ghost
commented
8 years ago secureconfig doesn't seem to support password based encryption. So a separate file is needed to store the salt and iteration count.
Storing this in a separate file could lead to some surprises when a user has backed keys.dat up, but has forgot to also back up keys-settings.dat (or whatever it's called), and then keys.dat will be impossible to decrypt.
A checksum would also be nice, as that would make it easy to check for accidental file corruption without the password.
https://pypi.python.org/pypi/secureconfig/