def test_set_key_vault_no_key():
lib = Crypto()
lib._vault = mock_vault = mock.Mock()
key = lib.generate_key()
mock_vault.get_secret.return_value = Secret("MockSecret", "", {"key": key})
lib.use_encryption_key_from_vault("SomeKeyValue")
assert mock_vault.get_secret.called_once_with("SomeKeyValue")
assert lib._key is not None
def test_set_key_vault_error_empty():
lib = Crypto()
lib._vault = mock_vault = mock.Mock()
key = lib.generate_key()
mock_vault.get_secret.return_value = Secret("MockSecret", "", {})
with pytest.raises(ValueError):
lib.use_encryption_key_from_vault("SomeKeyValue")
assert mock_vault.get_secret.called_once_with("SomeKeyValue")
assert lib._key is None
def test_set_key_vault_key():
lib = Crypto()
lib._secrets = mock_secrets = mock.Mock()
key = lib.generate_key()
mock_secrets.get_secret.return_value = Secret("MockSecret", "", {
"first": "something",
"second": key
})
lib.use_encryption_key_from_vault("SomeKeyValue", "second")
assert mock_secrets.get_secret.called_once_with("SomeKeyValue")
assert lib._key is not None
def load_key(args):
"""Parse encryption key arguments into a Crypto library instance."""
lib = Crypto()
if args.text:
lib.use_encryption_key(args.text)
elif args.file:
with open(args.file) as infile:
lib.use_encryption_key(infile.read())
elif args.secret:
name, _, key = args.secret.partition(".")
lib.use_encryption_key_from_vault(name, key)
else:
raise RuntimeError("Unhandled encryption key type")
return lib