{"id":37061585,"url":"https://github.com/autodesk/propriecle","last_synced_at":"2026-01-14T06:59:47.700Z","repository":{"id":57455119,"uuid":"89303998","full_name":"Autodesk/propriecle","owner":"Autodesk","description":"Propriétaire de la Clé","archived":true,"fork":false,"pushed_at":"2017-10-03T21:03:26.000Z","size":48,"stargazers_count":0,"open_issues_count":3,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-09-23T06:31:06.070Z","etag":null,"topics":["gpg","keybase","secrets","vault"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Autodesk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-04-25T01:34:58.000Z","updated_at":"2023-01-28T14:09:44.000Z","dependencies_parsed_at":"2022-09-10T00:40:20.477Z","dependency_job_id":null,"html_url":"https://github.com/Autodesk/propriecle","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/Autodesk/propriecle","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Autodesk%2Fpropriecle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Autodesk%2Fpropriecle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Autodesk%2Fpropriecle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Autodesk%2Fpropriecle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Autodesk","download_url":"https://codeload.github.com/Autodesk/propriecle/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Autodesk%2Fpropriecle/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28412478,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T05:26:33.345Z","status":"ssl_error","status_checked_at":"2026-01-14T05:21:57.251Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gpg","keybase","secrets","vault"],"created_at":"2026-01-14T06:59:46.877Z","updated_at":"2026-01-14T06:59:47.691Z","avatar_url":"https://github.com/Autodesk.png","language":"Python","readme":"# Propriétaire de la Clé ; The Key Owner\n\n![Work In Progress](https://github.com/Autodesk/propriecle/blob/master/docs/construction.gif)\n\nThis tool is still in an early stage. If you want to play with it, enabling backups during rekey and  regeneration operations is probably wise. This tool, `propriecle`, facilitates safe interaction patterns for Vault master key concepts. As of now, it provides both an interactive and non interactive interface around the following operations\n\n* Initializing a fresh Vault instance with GPG protected root and unseal keys\n* Sealing of a Vault instance using a GPG protected root key\n* Unsealing of a Vault instance using GPG protected unseal keys\n* Rekeying with new GPG protected unseal keys\n* Rotation of the master key\n* Regeneration of a new GPG protected root key\n* Stepping down of a HA Leader server\n\nThe GPG keys may be derived from Keybase. At this point, validation is _not_ done at time of import. For the smoothest experience you should validate it out of band. The [`keybase-validator`](https://github.com/Autodesk/propriecle/blob/master/errata/keybase-validator) script _might_ help.\n\n## Running\n\nIt is possible to run propricle both interactively and as a scriptable command line tool. If you invoke it with out any arguments (or setting any configuration parameters) it will look for it's configuration directory in `~/.propriecle` and a configuration file in `~/.proprieclerc` and start the interactive ncurses based GUI. You can override the file paths with the `PROPRIECLE_DIRECTORY` and `PROPRICLE_CONFIG` environment variables.\n\nNon interactive mode makes use of the same environment variables and encapsulates what is available via the gui, plus a few other options. Each operation takes a single argument of a Vault instance name (as specified in the configuration file).\n\n* `unseal` will attempt to use every applicable key to unseal the specified vault instance. If you do not specify an instance then it will attempt to unseal _everything_.\n* `seal` will make use of the root token to seal the specified Vault instance. If you do not specify an instance then it will seal _everything_.\n* `init` will initialize a fresh vault instance, properly storing the encrypted root and unseal keys\n* `step_down` will ask a vault ha leader to step down and become standby\n* `root_get` will print the root token to stdout\n* `rekey_start` will begin the process of rekeying unseal keys\n* `rekey_auth` will attempt to use every applicable key to rekey unseal keys\n* `rekey_cancel` will cancel the process of rekeying unseal keys\n* `regenreate_start` will begin the process of generating a new root token\n* `regenerate_auth` will attempt to use every applicable key to generate a new root token\n\n## Configuration\n\nIt is configured with a simple YML file. When refferring to GPG keys you may use either a shortened GPG fingerprint ID or a a keybase username with a prefix. I.e. `keybase:otakup0pe` would encrypt things against that keybase ID. The following configuration items are supported.\n\n* `root_key` the GPG key to encode the root token against.\n* `keys` a list of GPG keys to encode unseal keys against. This will affect how many _total_ keys are requested during init, rekey, and regenerate operations.\n* `required` is the _minimum_ number of keys required for init, rekey, and regenerate operations.\n* `backup` is a boolean that controls whether spares of the unseal keys are kept on the Vault instance.\n* `vaults` is a list of Vault instances to interact with. You can specify both a friendly `name` and the `url`.\n\n## TODO\n\n* Ability to execute seal/unseal actions across entire cluster\n* Tests, Docker\n* Can you rekey gpg unseal keys?\n* Start UI thread prior to http threads\n* Make sure the http check thread timeout is low. Might have to mod hvac for this?\n* Make sure Python3.5 works!\n* Validate Keys at startup (remove the case of a init failing due to bad keys)\n* Collapse associated servers to their parent\n* Less terrible errors\n* Friendly import/export of keys?\n* Support non-root admin users\n\n## Guidelines\n\n* This project operates under a [Code of Conduct](https://autodesk.github.io/aomi/code_of_conduct).\n* Changes are welcome via pull request!\n* Please use informative commit messages and pull request descriptions.\n* Please remember to update the documentation if needed.\n* Please keep style consistent. This means PEP8 and pylint compliance at a minimum.\n* Please add both unit and integration tests. Unit tests should run in complete isolation with all disk/network calls mocked out.\n\nIf you have any questions, please feel free to contact \u003cjonathan.freedman@autodesk.com\u003e.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fautodesk%2Fpropriecle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fautodesk%2Fpropriecle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fautodesk%2Fpropriecle/lists"}