def decrypt_environment(
self,
environment: Dict[str, str],
**kwargs: Any,
) -> Dict[str, str]:
self.ecosystem = self.get_vault_ecosystems_for_clusters()[0]
self.client = get_vault_client(
ecosystem=self.ecosystem,
num_uses=len(environment),
vault_auth_method=self.vault_auth_method,
vault_token_file=self.vault_token_file,
)
secret_environment = {}
for k, v in environment.items():
secret_name = get_secret_name_from_ref(v)
secret_path = os.path.join(
self.secret_dir,
f"{secret_name}.json",
)
secret = get_plaintext(
client=self.client,
env=self.ecosystem,
path=secret_path,
cache_enabled=False,
cache_dir=None,
cache_key=None,
context=self.service_name,
).decode('utf-8')
secret_environment[k] = secret
return secret_environment
def decrypt_secret(self, secret_name: str) -> str:
ecosystem = self.get_vault_ecosystems_for_clusters()[0]
if 'VAULT_TOKEN_OVERRIDE' not in os.environ:
username = getpass.getuser()
password = getpass.getpass("Please enter your LDAP password to auth with Vault\n")
else:
username = None
password = None
client = get_vault_client(
ecosystem=ecosystem,
username=username,
password=password,
)
secret_path = os.path.join(
self.secret_dir,
f"{secret_name}.json",
)
return get_plaintext(
client=client,
path=secret_path,
env=ecosystem,
cache_enabled=False,
cache_key=None,
cache_dir=None,
context=self.service_name,
).decode('utf-8')
def decrypt_secret_raw(self, secret_name: str) -> bytes:
client = self.clients[self.ecosystems[0]]
secret_path = os.path.join(self.secret_dir, f"{secret_name}.json")
return get_plaintext(
client=client,
path=secret_path,
env=self.ecosystems[0],
cache_enabled=False,
cache_key=None,
cache_dir=None,
context=self.service_name,
)
def decrypt_secret(self, secret_name: str) -> str:
client = self.clients[self.ecosystems[0]]
secret_path = os.path.join(self.secret_dir, f"{secret_name}.json")
return get_plaintext(
client=client,
path=secret_path,
env=self.ecosystems[0],
cache_enabled=False,
cache_key=None,
cache_dir=None,
context=self.service_name,
rescue_failures=False,
).decode("utf-8")
def decrypt_environment(self, environment: Dict[str, str],
**kwargs: Any) -> Dict[str, str]:
client = self.clients[self.ecosystems[0]]
secret_environment = {}
for k, v in environment.items():
secret_name = get_secret_name_from_ref(v)
secret_path = os.path.join(self.secret_dir, f"{secret_name}.json")
secret = get_plaintext(
client=client,
env=self.ecosystems[0],
path=secret_path,
cache_enabled=False,
cache_dir=None,
cache_key=None,
context=self.service_name,
).decode("utf-8")
secret_environment[k] = secret
return secret_environment
