Sagecipher

Uses SSH agent to encrypt/decrypt arbitrary data

About

This can be used in turn by the keyring library, and by ansible-vault to encrypt/decrypt files or secrets via the users' local or forwarded ssh-agent session.

Simple usage

source <(ssh-agent)
ssh-add

ssh-agent, ssh-add, Python Keyring Lib 참조.

Using sagecipher directly in Python

>>> from sagecipher import Cipher
>>>
>>> # Encrypts using the first SSH key available from SSH agent...
>>> enc_text = Cipher.encrypt_string("hello, world")
>>> text = Cipher.decrypt_string(enc_text)
>>> text
"hello, world"

SSH Agent 실행여부 확인

SSH_AGENT_PID 같은 환경변수로 확인할 수 없을 경우, 내부적으로 paramiko를 사용하므로 이걸로 확인하자.

def is_valid_sagecipher() -> bool:
    from paramiko import Agent

    return bool(Agent().get_keys())

See also

• keyring
• python
• Secure Coding#Key store
• ssh-agent
• ssh-add
• paramiko

Favorite site

• sagecipher · PyPI
• p-sherratt/sagecipher: Uses SSH agent to encrypt/decrypt arbitrary data