+ @ihQRt^RIt^RIt^RIt^RIt^RIt^RIHt^RIH t H t H t H t ^RI Ht^RIHt^RIHt^RIHt^RIHtHt^RIt^RIt^RIt^R IHtR R ltR R ltRRltRRRllt!RR4t Rt!]"R8Xd ]!!4R#R# ]#d]$!R4]PJ!^4R#]&d)t']$!R]' 24]PJ!^4Rt'A'R#Rt'A'i](d)t']$!R]' 24]PJ!^4Rt'A'R#Rt'A'i])d)t']$!R]' 24]PJ!^4Rt'A'R#Rt'A'i]*d)t']$!R]' 24]PJ!^4Rt'A'R#Rt'A'ii;i)a  Secure Password Vault for Python Applications Uses industry-standard encryption (AES-256-GCM) with PBKDF2 key derivation. Supports encrypted master password storage: - VAULT_KEY : Fernet key stored in project .env file - ID_ENC : Master password encrypted with VAULT_KEY, stored in OS env var - VPATH : Path to vault.enc, stored in OS env var - VAULT_DIR : Path to this file, stored in OS env var Setup (run once per machine): python vault.py setup # generates VAULT_KEY, sets OS env vars python vault.py create # initializes vault.enc Credential management: python vault.py store python vault.py get [USERNAME] python vault.py list python vault.py delete python vault.py change-master Master password utilities: python vault.py generate-key # generate a new VAULT_KEY python vault.py encrypt-master # encrypt master password with VAULT_KEY python vault.py decrypt-master # verify/test decryption N)Path)DictOptionalAnyTuple) PBKDF2HMAC)hashes)AESGCM)Fernet)InvalidSignature InvalidTag)datetimec$V^8dQhR\/#returnstr)formats"C:\code\desktop_vault\vault.py __annotate__r3s**C*cH\P!4P4#)z=Generate a new Fernet key for encrypting the master password.)r generate_keydecoderrgenerate_vault_keyr3s    ' ' ))rc<V^8dQhR\R\R\/#rmaster_password vault_keyrr)rs"rrr8s!88S8S8S8rc\VP44pVPVP44P4#)zy Encrypt the master password using the VAULT_KEY. Returns the encrypted token as a string (stored as ID_ENC OS env var). )r encodeencryptr)rr fs&& rencrypt_master_passwordr%8s8 y!"A 99_++- . 5 5 77rc<V^8dQhR\R\R\/#)rid_encr rr)rs"rrrAs!//C/C/C/rc\VP44pVPVP44P4#)zz Decrypt ID_ENC using VAULT_KEY to recover the master password. Raises InvalidToken if either value is wrong or tampered. )r r"decryptr)r'r r$s&& rdecrypt_master_passwordr*As5 y!"A 99V]]_ % , , ..rc0V^8dQhR\R\/#)rr rr)rs"rrrJs<s"44C4u44rc\\P!4^ VRR7pVPVP R44#) ' ) algorithmlengthrP iterationsutf-8)rrSHA256deriver")rIrOrPkdfs&&& r _derive_keySecureVault._derive_keys8mmo   zz(//'233rc,<V^8dQhRS[RS[RS[/#rNrQ)rr=s"rrr>s'[[c[[3[rcn\P!RVPR4VR4P4#)sha256rYrU)hashlib pbkdf2_hmacr"hex)rIrOrPs&&&r_create_password_hash!SecureVault._create_password_hashs+""8X__W-EtVTXXZZrcB<V^8dQhRS[S[S[3,RS[RS[/#)rdatarr)rrrrR)rr=s"rrr>s*==$sCx.=3=5=rc\P!^ 4p\P!^ 4pVPW#4pVPW#4pRRR\P !4P 4RVRV/p\V4pVPV\P!V4PR4R4p R\P!V4PR4R \P!V4PR4R \P!V 4PR4/p \P!V 4PR4#) rTversionz1.0created password_hashentriesrYNrPnonce ciphertext)secrets token_bytesr]rer now isoformatr r#jsondumpsr"base64 b64encoder) rIrhrrPrnr6rl vault_dataaesgcmroencrypted_packages &&& r _encrypt_dataSecureVault._encrypt_datas""2&##B'522?I u x||~//1 ] t  ^^E4::j+A+H+H+QSWX F$$T*11': V%%e,33G< &**:6==gF  zz+,33G<s2bbEbCbDQTVYQYNbrc\P!VPR44p\P!VR,4p\P!VR,4p\P!VR,4pVP W$4p\ V4pVPWVR4p \P!V PR44p VPW$4p V R,V 8wd \R4hV R,# \d \R4h\P\3dp \R 4T hRp ? i\d \R 4hi;i) rYrPrnroNrlzInvalid master passwordrmz Incorrect vault master password.z$Vault file is corrupt or unreadable.zAVault data signature invalid -- file may have been tampered with.)rtloadsrrv b64decoder]r r)rer4r JSONDecodeErrorKeyErrorr ) rIr~rpackagerPrnror6rydecrypted_datarx expected_hashes &&& r _decrypt_dataSecureVault._decrypt_datas* bjj!6!6w!?@G##GFO4D$$WW%56E))',*?@J""?9CC[F#^^EtDNN$9$9'$BCJ 66MM/*m; !:;;i( ( A?@ @$$h/ LCD! K b`a a bs$DD.E3E4 E E Ec<<V^8dQhRS[S[S[3,RS[/#)rrmr)rrrtuple)rr=s"rrr>s# ! !4S> !e !rcRp\VP44FUwr4\V\4'gKRV9gK&\VR,\4'gKEVR,pWT/W&RpKW V'd \ R4W3#)FusernameTz4INFO: Vault migrated to multi-user format. Saving...)listitems isinstancedictrprint)rIrmmigratedservicevaluers&& r_migrate_flat_vaultSecureVault._migrate_flat_vaultsv"7==?3NG%&&:+>:eT^N_adCeCe ,$,#4  4  H I  rc&<V^8dQhRS[RS[/#)rrrrbool)rr=s"rrr>sC4rcVPP4'd<\RVP R24pVP4R8wd\ R4R#V'g \ 4p\ V4^ 8d \R4hVP/V4pVPPV4\PR8wdVPPR4\ RVP 24R #) zVault already exists at z. Overwrite? (y/N): yzVault creation cancelled.F4Master password must be at least 12 characters long.rCizVault created successfully at T) r<existsinputlowerrr8lenr4r{ write_bytesr1rFrG)rIrresponser~s&& r create_vaultSecureVault.create_vaults ?? ! ! # #77HH\]^H~~3&1257O  " $ST T++B@ ##N3 77d? OO ! !% ( .t.?@Arc,<V^8dQhRS[RS[RS[/#rr)rr=s"rrr>s#C3RVrcVPP4'g\RVP 24R#V'g \V4pVPP 4pVP W14VnVPVP 4wVnpWnV'dVP4\R4R# \dp\RT 24Rp?R#Rp?ii;i)zVault not found at FzVault unlocked successfully.TzFailed to unlock vault: N) r<rrr8 read_bytesr _vault_datar_master_password _save_vaultr4)rIrr r~rrs&&& r unlock_vaultSecureVault.unlock_vaults%%'' ''89 :5i@O !__779N#11.RD )-)A)A$BRBR)S &D h$3 !  " 0 1  ,QC0 1 sAS>ST ##N3rc 8<V^8dQhRS[RS[RS[RS[RS[/#)rrrrOnotesrr)rr=s"rrr>s2cSCPS]arc \VR4'g\R4R#\P!4P 4pVP P V/4P V/4pRVRVRVRVP RV4RV/pWP 9d/VP V&WpP V,V&VP4\RV R V R 24R #) r+Vault is not unlocked. Please unlock first.FrrOrrkmodifiedPassword for '' / 'z' stored successfully.T)rrr rrrsrgetr)rIrrrOrrrexisting_entryentrys&&&&& rstore_passwordSecureVault.store_passwordst]++ ? @lln&&())--gr:>>xL   U ~)))S9    ** *(*D  W %.3!(+  wiuXJ6LMNrc R<V^8dQhRS[RS[RS[S[S[S[3,,/#rrrr)rrrr)rr=s"rrr>s2  C 3 (4PSUXPX>BZ rc\VR4'g\R4R#VPPV4pVfR#VeVPV4#V#)rrN)rrrr)rIrrservice_entriess&&& r get_passwordSecureVault.get_passwordsWt]++ ? @**..w7  "  "&&x0 0rc <V^8dQhRS[/#r)r)rr=s"rrr>strc\VR4'g\R4.#VPVP4wVnpV'dVP 4.pVPP 4F`wr4\ V\4'gKVP 4F/wrV\ V\4'gKVPW534K1 Kb \V4#)rr) rrrrrrrrappendsorted)rIrpairsrusersrrs& r list_servicesSecureVault.list_servicesst]++ ? @I%)%=%=d>N>N%O"(     "..446NGeT**#(;;=eT**LL'!45$17 e}rc,<V^8dQhRS[RS[RS[/#rr)rr=s"rrr>s"scdrc\VR4'g\R4R#WP9d\RV R24R#W PV,9d\RV RV R24R#VPV,VVPV,'gVPVVP4\RV R V R 24R #) rrFz Service 'z' not found in vault.z Username 'z' not found under service 'z'.rrz' deleted successfully.T)rrrr)rIrrs&&&rdelete_passwordSecureVault.delete_passwordst]++ ? @ ** * IgY&;< = ++G4 4 Jxj(CG9BO P   W %h /((  )  wiuXJ6MNOrc&<V^8dQhRS[RS[/#)r new_passwordrr)rr=s"rrr>)s3$rcR\VR4'g\R4R#V'g_\P!R4p\P!R4pW8wd\R4K@\V4^ 8d\R4K]WnVP 4\R4R#) rrFTz!Enter NEW vault master password: z#Confirm new vault master password: z(Passwords don't match. Please try again.rz%Master password changed successfully.)rrr5rrr)rIrconfirm_passwords&& rchange_master_password"SecureVault.change_master_password)st]++ ? @&/RS #*??3X#Y 3DE|$r)PQ ,  56rc\VR4'dVPP4V=\VR4'd$R\VP4,VnV=\ R4R#)rrxz Vault locked.N)rrclearrrr)rIs&r lock_vaultSecureVault.lock_vault=s[ 4 ' '    " " $ 4+ , ,$'#d.C.C*D$DD !% or)rHrrr<N)NN))__name__ __module__ __qualname____firstlineno____doc__rKr]rer{rrrrrrrrrrr__static_attributes____classdictcell__)r=s@rr:r:ks   44[[==(bb* ! !"&4 (   "(rr:c\P!RR7pVPRRR7VPRRR7VPRRR 7pVP R R R7VP R R R7VP RRR7VP RRR7VP RRR7VP RRR7pVPRRR7VPRRR7VPRRRR7VP RRR7pVPRR R7VPRR!R"R#R$7VP R%R&R7VP R'R(R7pVPRR R7VPRRR7VP R)R*R7VP 4pVP 'gVP4R"#\VR+R"4;'g\P!R,4pVP R 8Xd1\4p\R-V 24\R.4\R/4R"#VP R 8Xd`T;'g\R04P4p\P!R14p\!W4p \R2V 24\R34R"#VP R8XdtT;'g\R04P4p\P!R44;'g\R54P4p \#W4p\R64R"#VP R8XEd\R84\4p\R9V 24\R:4\R;V R<24\P!R=4p\'V4^ 8d"\R>4\(P*!^4\!W4p VP,;'gR?p \/\1\24P54P64p \R@4\RAV 24\RBV 24\RCV 24\RD4R"#\9VP,4pVP R8XdVP;4R"#VP R8XdVP=VRE7'd\P!RFVP> RGVP@ RH24pVPB;'g\RI4P4pVPEVP>VP@VV4VPG4R"#R"#VP R8XEd VP=VRE7'EdVPIVP>VP@4pVfPVP@'dRJVP> RGVP@ RJ2MRJVP> RJ2p\RKV 24EMbVP@'dTp\RLVP> 24\RMVR, 24\RNVRO, 24VRP,'d\RQVRP, 24\RRVRS, 24\RTVRU, 24M\KVPM44Fwpp\RLVP> 24\RMVR, 24\RNVRO, 24VRP,'d\RQVRP, 24\RRVRS, 24\RTVRU, 24\4K VPG4R"#R"#VP R%8XdzVP=VRE7'd`VPO4pV'd+\RV4VFwpp\RWV RXV RY24K M \RZ4VPG4R"#R"#VP R'8XdVP=VRE7'dt\R[VP> RGVP@ R\24pVPQ4R]8Xd'VPSVP>VP@4VPG4R"#R"#VP R)8Xd=VP=VRE7'd#VPU4VPG4R"#R"#R"# \$dp \R7T 24R"p ? R"#R"p ? ii;i)^zSecure Password Vault) descriptionz --vault-pathz,Path to vault file (overrides VPATH env var))helpz --vault-keyzGFernet key for master password decryption (overrides VAULT_KEY env var)commandzAvailable commands)destrz generate-keyzGenerate a new VAULT_KEYzencrypt-masterz0Encrypt master password with VAULT_KEY -> ID_ENCzdecrypt-masterz(Decrypt ID_ENC to verify master passwordsetupzDFull first-time setup: generate key, encrypt password, show env varscreatezCreate a new vaultstorezStore a passwordrzService name (e.g. MULBUILDDB1)rUsernamez--notesrzOptional notes)defaultrrzRetrieve a passwordz Service name?NzUsername (optional))nargsrrrzList all servicesdeletezDelete a passwordz change-masterzChange master passwordr r.z VAULT_KEY=z) Add VAULT_KEY to your project .env file.zKeep it out of source control. zEnter VAULT_KEY: r0z ID_ENC=zH Set ID_ENC as a persistent OS environment variable (see setup script). r-zEnter ID_ENC: z0Decryption successful. Master password verified.zDecryption failed: z === Vault First-Time Setup === zGenerated VAULT_KEY: z% Add this to every project .env file:z VAULT_KEY= z,Enter vault master password (min 12 chars): z/ERROR: Password must be at least 12 characters.zC:\code\vault\vault.enczS Set these OS user environment variables (setup_vault.ps1 does this automatically):z ID_ENC = z VPATH = z VAULT_DIR = z# Then run: python vault.py create )r zEnter password for 'rz': z'Notes (optional, press Enter to skip): 'zNo password found for z Service: z Username: z Password: rOrz Notes: z Created: rkz Modified: rzStored services:z - z ()zNo passwords stored in vault.zDelete password for 'z '? (y/N): r)+argparseArgumentParser add_argumentadd_subparsers add_parser parse_argsr print_helpgetattrr1r2rrrstripr5r%r*r3rsysexitr<rr__file__resolverDr:rrrrrrrrrrrrrr)parser subparsersstore_pget_pdel_pargsr r6pwencr'rvpath vault_dirvaultrOrresulttargetrunamerrrconfirms rmainrKs  $ $1H IF -[\  -vw&&I%b. #  Z[ ||''AAu%89??A))H%HH/?)@)F)F)H -(5B D E  ||w 23 " (./ 67 SE$% __K L r7R< C D HHQK%b.OOCC'CX..0778  de se$% ug&' yk*+ 56  (E ||x       2 2)=dll^5QUQ^Q^P__b'cdHzz]]U+T%U%[%[%]E  t}}h N     3       2 2'' dmmDF~DHMMM1T\\N% a@YZ[_[g[gZhhiWj.vh78 4<<.12 5#4"567 5#4"567>>JuW~&678 5#3"456 5#4"567$*6<<>$:LE5Jt||n56JuZ'8&9:;JuZ'8&9:;W~~ 5>*:;<JuY'7&89:JuZ'8&9:;G%;    1 34       2 2'')E()).%GXD H:Q78*/56     3  !     2 23DLL>t}}oU_`aG}}#%%%dllDMMB     3  (     2 2  ( ( *     3 )m - 's+ , , -sc d+c??d__main__z Aborted.zERROR: Permission denied -- zERROR: File not found -- zERROR: zERROR: Unexpected error -- r)+rr1rtrvr5rbpathlibrtypingrrrr)cryptography.hazmat.primitives.kdf.pbkdf2rcryptography.hazmat.primitivesr+cryptography.hazmat.primitives.ciphers.aeadr cryptography.fernetr cryptography.exceptionsr r rprrr rr%r*r8r:rrKeyboardInterruptrrPermissionErrorrFileNotFoundErrorrr3rrrrs;6 --@1>&@ * 8/E.?C""E.+E.,DE.E.D<<E.E.E))E.