feat: Implement Offline Secrets Manager with AES-256 Encryption#3
Conversation
Implements a comprehensive offline secrets manager for securely storing and managing environment variables across multiple projects. Features: - AES-256 encryption using Fernet symmetric encryption - PBKDF2 key derivation with 480,000 iterations (OWASP recommended) - SQLite database with SQLAlchemy ORM - Master password protection with SHA-256 hashing - Audit logging for all operations - Rich CLI interface with beautiful terminal output - Comprehensive test suite with 40+ test cases Core Modules: - src/crypto/encryption.py: Encryption/decryption logic - src/core/models.py: Database models (Config, Project, EnvVar, AuditLog) - src/core/database.py: Database connection management - src/core/storage.py: Main storage interface and business logic - src/cli/main.py: Complete CLI implementation with 10 commands CLI Commands: - init: Initialize storage with master password - create-project: Create new projects - add: Add/update environment variables - list: List projects or variables - get: Retrieve specific variable - search: Search across all projects - export: Export to .env file - delete: Delete variables - delete-project: Delete entire projects Security Features: - Offline-first design (no cloud dependencies) - Encryption at rest for all secrets - Secure password input with masking - Audit trail for security review - Cascade deletion for data integrity Testing: - test_encryption.py: 20+ encryption tests - test_storage.py: 20+ storage and integration tests - Coverage for edge cases, unicode, special characters Closes #hacktoberfest Addresses the need for secure, centralized environment variable management
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
🎉 Congratulations on your first Pull Request!
Thank you for contributing to ENV Storage Manager! This is an exciting moment for both you and our project.
What happens next?
- 🔍 Our CI/CD pipeline will run automated checks
- 👀 A maintainer will review your code
- 💬 We may request changes or ask questions
- ✅ Once approved, your PR will be merged!
Tips for success
- ✅ Make sure all CI checks pass
- 📝 Respond to review comments promptly
- 🔄 Keep your branch up to date with main
- 📖 Follow our Contributing Guidelines
Need help?
- 💬 Comment on this PR with questions
- 📚 Check our documentation
- 🤝 Join our Discussions
We're excited to have you as part of our community! 🌟
P.S. If this is for Hacktoberfest 🎃, make sure your PR follows the quality guidelines to be eligible!
curiouscoder-cmd
added
enhancement
|
looks good to me |
curiouscoder-cmd
merged commit 6ceb2ae
into
curiouscoder-cmd:main
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| storage = get_storage_manager() | ||
|
|
||
| try: | ||
| project = storage.create_project(name, description) |
Check notice
Code scanning / CodeQL
Unused local variable Note
| """ | ||
|
|
||
| from datetime import datetime | ||
| from typing import Optional |
Check notice
Code scanning / CodeQL
Unused import Note
|
|
||
| from typing import Dict, List, Optional | ||
|
|
||
| from cryptography.fernet import InvalidToken |
Check notice
Code scanning / CodeQL
Unused import Note
| Returns: | ||
| Hexadecimal hash string | ||
| """ | ||
| return hashlib.sha256(password.encode()).hexdigest() |
Check failure
Code scanning / CodeQL
Use of a broken or weak cryptographic hashing algorithm on sensitive data High
| """Tests for storage module.""" | ||
|
|
||
| import os | ||
| import tempfile |
Check notice
Code scanning / CodeQL
Unused import Note test
|
|
||
| import os | ||
| import tempfile | ||
| from pathlib import Path |
Check notice
Code scanning / CodeQL
Unused import Note test
| import pytest | ||
|
|
||
| from src.core.storage import authenticate_storage, initialize_storage | ||
| from src.crypto.encryption import EncryptionManager |
Check notice
Code scanning / CodeQL
Unused import Note test
2 participants
🎃 Hacktoberfest 2025 Contribution
📝 Description
This PR implements a comprehensive offline secrets manager for ENV Storage Manager. As a developer, managing API keys, database credentials, and other secrets across multiple projects is frustrating and error-prone. This implementation provides a secure, encrypted, offline solution to centralize and protect all your environment variables.
✨ Features Implemented
🔐 Core Security
~/.env_storage/, no cloud dependencies📦 Storage Layer
🎨 CLI Interface
init- Initialize storage with master passwordcreate-project- Create a new projectadd- Add/update environment variables (with secure input)list- List projects or environment variablesget- Retrieve specific variable with full valuesearch- Search across all projectsexport- Export to .env filedelete- Delete environment variablesdelete-project- Delete entire projects🧪 Testing
📁 Files Added/Modified
New Files:
src/crypto/encryption.py- Encryption/decryption logic (120 lines)src/core/models.py- Database models (80 lines)src/core/database.py- Database management (70 lines)src/core/storage.py- Main storage interface (400+ lines)tests/test_encryption.py- Encryption tests (150+ lines)tests/test_storage.py- Storage tests (300+ lines)main.py- Entry pointIMPLEMENTATION.md- Detailed documentationModified Files:
src/cli/main.py- Complete CLI implementation (250+ lines)🏗️ Architecture
🔒 Security Considerations
💡 Usage Examples
✅ Checklist
🎯 Why This Matters
As developers, we face daily challenges:
This implementation solves all these problems with a secure, offline-first approach.
📊 Stats
🚀 Future Enhancements
Potential improvements for future PRs:
🙏 Notes
This is my Hacktoberfest 2025 contribution. I've put significant effort into making this a high-quality, production-ready feature that genuinely solves a real problem developers face daily.
Thank you for reviewing! 🎃