2022 Code Refresh

Makefile

@@ -1,13 +1,44 @@
-init:
-	pip install -r requirements.txt
-	pip install -r requirements.test.txt
+ROOT_DIR      := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+VENV_CMD      := python3 -m venv
+VENV_DIR      := $(ROOT_DIR)/.venv
+VENV_BIN      := $(VENV_DIR)/bin
+ISORT_BIN     := $(VENV_BIN)/isort
+PYBLACK_BIN   := $(VENV_BIN)/black
+PYTEST        := $(VENV_BIN)/pytest
+
+DRY ?= true
+ifeq ($(DRY),false)
+  ISORT := $(ISORT_BIN)
+  PYBLACK := $(PYBLACK_BIN)
+else
+  ISORT := $(ISORT_BIN) --diff --check
+  PYBLACK := $(PYBLACK_BIN) --diff --check
+endif
+
+lint: venv
+	$(ISORT) code_crypt/
+	$(PYBLACK) code_crypt/
+
+test: venv
+	$(PYTEST)
 
 install:
 	python setup.py install
 
-lint:
-	pycodestyle code_crypt/
-	pyflakes code_crypt/
+###############################################################################
+# Development Environment Setup
+###############################################################################
+venv: $(VENV_DIR)
+
+$(VENV_BIN)/activate:
+	$(VENV_CMD) $(VENV_DIR)
+
+$(VENV_DIR): $(VENV_BIN)/activate requirements.txt requirements.test.txt
+	$(VENV_BIN)/python3 -m pip install -U pip && \
+	$(VENV_BIN)/pip install -U setuptools wheel && \
+	$(VENV_BIN)/pip install -r requirements.test.txt && \
+	$(VENV_BIN)/pip install -U -r requirements.txt && \
+	touch $(VENV_DIR)
 
-test:
-	nosetests
+clean:
+	find code_crypt -type f -name '*.pyc' -exec rm {} \;

README.md

@@ -1,114 +1,112 @@
-[![CircleCI](https://circleci.com/gh/Nextdoor/code-crypt.svg)](https://circleci.com/gh/Nextdoor/code-crypt)
-
 # Code Crypt
 
-Code Crypt provides a simple Python library and command line interface to 
+Code Crypt provides a simple Python library and command line interface to
 manage your application secrets within a project repository. Master keys are
-managed externally by the AWS Key Management Service (KMS), which perform 
+managed externally by the AWS Key Management Service (KMS), which perform
 envelope encryption on a RSA private key used for decrypts on individual
-secrets within a particular environment context. Encrypted secrets are kept 
+secrets within a particular environment context. Encrypted secrets are kept
 as binary files within the project folder using hybrid RSA-AES cryptopgraphy.
 
-It supports Python 2.6 or newer and all Python 3 versions.
-
 ## Features
 
 - Self-serve for project contributors
 - Scalable for a large amount of secrets (1 KMS API call to decrypt all secrets)
 - CRUD operations on a per-secret basis
 - Environment contexts (development, staging, production)
 
-## Installation
-
-0) Clone the project locally.
-1) `virtualenv .venv && source .venv/bin/activate`
-2) `make init`
-3) `make install`
-4) Test: `code-crypt --version`
-
 ## Initialize Project
 
-We have a project `my_project` that we'd like to initialize with 3 different 
-environment contexts (`development`, `staging` and `production`) with their own 
+We have a project `my_project` that we'd like to initialize with 3 different
+environment contexts (`development`, `staging` and `production`) with their own
 KMS master keys.
 
-    $ APP_ROOT=/Users/bob/my_project code-crypt --env development --init --kms-key-id aaaaaaaa-bbbb-cccc-dddd-123456111111
-    $ APP_ROOT=/Users/bob/my_project code-crypt --env staging --init --kms-key-id eeeeeeee-ffff-gggg-hhhh-123456222222
-    $ APP_ROOT=/Users/bob/my_project code-crypt --env production --init --kms-key-id iiiiiiii-jjjj-kkkk-llll-123456333333
-
-This will initialize the project folder with a data directory of the following 
+```
+$ APP_ROOT=/Users/bob/my_project code-crypt --env development --init --kms-key-id aaaaaaaa-bbbb-cccc-dddd-123456111111
+$ APP_ROOT=/Users/bob/my_project code-crypt --env staging --init --kms-key-id eeeeeeee-ffff-gggg-hhhh-123456222222
+$ APP_ROOT=/Users/bob/my_project code-crypt --env production --init --kms-key-id iiiiiiii-jjjj-kkkk-llll-123456333333
+```
+
+This will initialize the project folder with a data directory of the following
 structure:
 
-    $ pwd
-    /Users/bob/my_project
-    $ tree
-    .
-    └── code_crypt
-        └── data
-            ├── keys
-            │   ├── development
-            │   │   ├── encrypted_private_key.pem
-            │   │   └── public_key.asc
-            │   ├── production
-            │   │   ├── encrypted_private_key.pem
-            │   │   └── public_key.asc
-            │   └── staging
-            │       ├── encrypted_private_key.pem
-            │       └── public_key.asc
-            └── secrets
-                ├── development
-                ├── production
-                └── staging
-
-(Note: `--env` defaults to `development` and won't be explicitly used in this 
+```
+$ pwd
+/Users/bob/my_project
+$ tree
+.
+└── code_crypt
+    └── data
+        ├── keys
+        │   ├── development
+        │   │   ├── encrypted_private_key.pem
+        │   │   └── public_key.asc
+        │   ├── production
+        │   │   ├── encrypted_private_key.pem
+        │   │   └── public_key.asc
+        │   └── staging
+        │       ├── encrypted_private_key.pem
+        │       └── public_key.asc
+        └── secrets
+            ├── development
+            ├── production
+            └── staging
+```
+
+(Note: `--env` defaults to `development` and won't be explicitly used in this
 guide going forward.)
 
 ## Encrypt Secrets
 
 Single secrets can be encrypted with `--encrypt` option.
 
-    $ APP_ROOT=/Users/bob/my_project code-crypt --encrypt SOME_SECRET='a1b2c3'
-
-In this case an encrypted binary file would be created at 
+```
+$ APP_ROOT=/Users/bob/my_project code-crypt --encrypt SOME_SECRET='a1b2c3'
+```
+
+In this case an encrypted binary file would be created at
 `code_crypt/data/secrets/development/SOME_SECRET.bin`.
-    
+
 ## Decrypt Secrets (CLI)
 
-Single secrets can be decrypted with `--decrypt` option which returns a 
+Single secrets can be decrypted with `--decrypt` option which returns a
 plaintext value.
 
-    $ APP_ROOT=/Users/bob/my_project code-crypt --decrypt SOME_SECRET
-    a1b2c3
-    
-Multiple secrets can be decrypted with the `--decrypt-all` option which returns 
-a JSON string
-of key-value pairs.
+```
+$ APP_ROOT=/Users/bob/my_project code-crypt --decrypt SOME_SECRETa1b2c3
+```
+
+Multiple secrets can be decrypted with the `--decrypt-all` option which returns
+a JSON string of key-value pairs.
 
-    $ APP_ROOT=/Users/bob/my_project code-crypt --decrypt-all
-    {
-      "SOME_SECRET": "a1b2c3"
-    }
+```
+$ APP_ROOT=/Users/bob/my_project code-crypt --decrypt-all
+{
+    "SOME_SECRET": "a1b2c3"
+}
+```
 
 ## Decrypt Secrets (Application)
 
-Prerequisite: Grant your application run-time authentication to its environment's respective 
+Prerequisite: Grant your application run-time authentication to its environment's respective
 KMS master key.
 
 Create a Code Crypt object and run the `decrypt()` function.
 
-    from code_crypt import core as code_crypt
+```python
+from code_crypt import core as code_crypt
 
-    CC = code_crypt.CodeCrypt(app_root=MY_APP_ROOT, env=MY_ENV)
-    CC_SECRETS = CC.decrypt()
-
-The resulting `CC_SECRETS` object is a dict of decrypted secret key-value pairs.
+CC = code_crypt.CodeCrypt(app_root=MY_APP_ROOT, env=MY_ENV)
+CC_SECRETS = CC.decrypt()
+```
 
+The resulting `CC_SECRETS` object is a dict of decrypted secret key-value pairs.
 
 # Developer Setup
 
 If you are interested in working on the codebase, setting up your development
 environment is quick and easy.
 
-    $ virtualenv .venv
-    $ source .venv/bin/activate
-    $ pip install -r requirements.txt
+```bash
+$ make venv
+$ source .venv/bin/activate
+```

code_crypt/__init__.py

@@ -12,4 +12,4 @@
 #
 # Copyright 2017 Nextdoor.com, Inc
 
-__author__ = 'Nehal Patel (nehal@nextdoor.com)'
+__author__ = "Nehal Patel (nehal@nextdoor.com)"