Skip to content

tailorkuldeep/messer

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

.github

.github

 
 

docs

docs

 
 

messer

messer

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

COPYRIGHT

COPYRIGHT

 
 

LICENSE

LICENSE

 
 

MANIFEST.in

MANIFEST.in

 
 

README.md

README.md

 
 

requirements.txt

requirements.txt

 
 

setup.py

setup.py

 
 

Repository files navigation

MESSER GitHub stars

Messer is a command line tool that was initially designed to be used as a replacement for chef's 'knife' tool for creating / fetching secrets. Messer uses envelope encryption with KMS + AWS S3 or Azure Vault to encrypt secrets. You can find our documentation here.

Why use Messer?

This section tries to address the advantages in using Messer and describes the philosophy behind the inception of this tool. As already stated, Messer is a replacement for chef's 'knife' tool for handling data bags and addresses some of the issues that were perceived as a threat for the consumption of 'knife' to handle secrets of a highly secure and compliant service.

  1. Envelope Encryption: Messer uses envelope encryption to secure not only the actual sensitive data but also the keys to be used for such encryptions. The key used for encrypting the sensitive data is called the Data Key and the key used to encrypt the Data key is called the master key. For both of the cloud providers supported, Messer uses the providers native API to decrypt the data key using the master key and thus never handles or stores the master key in its AWS S3 buckets or Azure Store Secrets.

  2. Multi Cloud: Messer is a useful tool for handling secrets in case of services which need to be multi cloud and run on both AWS and Azure. Migrating secrets from one cloud to another is also very easy using the bulk commands of Messer.

  3. Secure: Messer always ensures that both Data Keys and Secrets are always encrypted at rest and are only in their decrypted form in memory. For both of the cloud providers that are supported, Messer uses the providers native API to decrypt the data key using the master key and thus never handles or stores the master key in its AWS S3 buckets or Azure Store Secrets.

  4. Cross Platform: Messer is packaged as a python library and hence is portable between Unix/Linux servers and also Windows servers. Messer has been tested on both of these families of operating systems.

Cryptographic Key Details

To know more about about how the cryptographic keys are handled, refer to the following sections:

  1. AWS
  2. Azure

Installation

# after checking out the source code from GIT
cd messer
python setup.py install

Messer will install a default configuration file at an OS specific setting as defined by the argparse library. Use the configure command to view, set or create a new configuration file at a custom location. Messer will always use the default configuration file unless you override it by passing the -c argument to each command.

Help

Messer has built in help for all the sub commands it is configured to run on. To begin with, run:

messer --help

Running The Tests

CONTRIBUTING TO MESSER

Contributions are of course welcome! Please take a look at our Contributing Guide

Security Issues

Security issues shouldn't be reported on this issue tracker. Instead, file an issue to our security experts

License

This project is licensed under the Apache V2 License. See LICENSE for more information.

About

A python replacement for data bag handling

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%