Secrets Module¶
Credential management delegated to panzer.
BinPan implements no encryption of its own. All credentials (Binance API keys,
PostgreSQL/binbase passwords, Redis configs, etc.) are handled by panzer’s
CredentialManager, which stores them in ~/.panzer_creds (sensitive values
encrypted) and prompts the user the first time they are missing.
Secret management delegated to panzer.
BinPan does not implement its own encryption. All credentials (Binance API
keys, PostgreSQL/binbase passwords, Redis configs, etc.) are handled by
panzer.credentials.CredentialManager, which stores them in
~/.panzer_creds with three layers: in-memory cache, on-disk file (sensitive
values encrypted with AES-128-CBC) and an interactive prompt when a credential
is missing.
panzer auto-detects sensitive names by the markers secret, api_key,
password and _id. Choose credential names accordingly so that
sensitive values are encrypted and transparently decrypted on read:
postgresql_password/binbase_password-> encrypted (password)postgresql_host/postgresql_user/ … -> stored as plain textredis_conf/sentinel_data-> JSON, plain text (see*_json_secret)
Functions:
|
Get a credential as plain text. |
|
Store a credential in panzer (encrypted on disk if sensitive). |
|
Get a credential serialized as JSON (e.g. Redis / Sentinel configs). |
|
Store a dict credential as a JSON string in panzer. |
- get_secret(name: str, *, decrypt: bool = True) str[source]¶
Get a credential as plain text. Resolves memory -> disk -> prompt.
- set_secret(name: str, value: str, *, sensitive: bool | None = None, overwrite: bool = True) None[source]¶
Store a credential in panzer (encrypted on disk if sensitive).