Lockbox
User-friendly CLI over cryptography.io's symmetric cipher
Install / Use
/learn @johnwheeler/LockboxREADME
lockbox: User-friendly CLI over cryptography.io's Fernet symmetric cipher
.. image:: https://img.shields.io/badge/python-2.6%202.7%203.3%203.4%203.5%203.6-blue.svg :target: https://pypi.python.org/pypi/lockbox
.. image:: https://img.shields.io/badge/license-MIT-blue.svg :target: https://pypi.python.org/pypi/lockbox
.. image:: https://s3.amazonaws.com/johnwheeler/lockbox.gif
lockbox provides a command line interface over cryptography.io's Fernet symmetric cipher <https://cryptography.io/en/latest/fernet/>.
Fernet guarantees that a message encrypted using it cannot be manipulated or read without the key. lockbox was inspired by the Ruby-based
sekrets <https://github.com/ahoward/sekrets> project, but they use different ciphers.
Installation
pip install lockbox
Command line interface
The lock command
/////////////////////
.. code::
Usage: lockbox lock [OPTIONS] INPUT OUTPUT
Symmetric encryption of plaintext input file to ciphertext output file
Options:
--key TEXT An encryption key
--help Show this message and exit.
The unlock command
////////////////////
.. code::
Usage: lockbox unlock [OPTIONS] INPUT OUTPUT
Symmetric decryption of ciphertext input file to plaintext output file
Options:
--key TEXT An encryption key
--help Show this message and exit.
The edit command
////////////////////
.. code::
Usage: lockbox edit [OPTIONS] PATH
Decrypts the given file and opens its contents in a temporary file for
editing. Once saved, the updated contents are reencrypted back to the
orignal file.
Options:
--key TEXT An encryption key
--help Show this message and exit.
The genkey command
//////////////////////
.. code::
Usage: lockbox genkey [OPTIONS] OUTPUT
Generates a cryptographically strong key and writes it to the given output
path
Options:
--help Show this message and exit.
Key resolution
With lockbox, you can pass an encryption key as a command line option --key or store the key in a .lockbox.key file.
The key should be cryptographically strong <https://en.wikipedia.org/wiki/Password_strength#Guidelines_for_strong_passwords>_. The command
line interface also has a command to generate such a key.
For all operations, lockbox uses the following algorithm to search for a key:
- A key passed via the
--keyoption is always preferred. - Otherwise the code looks for a companion key file named
.lockbox.keyin the the current working directory. - If that is not found lockbox looks for the key in the environment under the environment variable
LOCKBOX_KEY - Next the global key file is searched for. The path of this file is
~/.lockbox.key - Finally, if no keys have been specified or found, the user is prompted to input the key. Prompt only occurs if the user is attached to a tty.
- You should never commit keyfiles. Add them to to your
.gitignoreor similar.
Related Skills
node-connect
341.2kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
84.5kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
341.2kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
commit-push-pr
84.5kCommit, push, and open a PR
