def delete_secret(self, key): """Deletes a secret.""" if not self.vault_layer: msg = "No secrets-vault layer in this environment" self.logger.error(msg) raise RequiresVaultError(msg) else: client = Dynamodb(config.boto_config).client resp = client.delete_item( TableName=self.__secrets_table_name, Key={'id': {'S': key}})['Item']['value']['B'] return resp
def delete_secret(self, key): """Deletes a secret.""" if not self.vault_layer: msg = "No secrets-vault layer in this environment" self.logger.error(msg) raise RequiresVaultError(msg) else: client = Dynamodb(config.boto_config).client resp = client.delete_item(TableName=self.__secrets_table_name, Key={'id': { 'S': key }})['Item']['value']['B'] return resp
def get_secret(self, key): """Retrieves a secret.""" if not self.vault_layer: msg = "No secrets-vault layer in this environment" self.logger.error(msg) raise RequiresVaultError(msg) else: client = Dynamodb(config.boto_config).client encrypted = client.get_item( TableName=self.__secrets_table_name, Key={'id': {'S': key}})['Item']['value']['B'] # Decrypt using KMS (assuming the secret value is a string) client = boto3.client('kms') plaintext = client.decrypt(CiphertextBlob=encrypted)['Plaintext'] return plaintext.decode()
def get_secret(self, key): """Retrieves a secret.""" if not self.vault_layer: msg = "No secrets-vault layer in this environment" self.logger.error(msg) raise RequiresVaultError(msg) else: client = Dynamodb(config.boto_config).client encrypted = client.get_item(TableName=self.__secrets_table_name, Key={'id': { 'S': key }})['Item']['value']['B'] # Decrypt using KMS (assuming the secret value is a string) client = boto3.client('kms') plaintext = client.decrypt(CiphertextBlob=encrypted)['Plaintext'] return plaintext.decode()
def dynamodb(self): """Connection to AWS DynamoDB.""" if self.__dynamodb is None: self.__dynamodb = Dynamodb(config.boto_config) return self.__dynamodb