Metadata-Version: 2.4
Name: minisecret
Version: 0.1.0
Summary: A minimal AES-256-GCM-based secrets manager for Python
Home-page: 
Author: Lars Söderblom
Author-email: 
Classifier: Programming Language :: Python :: 3
Classifier: Operating System :: OS Independent
Requires-Python: >=3.7
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: cryptography
Dynamic: author
Dynamic: classifier
Dynamic: description
Dynamic: description-content-type
Dynamic: license-file
Dynamic: requires-dist
Dynamic: requires-python
Dynamic: summary

# 🔐 MiniSecret

**MiniSecret** is a minimal, secure secrets manager for Python projects and automation agents.  
It uses **AES-256-GCM encryption** and an environment-based master key to keep your secrets safe, simple, and offline.

---

## 📦 Features

- 🔒 AES-256-GCM authenticated encryption
- 🔐 Environment-based master key (`MINISECRET_KEY`)
- 🧊 Local encrypted file store (`secrets.enc.json`)
- ⚙️ Simple Python class + optional CLI tool
- 🧽 Secure memory auto-wipe for sensitive values

---

## 🧪 Summary Comparison

| Feature                   | MiniSecret     | python-keyring | python-decouple | hvac / AWS / GCP |
|---------------------------|----------------|----------------|------------------|------------------|
| 🔐 Encryption             | ✅ AES-256-GCM | ✅ OS-backed    | ❌ None           | ✅ Enterprise     |
| 📁 File-based             | ✅             | ❌              | ✅                | ❌                |
| 💻 Works offline          | ✅             | ✅              | ✅                | ⚠️ Limited        |
| 🧠 Simple to use          | ✅             | ✅              | ✅                | ❌                |
| 🛡️ Secrets in memory only | ✅ Optional     | ❌              | ❌                | ✅                |

---

## 📁 Project Structure

```
project/
├── minisecret.py         # Secrets manager
├── secrets.enc.json      # Encrypted secrets file (auto-generated)
└── your_script.py        # Your automation or GUI agent
```

---

## ⚙️ Installation

```bash
pip install cryptography
```

---

## 🔑 Setup: Master Key

### ✅ Step 1: Generate a Strong Key

```bash
python -c "import os, base64; print(base64.urlsafe_b64encode(os.urandom(32)).decode())"
```

Copy the output string.

---

### ✅ Step 2: Set the `MINISECRET_KEY` Environment Variable

#### 🔹 Linux/macOS (temporary)

```bash
export MINISECRET_KEY="your-generated-key"
```

To persist: add to `~/.bashrc` or `~/.zshrc`.

#### 🔹 Windows PowerShell (temporary)

```powershell
$env:MINISECRET_KEY = "your-generated-key"
```

#### 🔹 Windows GUI (persistent)

1. Search for **"Environment Variables"**
2. Add a new **User variable**
   - Name: `MINISECRET_KEY`
   - Value: your-generated-key

---

## 🧪 Example: Store and Use Secrets

You want to store this secret:

```
MySecretPassword
```

---

### ✅ CLI: Store the Secret

```bash
python minisecret.py put my_password MySecretPassword
```

---

### ✅ CLI: Retrieve the Secret

```bash
python minisecret.py get my_password
```

Secure retrieval (auto-wipe from memory):

```bash
python minisecret.py get my_password --secure
```

List all stored keys:

```bash
python minisecret.py list
```

---

### ✅ Python: Use the Stored Secret

```python
from minisecret import MiniSecret
import pyautogui
import time

secrets = MiniSecret()

# Secure version (wiped from memory immediately)
password = secrets.secure_get("my_password")

# Wait and type it into a GUI field
time.sleep(2)
pyautogui.write(password, interval=0.1)
```

---

## 🔐 Security Notes

- Secrets are encrypted with AES-256-GCM and stored in `secrets.enc.json`
- Secrets are decrypted only in memory when accessed
- Use `secure_get()` or `--secure` to clear secrets from memory after use
- Keep your `MINISECRET_KEY` safe and **never** commit it to source control

---

## ✅ CLI Summary

```bash
python minisecret.py put <key> <value>
python minisecret.py get <key> [--secure]
python minisecret.py list
```



