def update_servers():
"""Kicks off the update process for our Vault servers"""
servers = []
for server in conf.get('vaults'):
servers.append(get_server(server['name']))
return servers
def cli_seal_all():
"""Seals every accessible Vault instance"""
for name in [x['name'] for x in conf.get('vaults')]:
if not seal(get_server(name)):
sys.exit(1)
sys.exit(0)
def cli_init(name):
"""Initializes Vault on the specified instance"""
server = get_server(name)
if not init(server):
sys.exit(1)
sys.exit(0)
def cli_unseal(name):
"""Attempts to submit every available unseal key to
the specified Vault instance"""
server = get_server(name)
client = server['client']
for key_obj in [k for k in list_keys(server) if k['key']]:
unseal(client, key_obj['key'])
def cli_root(name):
"""Prints the decrypted root token to stdout"""
root = get_root_token(get_server(name))
if root:
print(root)
else:
problems("Root token unavailable")
def focus_loop(screen, index):
"""Main interaction loop when an actual Vault instance is selected
and we are looking at the detailed view."""
done = False
screen.erase()
while not done:
server = get_server(conf.get('vaults')[index]['name'])
refresh_focused(screen, server)
if focus_input(screen, server):
screen.erase()
return
def cli_root_import(name):
"""Imports a plaintext root token and will encrypt
according to the propriecle configuration."""
server = get_server(name)
root_token = getpass('Root Token: ', stream=sys.stderr)
if not root_token:
problems("Must specify a token")
root_key = conf.get('root_key')
key_id = cryptorito.key_from_keybase(root_key[8:])['fingerprint']
encrypted = cryptorito.portable_b64encode(
cryptorito.encrypt_var(root_token, [key_id]))
do_write(encrypted, root_file_name(server))
def cli_unseal_import(name, s_slot):
"""Imports a unseal key at a spcified slot and will
encrypt accordign to the propriecle configuration."""
slot = int(s_slot)
server = get_server(name)
unseal_key = getpass('Unseal Key: ', stream=sys.stderr)
if not unseal_key:
problems("Must specify a unseal key")
a_key = conf.get('keys')[slot - 1]
key_id = cryptorito.key_from_keybase(a_key[8:])['fingerprint']
encrypted = cryptorito.portable_b64encode(
cryptorito.encrypt_var(unseal_key, [key_id]))
do_write(encrypted, unseal_file_name(server, slot))
def cli_rekey_start(name):
"""Start the unseal rekey process"""
rekey_start(get_server(name), grok_keys())
def cli_regenerate_cancel(name):
"""Cancels the root key regeneration process"""
if not regenerate_cancel(get_server(name)):
sys.exit(1)
sys.exit(0)
def cli_regenerate_auth(name):
"""Attempts to submit every available unseal key in support
of the root key regeneration process"""
server = get_server(name)
for key_obj in [k for k in list_keys(server) if k['key']]:
regenerate_enter(server, key_obj['key'])
def cli_regenerate_start(name):
"""Start the root key regeneration process"""
regenerate_start(get_server(name))
def cli_seal(name):
"""Seals the specified Vault instance"""
if not seal(get_server(name)):
sys.exit(1)
sys.exit(0)
def cli_step_down(name):
"""Asks the specified Vault instance to step down from Leader"""
step_down(get_server(name))
sys.exit(0)
def cli_rekey_cancel(name):
"""Cancels the unseal rekey process"""
if not rekey_cancel(get_server(name)):
sys.exit(1)
sys.exit(0)
