[Noisebridge-discuss] pip install secureconfig (actual hacking!)

Naomi Most pnaomi at gmail.com
Tue Apr 22 06:22:38 UTC 2014

Hi everybody,

I made a library called secureconfig for python and pushed its first
minor release version earlier today.



secureconfig provides interfaces to (currently 3) data structures,
including the .ini style data people like to use the configparser
class with.  You can encrypt/decrypt using keys stored in environment
variables, files, or strings.

There's also a nifty class called SecureString that automatically
zeroes its string data after garbage collection or if you explicitly
call the "burn" method.  So if you're really paranoid you can do this:

scfg = SecureConfigParser.from_env(NAME_OF_ENV)

password = SecureString(scfg.get('credentials', 'password'))

cnxn = ConnectToSomething(password)

# overwrite string data with zeroes:

You can easily recover plaintext data from a memory dump with root
access, so the burn function is handy if you don't completely trust
everyone you've ever given sudo to.

The encryption used is the so-called Fernet protocol -- AES-128 CBC
via https://cryptography.io

This is the first time I've ever made a library that makes claims
about "security", and I want to make sure it gets picked apart
appropriately.  So feel free to critique code and documentation here.

Or just let me know if you try it out!


Naomi Theora Most
naomi at nthmost.com

skype: nthmost


More information about the Noisebridge-discuss mailing list