PocketProtector

Serverless, in-repo, people-centric secret management.

PocketProtector provides a cryptographically-strong, serverless secret management infrastructure. Secrets are encrypted and stored in a versionable protected.yaml file, right alongside your application code.

Quick install:

pip install pocket_protector

Quick start:

pprotect init
pprotect add-domain
pprotect add-secret
pprotect decrypt-domain

Each command prompts for credentials when necessary. When done, simply git commit to save changes to your secret store.

Most secret management tools either sacrifice security for convenience, or require infrastructure you have to operate. PocketProtector gives you both: secrets live encrypted in your repo, versioned alongside code, with no server to run. See Why PocketProtector for the full argument.

Getting Started

• Why PocketProtector
  • The problem with secrets
  • Secrets as code
  • It scales up and it scales down
  • Anyone can write, only owners can read
  • One passphrase, many secrets
• Installation
  • Requirements
  • Install from PyPI
  • Development install
• Tutorial
  • Starting out
  • Creating a new protected
  • Adding a domain
  • Adding secrets
  • Reading a protected
  • Granting domain access
  • Decrypting secrets
  • Running applications with secrets
  • Managing credentials
  • Multi-project and automation
  • Team changes and key rotation

Reference

• CLI Reference
  • Global flags
  • Commands
• API Reference
  • KeyFile
  • Creds
  • PPError
  • Constants

Guides

• Programmatic Usage
• Security Design

Context

• Competitive Landscape
• FAQ

Project

• Changelog