Initial working release

Extensible passphrase resolver, supporting prompting as well as passphrases stored in environment variables, files or keyrings

Some examples of smart passphrase descriptors:

• pass:<passphrase> to directly provide a passphrase inline
• env:<env-var-name> to get the passphrase from an environment variable. The application may configure a custom environment dictionary, or os.osenviron() is used
• file:<file-name> to get the passphrase from the file at location pathname. The application may configure a base directory for relative paths, or the current working directory is used.
• fd:<file-descriptor-number> read the passphrase from the provided file descriptor number
• stdin: to read from standard input
• prompt: to prompt the user with "Password: " and read from console with typed characters hidden (uses getpass)
• prompt:<prompt-string> to prompt the user with a custom prompt string and read from console with typed characters hidden (uses getpass)
• keyring:<service-name>,<key-name> to load the passphrase from keyring. The application may configure a prefix that will be prepended to either the service-name or the key-name or both, to define a unique namespace for the application.
• keyring:<key-name> to load the passphrase from keyring, using a default service name configured by the application. The application may configure a prefix that will be prepended to key-name, to define a unique namespace for the application.
• none: To provide a None value for the passphrase (useful for chaining defaults)
• empty: To provide an empty passphrase

Command tool

A command tool, get-passphrase, is provided that will expand a smart passphrase descriptor provided as an argument.