No description
Find a file
Samuel Dion-Girardeau dc6054f09c Encrypt passwords stored in Redis
Using symmetric encryption in the `cryptography`'s `Fernet` class,
we can ensure that no one can snoop the passwords simply by having access
to the Redis store.

An encryption key is sent to the secret receiver, along with the 32 character
Redis key that identifies the secret, which is needed to decrypt the password.
2017-05-11 21:28:22 -04:00
snappass Encrypt passwords stored in Redis 2017-05-11 21:28:22 -04:00
.bumpversion.cfg Prepare snappass for distribution. 2013-10-05 23:10:50 -07:00
.dockerignore Add Dockerfile/.dockerignore files 2016-07-18 17:37:54 -04:00
.gitignore Add virtualenv env/ to gitignore 2016-07-18 11:53:29 -07:00
.travis.yml Add support for python 3.6 2017-01-08 19:24:10 -05:00
AUTHORS.rst Fix broken list formatting in AUTHORS.rst 2017-04-15 12:29:40 -04:00
CONTRIBUTING.rst Fix coverage commands 2016-08-22 20:32:22 -04:00
dev-requirements.txt Explicitly list dev requirements in dedicated file 2016-08-22 20:32:22 -04:00
docker-compose.yml Update docker-compose file to version 2 2016-10-24 16:03:03 +02:00
Dockerfile Add support for python 3.6 2017-01-08 19:24:10 -05:00
LICENSE Prepare snappass for distribution. 2013-10-05 23:10:50 -07:00
MANIFEST.in Prepare snappass for distribution. 2013-10-05 23:10:50 -07:00
README.rst Add PyPI badge 2017-04-30 17:17:14 -04:00
requirements.txt Encrypt passwords stored in Redis 2017-05-11 21:28:22 -04:00
setup.cfg Bump version fixing bumpversion workflow, minor 2017-04-28 09:47:46 -07:00
setup.py Bump version fixing bumpversion workflow, minor 2017-04-28 09:47:46 -07:00
tests.py added skype to sneaky_bots test 2017-02-17 21:48:10 -06:00
tox.ini Fix tox env name, flake8 is recognized by the flake8 tool and duplicates setup.cfg 2017-04-23 10:08:49 -07:00

========
SnapPass
========

|pypi| |build|

.. |pypi| image:: https://img.shields.io/pypi/v/snappass.svg
    :target: https://pypi.python.org/pypi/snappass
    :alt: Latest version released on PyPI

.. |build| image:: https://travis-ci.org/pinterest/snappass.svg
    :target: http://travis-ci.org/pinterest/snappass
    :alt: Build status

It's like SnapChat... for Passwords.

This is a webapp that lets you share passwords securely.

Let's say you have a password.  You want to give it to your coworker, Jane.
You could email it to her, but then it's in her email, which might be backed up,
and probably is in some storage device controlled by the NSA.

You could send it to her over chat, but chances are Jane logs all her messages
because she uses Google Talk, and Google Talk logs everything.

You could write it down, but you can't find a pen, and there's way too many
characters because your Security Person, Paul, is paranoid.

So we built SnapPass.  It's not that complicated, it does one thing.  If
Jane gets a link to the password and never looks at it, the password goes away.
If the NSA gets a hold of the link, and they look at the password... well they
have the password.  Also, Jane can't get the password, but now Jane knows that
not only is someone looking in her email, they are clicking on links.

Anyway, this took us very little time to write, but we figure we'd save you the
trouble of writing it yourself, because maybe you are busy and have other things
to do.  Enjoy.

Requirements
------------

* Redis.
* Python 2.6, 2.7 or 3.3+.

Installation
------------

::

    $ pip install snappass
    $ snappass
    * Running on http://0.0.0.0:5000/
    * Restarting with reloader

Configuration
-------------

You can configure the following via environment variables.

`SECRET_KEY` this should be a unique key that's used to sign key.  This should
be kept secret.  See the `Flask Documentation`__ for more information.

.. __: http://flask.pocoo.org/docs/quickstart/#sessions

`DEBUG` to run Flask web server in debug mode.  See the `Flask Documentation`__ for more information.

.. __: http://flask.pocoo.org/docs/quickstart/#debug-mode

`STATIC_URL` this should be the location of your static assets.  You might not
need to change this.

`NO_SSL` if you are not using SSL.

`REDIS_HOST` this should be set by Redis, but you can override it if you want. Defaults to `"localhost"`

`REDIS_PORT` is the port redis is serving on, defaults to 6379

`SNAPPASS_REDIS_DB` is the database that you want to use on this redis server. Defaults to db 0

`REDIS_URL` is optional and, if set, will be used instead of `REDIS_HOST`, `REDIS_PORT`, and `SNAPPASS_REDIS_DB` to configure the Redis client object. For example: redis://username:password@localhost:6379/0

Docker
------

Alternatively, you can use `Docker`_ and `Docker Compose`_ to install and run SnapPass:

.. _Docker: https://www.docker.com/
.. _Docker Compose: https://docs.docker.com/compose/

::

    $ docker-compose up -d

This will pull all dependencies, i.e. Redis and appropriate Python version (3.6), then start up SnapPass and Redis server. SnapPass server is accessible at: http://localhost:5000