DEV Community

Alex Macniven
Alex Macniven

Posted on

Shushi - Minimalist Secrets Management in Python

A lot of the work I produce as a 9-5 developer lives in private repositories. Given the unprecedented times we are all currently experiencing I wanted to take the opportunity to port some of my work into open source repositories.


When I'd create applications in python I'd create a config.json to store credentials and other sensitive assets needed by the application.

This posed 2 problems for me;

  1. Credentials are spread across multiple config.json files
  2. Generally, the config.json files are in plan-text


As a result I built shushi, minimalist secrets management in Python.

How does shushi address the above?

  1. Credentials are stored in a single vault file
  2. The vault file is encrypted using cryptography

Shushi comes complete with...

A CLI developed using click;

> shushi -p [password] get twitter
name = twitter
user = alexmacniven
password = secret_password
Enter fullscreen mode Exit fullscreen mode

Access to the back-end functionality;

>>> import shushi
>>> shushi.get([password], "twitter")
VaultRecord(name="twitter", user="alexmacniven", password="secret_password")
Enter fullscreen mode Exit fullscreen mode

Unit tests written with pytest in mind;

> pytest
============================= test session starts =============================
platform win32 -- Python 3.8.2, pytest-5.4.1, py-1.8.1, pluggy-0.13.1
rootdir: ~\Code\shushi
plugins: mock-2.0.0
collected 25 items

tests\ ..                                                     [  8%]
tests\ ..............                                        [ 64%]
tests\ ........                                            [ 96%]
tests\ .                                                   [100%]

============================= 25 passed in 1.24s ==============================
Enter fullscreen mode Exit fullscreen mode

Contributions are welcomed using Github issues.

Psst this is my first post 🥳

Top comments (0)