turkeyutils is a set of python bindings for keyutils (available from http://people.redhat.com/~dhowells/keyutils), a key management suite that leverages the infrastructure provided by the Linux kernel for safely storing and retrieving sensitive infromation in your programs.
The C extension module follows closely the C API (see add_key(2), request_key(2), keyctl_read_alloc(2)).
Exceptions also follow the C API. The only notable difference is for request_key: when the key is not present, None is returned, instead of raising an exception (which is usually a more expensive operation).
Note that the function parameters are passed as bytes not strings! On python 3 this usually requires an explicit param.encode() call.
For example:
import keyutils
# NOTE: only pass `bytes` to the keyutils API:
name = b'foo'
value = b'bar'
ring = keyutils.KEY_SPEC_PROCESS_KEYRING
key_id = keyutils.add_key(name, value, ring)
assert keyutils.request_key(name, ring) == key_id
assert keyutils.read_key(key_id) == value
# set timeout to 5 seconds, wait and then... it's gone:
keyutils.set_timeout(key_id, 5)
from time import sleep
sleep(6)
assert keyutils.request_key(name, ring) == NoneFurther examples can be found in the test subfolder.
This project was part of the Conary/rpath project at SAS that is no longer supported or maintained. This project is a fork maintained by me!