Encryption tool for python files and packages.
$ private [--key <key>] [--output <directory>] [-z] [--predicate <expression>] file.py [<path>...]
$ private --output out example-0.0-py2-none-any.whl
$ pip install out/example-0.0-py2-none-any.whl
$ export PRIVATE_KEY=$(cat out/key.txt)
# Use installed package as usual
The key must be hexadecimal string of length 32. The file type is recognized by extension, Currently only .py and .whl files are supported.
It is possible to encrypt source distributions (.tar.gz files), but private will first build a wheel and then convert it, so the final output is alway a wheel.
The is an option to "tag" the source code with decorators. Then, It is possible to pass expression to the private script that specifies which tags to remove completely from the source.
For example:
# example.py
import private
@private.tag("a", "b")
def foo():
return "foo"
@private.tag("b", "c")
def bar():
return "bar"
@private.tag("z")
def baz():
return "baz"
Then, code parts to remove can be specified with regular python expression. To remove only the "bar" function, the predicate is simply: "c". To remove "foo" and "baz" the predicate is "a or z", or "not c".
The private script is called like this:
$ private --predicate "b and not a or z" example.py
will create encrypted file that contains only the function "foo".
It is possible to pack multiple packages into one executable zip file. For example:
$ mkdir test
$ cd test
$ pip download poetry
$ private -z --output out *
$ cd out
$ export PRIVATE_KEY=$(cat key.txt)
$ python packed.zip poetry
The result zip file can be directly executed and can call every console_script
in the packed packages.
Currently, the -z flag can be used only if the given paths are wheels or source distributions.
WARNING: the load time can be very slow with many pacakges.
The package doesn't have it's own test suit. It is tested in python 2 with the compiledb package as a wheel, and in python 3 with the full test suit of the construct package, on the original repository.
Private is not fully tested and is a hobby project in alpha stage, Use it at your own risk.
FAQs
Python modules and distribution encryption tool
We found that private demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.