def test_generate_key_pair_with_no_existing_keys(
self, mock_client):
self.cc_obj = code_crypt.CodeCrypt(
kms_key_id=KMS_KEY_ID,
app_root=APP_ROOT,
env=ENV,
ciphertext_ext=EXT)
self.cc_obj.kms.encrypt.return_value = {
'CiphertextBlob': TEST_PLAINTEXT_PRIVATE_KEY}
self.cc_obj.generate_key_pair()
try:
with open(self.expected_public_key_file, 'r') as f:
public_key = f.read()
with open(self.expected_private_key_file, 'r') as f:
private_key = f.read()
except IOError:
print('Cannot write out generate keys.')
exit(2)
self.assertTrue(u'BEGIN PUBLIC' in public_key.split("\n")[0])
self.assertTrue(self._is_base64(private_key))
def setUp(self):
self.cc_obj = code_crypt.CodeCrypt(
kms_key_id=KMS_KEY_ID,
app_root=APP_ROOT,
env=ENV,
ciphertext_ext=EXT)
self.expected_public_key_file = os.path.join(
APP_ROOT, DATA_DIR, 'keys', ENV, 'public_key.asc')
self.expected_private_key_file = os.path.join(
APP_ROOT, DATA_DIR, 'keys', ENV, 'encrypted_private_key.pem')
def test_decrypt_large_secret_with_kms(self, mock_client):
self.cc_obj.encrypt('SECRET_NAME_DDD', LARGE_SECRET, TEST_PUBLIC_KEY)
self.cc_obj = code_crypt.CodeCrypt(
kms_key_id=KMS_KEY_ID,
app_root=APP_ROOT,
env=ENV,
ciphertext_ext=EXT)
self.cc_obj.kms.decrypt.return_value = {
'Plaintext': TEST_PLAINTEXT_PRIVATE_KEY}
decrypted_result = self.cc_obj.decrypt(
'SECRET_NAME_DDD',
encrypted_private_key=TEST_ENCRYPTED_PRIVATE_KEY)
self.assertEqual(decrypted_result, LARGE_SECRET)
def test_blob_decrypt_secret_with_kms(self, mock_client):
secret = 'DDD'
secret_blob = self.cc_obj.blob_encrypt(secret, TEST_PUBLIC_KEY)
self.cc_obj = code_crypt.CodeCrypt(
kms_key_id=KMS_KEY_ID,
app_root=APP_ROOT,
env=ENV,
ciphertext_ext=EXT)
self.cc_obj.kms.decrypt.return_value = {
'Plaintext': TEST_PLAINTEXT_PRIVATE_KEY}
decrypted_result = self.cc_obj.blob_decrypt(
secret_blob,
encrypted_private_key=TEST_ENCRYPTED_PRIVATE_KEY)
self.assertEqual(decrypted_result, secret)
def test_kms_config(
self, mock_client):
mock_client.return_value = mock.MagicMock()
self.cc_obj = code_crypt.CodeCrypt(
kms_key_id=KMS_KEY_ID,
app_root=APP_ROOT,
env=ENV,
ciphertext_ext=EXT)
self.cc_obj.kms.encrypt.return_value = {
'CiphertextBlob': TEST_PLAINTEXT_PRIVATE_KEY}
self.cc_obj.generate_key_pair()
self.assertEqual('kms', mock_client.call_args[0][0])
assert isinstance(mock_client.call_args[1]['config'], Config)
self.assertEqual(
'us-east-1', mock_client.call_args[1]['config'].region_name)
def test_decrypt_all_with_kms(self, mock_client):
secret_one = 'one'
secret_two = 'two'
self.cc_obj.encrypt(
'SECRET_NAME_1', secret_one, public_key=TEST_PUBLIC_KEY)
self.cc_obj.encrypt(
'SECRET_NAME_2', secret_two, public_key=TEST_PUBLIC_KEY)
self.cc_obj = code_crypt.CodeCrypt(
kms_key_id=KMS_KEY_ID,
app_root=APP_ROOT,
env=ENV,
ciphertext_ext=EXT)
self.cc_obj.kms.decrypt.return_value = {
'Plaintext': TEST_PLAINTEXT_PRIVATE_KEY}
decrypted_result = self.cc_obj.decrypt(
plaintext_private_key=TEST_PLAINTEXT_PRIVATE_KEY)
self.assertEqual(decrypted_result['SECRET_NAME_1'], secret_one)
self.assertEqual(decrypted_result['SECRET_NAME_2'], secret_two)
def main():
config = get_config(sys.argv)
if config.debug:
logging.basicConfig(level=logging.DEBUG)
elif config.verbose:
logging.basicConfig(level=logging.INFO)
elif config.quiet:
logging.disable(sys.maxint)
else:
logging.basicConfig()
if config.version:
print("Code Crypt - " + str(__version__))
return
if config.env not in defaults.ENV_TAGS:
print("Error: env must be set to one of the following: %s" % (
str(defaults.ENV_TAGS)))
exit(1)
env = config.env
code_crypt_obj = code_crypt.CodeCrypt(
kms_key_id=config.kms_key_id, env=env)
try:
if config.init:
code_crypt_obj.generate_key_pair()
return
if config.decrypt:
secret = code_crypt_obj.decrypt(config.decrypt)
if secret:
print(secret)
return
if config.decrypt_all:
secrets = code_crypt_obj.decrypt()
print(json.dumps(secrets, indent=2))
return
if config.import_secrets:
secrets_file = config.import_secrets
try:
with open(secrets_file, 'r') as f:
secrets_json = f.read()
except IOError as e:
raise errors.InputError("secrets file '%s' does not exist" % (
secrets_file))
code_crypt_obj.import_secrets(secrets_json)
return
if config.encrypt:
if '=' not in config.encrypt:
raise errors.InputError("provide a key value pair (usage: "
"--encrypt SOME_SECRET_NAME=some_"
"secret_value)")
keyval = config.encrypt.split('=', 1)
code_crypt_obj.encrypt(keyval[0], keyval[1])
return
if config.blob_encrypt:
blob = code_crypt_obj.blob_encrypt(config.blob_encrypt)
print(blob)
return
if config.blob_decrypt:
secret = code_crypt_obj.blob_decrypt(config.blob_decrypt)
if secret:
print(secret)
return
except errors.CodeCryptError as e:
print(str(e.message))
exit(1)
def setUp(self):
self.cc_obj = code_crypt.CodeCrypt(
kms_key_id=KMS_KEY_ID,
app_root=APP_ROOT,
env=ENV,
ciphertext_ext=EXT)