async def store(self, name: str, data: bytes, force=False) -> None:
"""
Saves the data to the encrypted storage.
Data is AES encrypted with the default CORTX cipher and stored
as Base64 encoded string with the provided name.
Raises KeyError if an item with the provided name exists and "force" flag
is not set.
"""
if not force:
neb = await self._get_item(name)
if neb is not None:
raise KeyError(f'{name} already exists in the secure storage')
encrypted_bytes = Cipher.encrypt(self._key, data)
# Encrypted token is base64 encoded, thus there won't be a problem with storing it in String
neb = NamedEncryptedBytes.instantiate(name,
encrypted_bytes.decode('ascii'))
await self._storage(NamedEncryptedBytes).store(neb)
def encrypt(key, text):
''' Encrypt sensitive data. Ex: RabbitMQ credentials '''
# Before encrypting text we need to convert string to bytes using encode()
# method
return Cipher.encrypt(key, text.encode())
def config_apply(solution_config_url: str, cortx_conf_url: str = None,
force_override: bool = False):
"""
Description:
Parses input config and store in CORTX config location
Parameters:
[IN] Solution Config URL
[OUT] CORTX Config URL
"""
if Log.logger is None:
CortxProvisionerLog.initialize(const.SERVICE_NAME, const.TMP_LOG_PATH)
if cortx_conf_url is None:
cortx_conf_url = CortxProvisioner._cortx_conf_url
cortx_conf = MappedConf(CortxProvisioner._tmp_cortx_conf_url)
# Load same config again if force_override is True
try:
cs_option = {"fail_reload": False} if force_override else {"skip_reload": True}
Log.info('Applying config %s' % solution_config_url)
Conf.load(CortxProvisioner._solution_index, solution_config_url,
**cs_option)
except ConfError as e:
Log.error(f'Unable to load {solution_config_url} url, Error:{e}')
# Secrets path from config file
if cortx_conf.get('cortx>common>storage>local'):
CortxProvisioner._secrets_path = cortx_conf.get('cortx>common>storage>local')+CortxProvisioner._rel_secret_path
# source code for encrypting and storing secret key
if Conf.get(CortxProvisioner._solution_index, 'cluster') is not None:
CortxProvisioner.apply_cluster_config(cortx_conf, CortxProvisioner.cortx_release)
if Conf.get(CortxProvisioner._solution_index, 'cortx') is not None:
# generating cipher key
cipher_key = None
cluster_id = Conf.get(CortxProvisioner._solution_index, 'cluster>id')
if cluster_id is None:
cluster_id = cortx_conf.get('cluster>id')
if cluster_id is None:
raise CortxProvisionerError(errno.EINVAL, 'Cluster ID not specified')
cipher_key = Cipher.gen_key(cluster_id, 'cortx')
if cipher_key is None:
raise CortxProvisionerError(errno.EINVAL, 'Cipher key not specified')
for key in Conf.get_keys(CortxProvisioner._solution_index):
# using path /etc/cortx/solution/secret to confirm secret
if key.endswith('secret'):
secret_val = Conf.get(CortxProvisioner._solution_index, key)
val = None
with open(os.path.join(CortxProvisioner._secrets_path, secret_val), 'rb') as secret:
val = secret.read()
if val is None:
raise CortxProvisionerError(errno.EINVAL,
f'Could not find the Secret in {CortxProvisioner._secrets_path}')
val = Cipher.encrypt(cipher_key, val)
# decoding the byte string in val variable
Conf.set(CortxProvisioner._solution_index, key, val.decode('utf-8'))
CortxProvisioner.apply_cortx_config(cortx_conf, CortxProvisioner.cortx_release)
# Adding array count key in conf
cortx_conf.add_num_keys()
Conf.save(cortx_conf._conf_idx)
def encrypt(key, text):
"""Encrypt sensitive data. Ex: messaging credentials."""
# Before encrypting text we need to convert string to bytes using encode()
# method
return Cipher.encrypt(key, text.encode())
def encrypt(key: str, data: str):
edata = Cipher.encrypt(bytes(key, 'utf-8'), bytes(data, 'utf-8'))
return edata.decode("utf-8")
def encrypt_secret(secret, component, key):
key_cipher = Cipher.generate_key(key, component)
return Cipher.encrypt(key_cipher, secret.encode("utf-8")).decode("utf-8")
