def test_make_unvault_s3(self):
assert S3_VAULT_BUCKET, "export TEST_S3_VAULT_BUCKET=<your bucket>"
assert S3_VAULT_USERAGENT, "export TEST_S3_VAULT_USERAGENT=<your useragent>"
# create a vault with one file
plain = "This is a secret"
key = uuid4().hex
vault = SimpleVault(key, location=VAULT_PATH,
s3_bucket=S3_VAULT_BUCKET,
s3_path=S3_VAULT_PATH,
s3_useragent=S3_VAULT_USERAGENT)
secret_file = '%s/secret.txt' % VAULT_PATH
with open(secret_file, 'w') as f:
f.write(plain)
crypt = vault.make('test', VAULT_PATH, upload=True)
self.assertTrue(os.path.exists(os.path.join(VAULT_PATH, '.vault')))
self.assertTrue(os.path.exists(crypt))
# make sure we have an encrypted file
with open(crypt) as f:
self.assertNotEqual(f.read(), plain)
# see if we can unvault
os.remove(secret_file)
os.remove(crypt)
files = vault.unvault('test', download=True)
self.assertIn(secret_file, files)
self.assertTrue(os.path.exists(secret_file))
with open(secret_file) as f:
self.assertEqual(plain, f.read())
def test_make_unvault_s3(self):
assert S3_VAULT_BUCKET, "export TEST_S3_VAULT_BUCKET=<your bucket>"
assert S3_VAULT_USERAGENT, "export TEST_S3_VAULT_USERAGENT=<your useragent>"
# create a vault with one file
plain = "This is a secret"
key = uuid4().hex
vault = SimpleVault(key,
location=VAULT_PATH,
s3_bucket=S3_VAULT_BUCKET,
s3_path=S3_VAULT_PATH,
s3_useragent=S3_VAULT_USERAGENT)
secret_file = '%s/secret.txt' % VAULT_PATH
with open(secret_file, 'w') as f:
f.write(plain)
crypt = vault.make('test', VAULT_PATH, upload=True)
self.assertTrue(os.path.exists(os.path.join(VAULT_PATH, '.vault')))
self.assertTrue(os.path.exists(crypt))
# make sure we have an encrypted file
with open(crypt) as f:
self.assertNotEqual(f.read(), plain)
# see if we can unvault
os.remove(secret_file)
os.remove(crypt)
files = vault.unvault('test', download=True)
self.assertIn(secret_file, files)
self.assertTrue(os.path.exists(secret_file))
with open(secret_file) as f:
self.assertEqual(plain, f.read())
def test_make_unvault(self):
# create a vault with one file
plain = "This is a secret"
key = uuid4().hex
vault = SimpleVault(key, location=VAULT_PATH)
secret_file = '%s/secret.txt' % VAULT_PATH
with open(secret_file, 'w') as f:
f.write(plain)
crypt = vault.make('test', VAULT_PATH, upload=False)
self.assertTrue(os.path.exists(os.path.join(VAULT_PATH, '.vault')))
self.assertTrue(os.path.exists(crypt))
# make sure we have an encrypted file
with open(crypt) as f:
self.assertNotEqual(f.read(), plain)
# see if we can unvault
os.remove(secret_file)
files = vault.unvault('test', download=False)
self.assertIn(secret_file, files)
self.assertTrue(os.path.exists(secret_file))
with open(secret_file) as f:
self.assertEqual(plain, f.read())
def test_make_unvault_invalidkey(self):
# create a vault with one file
plain = "This is a secret"
key = uuid4().hex
vault = SimpleVault(key, location=VAULT_PATH)
secret_file = '%s/secret.txt' % VAULT_PATH
with open(secret_file, 'w') as f:
f.write(plain)
crypt = vault.make('test', VAULT_PATH, upload=False)
self.assertTrue(os.path.exists(os.path.join(VAULT_PATH, '.vault')))
self.assertTrue(os.path.exists(crypt))
# make sure we have an encrypted file
with open(crypt) as f:
self.assertNotEqual(f.read(), plain)
# see if we can unvault with the **wrong key**
# for simplicity we simply reverse the key string
vault = SimpleVault(key[-1:], location=VAULT_PATH)
os.remove(secret_file)
with self.assertRaises(BadZipfile):
files = vault.unvault('test', download=False)
self.assertFalse(os.path.exists(secret_file))
def test_make_unvault(self):
# create a vault with one file
plain = "This is a secret"
key = uuid4().hex
vault = SimpleVault(key, location=VAULT_PATH)
secret_file = '%s/secret.txt' % VAULT_PATH
with open(secret_file, 'w') as f:
f.write(plain)
crypt = vault.make('test', VAULT_PATH, upload=False)
self.assertTrue(os.path.exists(os.path.join(VAULT_PATH, '.vault')))
self.assertTrue(os.path.exists(crypt))
# make sure we have an encrypted file
with open(crypt) as f:
self.assertNotEqual(f.read(), plain)
# see if we can unvault
os.remove(secret_file)
files = vault.unvault('test', download=False)
self.assertIn(secret_file, files)
self.assertTrue(os.path.exists(secret_file))
with open(secret_file) as f:
self.assertEqual(plain, f.read())
def test_make_unvault_complex(self):
# create a vault with one file
plain = "This is a secret"
key = uuid4().hex
vault = SimpleVault(key, location=VAULT_PATH)
os.makedirs(os.path.join(VAULT_PATH, 'sub'))
secret_file1 = '%s/secret.txt' % VAULT_PATH
secret_file2 = '%s/sub/secret.txt' % VAULT_PATH
secret_files = [secret_file1, secret_file2]
for fn in secret_files:
with open(fn, 'w') as f:
f.write(plain)
vault.make('test', VAULT_PATH, upload=False)
self.assertTrue(os.path.exists(os.path.join(VAULT_PATH, '.vault')))
# see if we can unvault
for fn in secret_files:
os.remove(fn)
files = vault.unvault('test', download=False)
print files
for fn in secret_files:
self.assertIn(fn, files)
self.assertTrue(os.path.exists(fn))
with open(fn) as f:
self.assertEqual(plain, f.read())
def test_make_unvault_complex(self):
# create a vault with one file
plain = "This is a secret"
key = uuid4().hex
vault = SimpleVault(key, location=VAULT_PATH)
os.makedirs(os.path.join(VAULT_PATH, 'sub'))
secret_file1 = '%s/secret.txt' % VAULT_PATH
secret_file2 = '%s/sub/secret.txt' % VAULT_PATH
secret_files = [secret_file1, secret_file2]
for fn in secret_files:
with open(fn, 'w') as f:
f.write(plain)
vault.make('test', VAULT_PATH, upload=False)
self.assertTrue(os.path.exists(os.path.join(VAULT_PATH, '.vault')))
# see if we can unvault
for fn in secret_files:
os.remove(fn)
files = vault.unvault('test', download=False)
print files
for fn in secret_files:
self.assertIn(fn, files)
self.assertTrue(os.path.exists(fn))
with open(fn) as f:
self.assertEqual(plain, f.read())
def test_make_unvault_invalidkey(self):
# create a vault with one file
plain = "This is a secret"
key = uuid4().hex
vault = SimpleVault(key, location=VAULT_PATH)
secret_file = '%s/secret.txt' % VAULT_PATH
with open(secret_file, 'w') as f:
f.write(plain)
crypt = vault.make('test', VAULT_PATH, upload=False)
self.assertTrue(os.path.exists(os.path.join(VAULT_PATH, '.vault')))
self.assertTrue(os.path.exists(crypt))
# make sure we have an encrypted file
with open(crypt) as f:
self.assertNotEqual(f.read(), plain)
# see if we can unvault with the **wrong key**
# for simplicity we simply reverse the key string
vault = SimpleVault(key[-1:], location=VAULT_PATH)
os.remove(secret_file)
with self.assertRaises(BadZipfile):
files = vault.unvault('test', download=False)
self.assertFalse(os.path.exists(secret_file))