/jackson

Pythonic way of keeping secrets secure in JSON

Primary LanguagePythonApache License 2.0Apache-2.0

JackSON

Have you ever used JSON as your config? Have you keep secrets in config as plain text, that you dont want to? Then this is the right tool for you.
JackSON is the simple and flexible file extension of JSON file types written in python (in less than 50 lines of code), this extension allows the users to keep their secrets in environment variables and pass the reference to those environment variables into the JSON file(jackson). The secrets in the environment variables will be read securely in to the in memory dict.

The problem that it solves:

  • Retrieve secrets from env variables.
  • Retrieve secrets from remote/servers(HSMs).

How to JackSON

JackSON is exported as python package. You can install it via pip.
pip install --user jackson

export foo=10
export bar=100

Example JackSON config file.

{
    "_comment1": "Value from foo env variable",
    "key1": "env.foo",
    "_comment2": "Value from bar env variable",
    "key2": "env.bar",
    "_comment3": "Value from python module",
    "key3": "!a.b",
    "_comment4": "key/value pair similar to json",
    "key4": "value4"
}

Inside the code.

import jackson
import json    # For converting JackSON --> JSON
d = json.load(jackson.File.open("./config.jackson"))
print(d)

And this is how it looks.

{   
    "key4": "value4",
    "key3": "reached",
    "key2": "100",
    "key1": "10",
    "_comment4": "key/value pair similar to json",
    "_comment3": "Value from python module",
    "_comment2": "Value from bar env variable",
    "_comment1": "Value from foo env variable"
}

Key Features:

  • Reference to environment variables.
  • Reference to the code, which will resolve to secret variable.

Pull requests are more than appreciated.