def update_servers(): """Kicks off the update process for our Vault servers""" servers = [] for server in conf.get('vaults'): servers.append(get_server(server['name'])) return servers
def cli_seal_all(): """Seals every accessible Vault instance""" for name in [x['name'] for x in conf.get('vaults')]: if not seal(get_server(name)): sys.exit(1) sys.exit(0)
def cli_init(name): """Initializes Vault on the specified instance""" server = get_server(name) if not init(server): sys.exit(1) sys.exit(0)
def cli_unseal(name): """Attempts to submit every available unseal key to the specified Vault instance""" server = get_server(name) client = server['client'] for key_obj in [k for k in list_keys(server) if k['key']]: unseal(client, key_obj['key'])
def cli_root(name): """Prints the decrypted root token to stdout""" root = get_root_token(get_server(name)) if root: print(root) else: problems("Root token unavailable")
def focus_loop(screen, index): """Main interaction loop when an actual Vault instance is selected and we are looking at the detailed view.""" done = False screen.erase() while not done: server = get_server(conf.get('vaults')[index]['name']) refresh_focused(screen, server) if focus_input(screen, server): screen.erase() return
def cli_root_import(name): """Imports a plaintext root token and will encrypt according to the propriecle configuration.""" server = get_server(name) root_token = getpass('Root Token: ', stream=sys.stderr) if not root_token: problems("Must specify a token") root_key = conf.get('root_key') key_id = cryptorito.key_from_keybase(root_key[8:])['fingerprint'] encrypted = cryptorito.portable_b64encode( cryptorito.encrypt_var(root_token, [key_id])) do_write(encrypted, root_file_name(server))
def cli_unseal_import(name, s_slot): """Imports a unseal key at a spcified slot and will encrypt accordign to the propriecle configuration.""" slot = int(s_slot) server = get_server(name) unseal_key = getpass('Unseal Key: ', stream=sys.stderr) if not unseal_key: problems("Must specify a unseal key") a_key = conf.get('keys')[slot - 1] key_id = cryptorito.key_from_keybase(a_key[8:])['fingerprint'] encrypted = cryptorito.portable_b64encode( cryptorito.encrypt_var(unseal_key, [key_id])) do_write(encrypted, unseal_file_name(server, slot))
def cli_rekey_start(name): """Start the unseal rekey process""" rekey_start(get_server(name), grok_keys())
def cli_regenerate_cancel(name): """Cancels the root key regeneration process""" if not regenerate_cancel(get_server(name)): sys.exit(1) sys.exit(0)
def cli_regenerate_auth(name): """Attempts to submit every available unseal key in support of the root key regeneration process""" server = get_server(name) for key_obj in [k for k in list_keys(server) if k['key']]: regenerate_enter(server, key_obj['key'])
def cli_regenerate_start(name): """Start the root key regeneration process""" regenerate_start(get_server(name))
def cli_seal(name): """Seals the specified Vault instance""" if not seal(get_server(name)): sys.exit(1) sys.exit(0)
def cli_step_down(name): """Asks the specified Vault instance to step down from Leader""" step_down(get_server(name)) sys.exit(0)
def cli_rekey_cancel(name): """Cancels the unseal rekey process""" if not rekey_cancel(get_server(name)): sys.exit(1) sys.exit(0)