This library makes rate-limited encryption really simple!
Ask SecondGuard for a key to encrypt the secret locally, and then encrypt the secret for storage in the database of your choice:
>>> from secondguard import sg_encrypt_secret
>>>
>>> to_save_in_db = sg_encrypt_secret('Attack at dawn!', 'YOUR_SEED_PUB_HASH', 'YOUR API_TOKEN')
>>> print(to_save_in_db)
SG-AESCFB-v1$bytes$e6febe465a7e957ec221ef959cf167bb1a99f8fa7b826eefe689897ce4c6bc5f$5d99ef93c817caad405d5ae3ff076c863c33bae49d39a45fd3f2b9c1d77f5a45$Ma5T5YUKVxLHj8PLm9a0sg==$y5hrM5c4faEHlzUCRQmUWhen you want to decrypt that data in the future, you'll ask SecondGuard for the original key to decrypt:
>>> from secondguard import sg_decrypt_secret
>>>
>>> sg_decrypt_secret(to_save_in_db, 'YOUR_API_TOKEN')
'Attack at dawn!'You can also decrypt locally using your private seed. To verify this is working as designed, turn off your internet connection(or audit the code path) and then run:
>>> from secondguard import sg_decrypt_from_priv_seed
>>>
>>> sg_decrypt_from_priv_seed(to_save_in_db, 'YOUR_PRIVATE_SEED')
'Attack at dawn!'See test_secondguard.py for examples for all methods. Feel free to audit the code to confirm that all encryption is taking place locally and SecondGuard never sees your plaintext or ciphertext.
To get started:
$ pip install secondguardIf you don't have pip pre-installed on your machine you can install pip here. If for some reason pip doesn't work you can use easy_install, but you really shouldn't do that.
Note that if you use an outdated version of pip you may get a scary InsecurePlatformWarning warning installing any package (including secondguard). As always, you should upgrade your pip to the latest version before installing any new software:
$ pip install --upgrade pipAdvanced users can download the source code and build from source:
$ python setup.py build
$ python setup.py installYou can also use python3 (replace pip3 with pip).