved key.

set(key, value)

Sets the given variable.

Parameters
  • key (str) – The key that should be read.

  • value (Any, optional) – The value to be stored. Must be json (de-)serializable.