def credstash_getall(args): if args.verbose: print('fetching your secrets from "{table}" ' '(Credstash is slow, this may take a few minutes...)'.format( table=args.src_table)) session_params = credstash.get_session_params(None, None) secrets = credstash.getAllSecrets('', region=args.region, table=args.src_table, **session_params) return secrets
def credstash_getall(args): """ Returns an object containing all your Credstash secrets from `args.table`. """ # https://github.com/fugue/credstash/blob/master/credstash.py#L297 if args.verbose: print('fetching your secrets from "{table}" ' '(Credstash is slow, this may take a few minutes...)'.format(table=args.table)) session_params = credstash.get_session_params(None, None) secrets = credstash.getAllSecrets('', region=args.region, table=args.table, **session_params) return secrets
def query(): json = app.current_request.query_params try: token = json.pop('token') response_url = json.pop('response_url') except KeyError: logger.info(json) logger.info('external request') logger.info(json) env = app.current_request.to_dict()['context']['stage'] config = credstash.getAllSecrets(context={'env': env, 'app': 'confluence'}) if not _is_authenticated_slack(token, **config): return {'text': 'Sorry, {} only works in Slack!' ''.format(json['command'])} _greet(response_url) cql = json['text'] config = credstash.getAllSecrets(context={'env': 'dev', 'app': 'confluence'}) result = _process(cql, **config) payload = dumps({"response_type": "in_channel", "text": result }) requests.post(response_url, data=payload)
def find_secrets(env_file=None, credstash_table=None, allowed_keys=None, region=None, verbose=1): secrets = Secrets() # unprintable dict # Fill with credstash secrets if credstash_table: import credstash region = region or _region_from_credstash_tablename(credstash_table) if verbose > 0: print("Fetching secrets from {table}...".format(table=credstash_table)) new_secrets = credstash.getAllSecrets(table=credstash_table, region=region) new_secrets = filter_dict(new_secrets, allowed_keys=allowed_keys) secrets.update(new_secrets) # Fill with local/.env secrets (override remote) env_file = env_file or find_dotenv(search_path=caller_dir(frames_above=1)) if env_file: import dotenv dotenv.load_dotenv(env_file, verbose=verbose > 0, override=True) new_secrets = filter_dict(os.environ, allowed_keys=allowed_keys) secrets.update(new_secrets) return secrets
def howdoi_slack(): json = app.current_request.query_params try: token = json.pop('token') response_url = json.pop('response_url') except KeyError: logger.info(json) logger.info('external request') logger.info(json) env = app.current_request.to_dict()['context']['stage'] config = credstash.getAllSecrets(context={'env': env, 'app': 'howdoi_'}) if not _is_authenticated_slack(token, **config): logger.info('Invalid token') return {'text': 'Sorry, {} only works in Slack!' ''.format(json['command'])} text = json['text'] _greet(response_url) query_response = _process_text(text) formatted_response = _format_text(query_response, text) payload = {'response_type': 'in_channel','text': formatted_response} requests.post(response_url, data=dumps(payload))
from flask import Flask, jsonify, session from flask_pyoidc.flask_pyoidc import OIDCAuthentication import os import credstash app = Flask(__name__) try: secrets = credstash.getAllSecrets( context={'application': 'example-auth0-flask-app'}, credential='example-auth0-flask-app:*', region="us-west-2" ) except: app.logger.error("Unable to load credentials with credstash") # TODO : conditional on credstash vs env vars client_info = dict() # Required settings set in environment variables app.config['SECRET_KEY'] = os.environ.get('SECRET_KEY', 'SecretKeyGoesHere') client_info['client_id'] = os.environ.get('OIDC_CLIENT_ID') client_info['client_secret'] = os.environ.get('OIDC_CLIENT_SECRET') issuer = os.environ.get('OIDC_ISSUER') # Optional settings set in environment variables app.config['SERVER_NAME'] = os.environ.get('SERVER_NAME', 'localhost:3000') app.config['PREFERRED_URL_SCHEME'] = os.environ.get('PREFERRED_URL_SCHEME', 'http') app.config['DEBUG'] = True if os.environ.get('DEBUG', 'True').lower() == 'true' else False
def listSecrets(self, table='credential-store', region=credstash.DEFAULT_REGION): return credstash.getAllSecrets(table=table, region=region)
def test_getAllSecrets_no_secrets(): s = credstash.getAllSecrets() assert s == dict()
def test_getAllSecrets(secret): s = credstash.getAllSecrets() assert s == {secret['name']: secret['value']}
from credstash import getAllSecrets import os # on aws get secrets and export to env os.environ.update(getAllSecrets(region="eu-west-1")) from app import create_app # noqa application = create_app() if __name__ == "__main__": application.run()
from flask.ext.script import Manager, Server from flask_migrate import Migrate, MigrateCommand from app import create_app, db from credstash import getAllSecrets secrets = getAllSecrets(region="eu-west-1") application = create_app('live', secrets) manager = Manager(application) migrate = Migrate(application, db) manager.add_command('db', MigrateCommand) if __name__ == '__main__': manager.run()
config = credstash.getAllSecrets(context={'env': env, 'app': 'confluence'}) if not _is_authenticated_slack(token, **config): return {'text': 'Sorry, {} only works in Slack!' ''.format(json['command'])} _greet(response_url) cql = json['text'] config = credstash.getAllSecrets(context={'env': 'dev', 'app': 'confluence'}) result = _process(cql, **config) payload = dumps({"response_type": "in_channel", "text": result }) requests.post(response_url, data=payload) def _process(cql, **config): session = _connect_confluence(**config) url = ('https://{JIRA_CLIENT_URL}/wiki/dosearchsite.action' ''.format(**config)) add_params = _add_params(cql, space=config.get('SPACE')) content = _get_content(session, url, add_params) parsed_content = _parse_content(content, **config) result = ('{}\n\n*View all ->* {}?{}\n\n^ /wiki {}' ''.format(parsed_content, url, urllib.urlencode(add_params), cql)) return result if __name__ == '__main__': import sys cql = sys.argv[1] config = credstash.getAllSecrets(context={'env': 'dev', 'app': 'confluence'}) result = _process(cql, **config) print(result)