def _decrypt_config(self, config_class, encrypted_config, extra=None, context=None): if not encrypted_config: if extra: return config_class(None, *extra) else: return config_class() encrypted_config = base64.b64decode(encrypted_config) iv = encrypted_config[:16] cipher, iv = self._get_cipher(iv) pickled = cipher.decryptor().update(encrypted_config[16:]) try: unpickled = pickle.loads(pickled, encoding="bytes") except Exception: raise KeychainKeyNotFound( f"Unable to decrypt{' ' + context if context else ''}. " "It was probably stored using a different CUMULUSCI_KEY.") # Convert bytes created in Python 2 config_dict = {} for k, v in unpickled.items(): if isinstance(k, bytes): k = k.decode("utf-8") if isinstance(v, bytes): v = v.decode("utf-8") config_dict[k] = v args = [config_dict] if extra: args += extra return self._construct_config(config_class, args)
def _validate_key(self): if not self.key: raise KeychainKeyNotFound( "The CUMULUSCI_KEY environment variable is not set.") if len(self.key) != 16: raise ConfigError( "The CUMULUSCI_KEY environment variable must be 16 characters long." )
def get_keychain_key(self): key_from_env = os.environ.get("CUMULUSCI_KEY") try: key_from_keyring = keyring.get_password("cumulusci", "CUMULUSCI_KEY") has_functioning_keychain = True except Exception: key_from_keyring = None has_functioning_keychain = False # If no key in environment or file, generate one key = key_from_env or key_from_keyring if key is None: if has_functioning_keychain: key = random_alphanumeric_underscore(length=16) else: raise KeychainKeyNotFound( "Unable to store CumulusCI encryption key. " "You can configure it manually by setting the CUMULUSCI_KEY " "environment variable to a random 16-character string.") if has_functioning_keychain and not key_from_keyring: keyring.set_password("cumulusci", "CUMULUSCI_KEY", key) return key
def _validate_key(self): if not self.key: raise KeychainKeyNotFound("The keychain key was not found.") if len(self.key) != 16: raise ConfigError("The keychain key must be 16 characters long.")