Overview

The polevault python package can be used to encrypt and decrypt entries in user provided text-based configuration files, containing credentials or API keys.

For example, if the user has a secrets/servers.yml file containing:

server_a:
  address: 192.168.64.1
  username: admin
  password: abc123!

server_b:
  address: 192.168.64.2
  username: admin
  password: xyz789!

If the user types this command:

$ polevault encrypt secret secrets/servers.yml
Encryption key:
The encryption key is: fp3Hx6zUpFuW8jufDjeneFNWGhGbIkiDFCfXRt0ZS1E

The file will be changed to look something like this:

server_a:
    encrypted: sAtnD717a2A+nb4326h4+VbkUsGihWzu4DXnp530P008Um/2qNZezfqw+cMCCeMe...

server_b:
    encrypted: 2nKuLuV/6NwYVne1hZrJF786U8d1hIuCO4ctM7O6vomzjMju/VPssRzMADgPMTJc...

The encryption key that was provided can later be used to decrypt the entries in the same file, like this:

$ polevault decrypt secret secrets/servers.yml
Encryption key:
$

After this, the contents of the file will be back the way they were before encrypting.