Python Yubikey AWS signature library
Project description
Exile stores your AWS access key on your YubiKey device and uses it to sign your AWS API requests, protecting you against credential theft.
Installation
pip install exile
On Linux, install libpcsclite-dev (apt install libpcsclite-dev, yum install pcsc-lite-devel).
Exile requires Python 3.6+. Python 2.7 is not supported.
Synopsis
import boto3, botocore.auth
from exile import YKOATH, botocore_signers
def write_active_aws_key_to_yubikey():
credentials = boto3.Session().get_credentials()
key_name = "exile-{}-SigV4".format(credentials.access_key)
secret = b"AWS4" + credentials.secret_key.encode()
print("Writing YubiKey OATH SigV4 credential", key_name, "for", credentials.access_key)
YKOATH().put(key_name, secret, algorithm=YKOATH.Algorithm.SHA256)
key_name = "exile-{}-HmacV1".format(credentials.access_key)
secret = credentials.secret_key.encode()
print("Writing YubiKey OATH HmacV1 credential", key_name, "for", credentials.access_key)
YKOATH().put(key_name, secret, algorithm=YKOATH.Algorithm.SHA1)
write_active_aws_key_to_yubikey()
botocore_signers.install()
print("Using YubiKey credential to perform AWS call")
print(boto3.client("sts").get_caller_identity())
print("Using YubiKey credential to presign an S3 URL")
print(boto3.client("s3").generate_presigned_url(ClientMethod="get_object", Params={"Bucket": "foo", "Key": "bar"}))TOTP
Because exile uses the YubiKey OATH protocol, you can also use it to store TOTP 2FA tokens, generate and verify codes:
from exile import TOTP
TOTP().save("google", "JBSWY3DPEHPK3PXP") # Or TOTP.save_otpauth_uri("otpauth://...")
TOTP().get("google") # Returns a standard 6-digit TOTP code as a string
TOTP().verify("260153", label="google", at=datetime.datetime.fromtimestamp(1297553958))
Links
Bugs
Please report bugs, issues, feature requests, etc. on GitHub.
License
Licensed under the terms of the Apache License, Version 2.0.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file exile-0.1.0.tar.gz.
File metadata
- Download URL: exile-0.1.0.tar.gz
- Upload date:
- Size: 12.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.5.0.1 requests/2.21.0 setuptools/40.6.3 requests-toolbelt/0.8.0 tqdm/4.29.1 CPython/3.6.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1b02a94d868f91646da2b6360ef52517e7730e04385deda0c240f1ddf98a1013 |
|
| MD5 | c1efc965251dce125a96782316f15fc2 |
|
| BLAKE2b-256 | 756c0de61a7b001e970d14f4150de4687101964628751aec0ce93bba776c2d14 |
File details
Details for the file exile-0.1.0-py2.py3-none-any.whl.
File metadata
- Download URL: exile-0.1.0-py2.py3-none-any.whl
- Upload date:
- Size: 16.4 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.5.0.1 requests/2.21.0 setuptools/40.6.3 requests-toolbelt/0.8.0 tqdm/4.29.1 CPython/3.6.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 83151846989f90ae40c8612f977110eb712d4b313f0f53ff2dc1a52b6ac70094 |
|
| MD5 | 90129ab75249f2760bd10e31f0048264 |
|
| BLAKE2b-256 | 806926563e154eb68fddee5e11631621e6b15f7cad8cc26c6dbaf195dff96fa7 |
