WAuth Documentation

Machine-Locked Encrypted Secret Management for Python

Welcome to the official documentation for WAuth, a Python library that provides simple, secure, machine-locked secret storage using Fernet encryption and SQLite.

🚀 Getting Started

New to WAuth? Start here with installation, setup, and your first encrypted secret.

Getting Started

📚 API Reference

Complete API documentation with classes, methods, and type signatures.

API Reference

📖 Tutorials

Step-by-step guides for common use cases including Docker integration.

Tutorials

❓ FAQ

Frequently asked questions and troubleshooting guide.

Frequently Asked Questions (FAQ)

External Links

• 📦 PyPI: https://pypi.org/project/wauth/

• 🐙 GitHub: https://github.com/wisrovi/wauth

• 🌐 GitHub Pages: https://wisrovi.github.io/wauth/

Integration: WPipe

Combine WAuth with WPipe for powerful stateful pipelines with secure secret management.

🔐 WAuth + WPipe Pipeline

Build secure access control pipelines using WAuth for secrets and WPipe for workflow orchestration.

Tutorials

🚀 WPipe (PyPI)

WPipe is a Python library for building stateful pipelines with conditional logic, tracking, and persistence.

https://pypi.org/project/wpipe/

Example: Access control pipeline using both libraries:

from wauth import WAuth
from wpipe import Pipeline, Condition, state

# Store secrets with WAuth
auth = WAuth(db_path="secrets.db", custom_key="my-key")
auth.set("USER_PASSWORD", "secure-pass")

# Use in WPipe pipeline
@state(name="authenticate")
def authenticate(credentials):
    auth = WAuth(db_path="secrets.db", custom_key="my-key")
    real_pass = auth.get("USER_PASSWORD")
    return {"access_granted": credentials.secret == real_pass}

pipeline = Pipeline(pipeline_name="access_control")
pipeline.set_steps([authenticate, Condition(...)])

See Tutorials for the full example.

Key Features

• Fernet Encryption: AES-128-CBC encryption with machine-derived keys

• SQLite Persistence: Automatic secret storage in a local SQLite database

• Docker Support: Read Docker Swarm/Compose secrets from /run/secrets

• File Storage: Store and retrieve encrypted files (certificates, keys)

• Type Safe: Full type hints and Pydantic validation

• Zero Config: Works out of the box with sensible defaults

Quick Example

from wauth import WAuth

# Initialize
auth = WAuth()

# Store a secret (automatically encrypted with machine-locked key)
auth.set("API_KEY", "sk-12345")

# Retrieve the secret (automatically decrypted)
key = auth.get("API_KEY")
print(key)  # sk-12345

Contents

• Getting Started
  • Installation
  • Verifying Installation
  • Your First Encrypted Secret
  • Understanding Machine-Locked Encryption
  • LTS Features Quick Reference
  • Next Steps
• API Reference
  • Main Interface
  • Functional API
  • Verbose Control
  • CryptoEngine
  • Vault & SecretModel
  • Exceptions
  • Deprecation Utilities
  • Utilities
  • Drivers
• Tutorials
  • Tutorial 1: Local Development Secrets
  • Tutorial 2: Storing TLS Certificates
  • Tutorial 3: Docker Container Secrets
  • Tutorial 4: Hybrid Local + Production Setup
  • Tutorial 5: Database Migration
• Frequently Asked Questions (FAQ)
  • General Questions
  • Installation & Setup
  • Usage Questions
  • Docker Integration
  • Troubleshooting
  • Security & Quality
• Bibliography & Source Resources
  • Encryption Standards
  • Technologies
  • Code Quality Tools
  • Documentation Tools
  • Best Practices
  • Author

Indices and tables

• Index

• Module Index

• Search Page