Python keyring

This page will discuss how to use key ring to share out secrets. The reference article below is a great starting doc. Like most people I often find myself trying to find the best way to manage passwords, secrets, and documents. In the snippet below I straddle an imperfect world. I will share some additional code in other documents that for example discuss managing secret’s in hashi’s vault. Using Cyberark or Thycotic would also be an option but there can be simpler solutions. Using the “keyring” can be good for “small” initial solutions. The example below leverages even using a simple “keepass” database to retrieve more “rich” types of solutions. One may need to manage a certificate, document, or other types of data or secrets.

Before you go looking at github I have not put out my “sepm_api” there… I have no doubt there are probably a few repositories out there already. The following bit of code is a simple development which creates a class to store some data.

The premise is simple. retrieve a simple keepass password from the local keyring. Use more richer data found in keypass to retrieve additional settings. The module is built around using simple requests to retrieve SEPM credentials; namely the token and reference_token which is used for more complex operations. The Symantec API is rather straightforward to use. Which is why I created the module as a utility/shim to better leveraging API calls.

import keyring
import pandas as pd
from pykeepass import PyKeePass
from sepm_api import *

# ------------------

def get_token():
    password = keyring.get_password('keypass','keypass')
    kp = PyKeePass('db.kdbx', password=password)
    entry = kp.find_entries(title='t_hamilton', first=True)
    data = sepmData()
    data.servername = entry.url
    data.username = entry.username
    data.password = entry.password
    response = get_sepm_token(data) # <class 'requests.models.Response'>
    dictionary = response.json()
    token = ""
    if 'token' in dictionary:
        data.token = dictionary["token"]
    return(data)

References:
https://alexwlchan.net/2016/11/you-should-use-keyring/