def unvault(self, name, target=None, download=True):
assert self.key, "you have to give a key or set in $VAULT_KEY"
assert name, "give a vault name"
vault_tmp, vault_zip, vault_crypt = self.directories(name)
if download:
assert self.s3_path, "No s3_path specified"
assert self.s3_bucket, "No s3_bucket specified"
assert self.s3_useragent, "you need to provide $S3_VAULT_USERAGENT"
self.download(self.s3_bucket, self.s3_file(name), vault_crypt)
assert os.path.exists(vault_crypt), "Download failed for %s" % self.s3_file(name)
with open(vault_zip, 'w') as vz, open(vault_crypt) as vc:
c = vc.read()
aes = AESCipher(self.key)
plain = aes.decrypt(c)
vz.write(plain)
try:
zipf = ZipFile(vault_zip)
zipf.extractall(target or self.location)
except BadZipfile as e:
raise BadZipfile('Could not extract %s. Did you set the key?' % vault_crypt)
members = [os.path.join(target or self.location, member)
for member in zipf.namelist()]
self.extracted_files.extend(members)
self.cleanup(name)
return members
def make(self, name=None, src=None, include=None, upload=True):
"""
Takes a directory, zips all files in it, encrypts the file
and uploads it to the path (use s3://bucket/path).
If not provided the key is randomly generated and output as a result.
Use this key to decrypt the file.
Uses $S3_VAULT_KEY if available.
"""
assert self.key, "you have to give a key or set in S3_VAULT_KEY"
assert name, "give a vault name"
vault_tmp, vault_zip, vault_crypt = self.directories(name)
try:
os.remove(vault_zip)
os.remove(vault_crypt)
except:
pass
# create zip file
self.zipfiles(src or self.location, vault_zip,
exclude='.vault',
include=include)
with open(vault_zip) as vz, open(vault_crypt, 'w') as vc:
zipped = vz.read()
aes = AESCipher(self.key)
c = aes.encrypt(zipped)
vc.write(c)
if upload:
assert self.s3_path, "No s3_path specified"
assert self.s3_bucket, "No s3_bucket specified"
self.upload(vault_crypt, self.s3_bucket, self.s3_file(name))
return vault_crypt
