def test_file_provider(self):
        from cis_crypto import secret

        os.environ["CIS_SECRET_MANAGER_FILE_PATH"] = "tests/fixture"
        manager = secret.Manager(provider_type="file")
        key_material = manager.get_key("fake-access-file-key.priv.pem")
        assert key_material is not None
    def test_ssm_provider(self):
        from cis_crypto import secret

        os.environ["CIS_SECRET_MANAGER_SSM_PATH"] = "/baz"
        key_dir = "tests/fixture/"
        key_name = "fake-access-file-key"
        file_name = "{}.priv.pem".format(key_name)
        fh = open((os.path.join(key_dir, file_name)), "rb")
        key_content = fh.read()
        key_construct = jwk.construct(key_content, "RS256")

        key_dict = key_construct.to_dict()

        for k, v in key_dict.items():
            if isinstance(v, bytes):
                key_dict[k] = v.decode()

        deserialized_key_dict = json.dumps(key_dict)
        client = boto3.client("ssm", region_name="us-west-2")
        client.put_parameter(
            Name="/baz/{}".format(key_name),
            Description="A secure test parameter",
            Value=deserialized_key_dict,
            Type="SecureString",
            KeyId="alias/aws/ssm",
        )
        manager = secret.Manager(provider_type="aws-ssm")
        key_material = manager.get_key("fake-access-file-key")
        assert key_material is not None
    def test_ssm_provider_fail(self):
        from cis_crypto import secret

        manager = secret.Manager(provider_type="aws-ssm")
        key_material = manager.get_key("this-key-doesnt-exist")
        assert key_material is not None
Example #4
0
 def _get_key(self):
     if self._jwk is None:
         manager = secret.Manager(provider_type=self.secret_manager)
         self._jwk = manager.get_key(key_name=self.key_name)
     return self._jwk