def get_password(self, account_id): """This method enables users to retrieve the password of an existing account that is identified by its Account ID. """ api_endpoint = 'WebServices/PIMServices.svc/Accounts/{account_id}/Credentials'.format( account_id=account_id) v = vault.VaultLib([ (to_bytes(account_id), vault.VaultSecret( to_bytes( self.cyberark_connection.get('password', ANSIBLE_CYBERARK_PASSWORD)))) ]) if self._cache and to_bytes(account_id) in self._cache: result = v.decrypt(self._cache.get(to_bytes(account_id))) else: try: response = self.request(api_endpoint=api_endpoint) result = to_text(response.read()) if self._cache: self._cache[to_bytes(account_id)] = v.encrypt(result) except HTTPError as e: return return result
def generate_secrets(self): """ Generates secrets from a global setting pointing to a vault file, to be used for de/encryption. """ vault_path = self.nvim.vars.get("ansible_vault_path", "vault") with open(vault_path) as vault_file: secret_text = vault_file.read().strip() secret_bytes = to_bytes(secret_text) secrets = vault.VaultSecret(secret_bytes) secrets.load() return secrets
def _load_secrets(secrets_path, env_lookup_key=None): if not env_lookup_key: base, _ext = os.path.splitext(os.path.basename(secrets_path)) path_key = "%s_PASS" % base.upper() else: path_key = env_lookup_key path_pass = os.getenv(path_key) if not path_pass: raise LookupError("Unable to find password for '%s'" " under environment key '%s'" % (secrets_path, path_key)) dl = dataloader.DataLoader() if hasattr(dl, 'set_vault_password'): dl.set_vault_password(path_pass) else: dl.set_vault_secrets([(C.DEFAULT_VAULT_IDENTITY, vault.VaultSecret(path_pass))]) return _dictify(dl.load_from_file(secrets_path))
def test_bytes(self): some_text = u'私はガラスを食べられます。それは私を傷つけません。' _bytes = to_bytes(some_text) secret = vault.VaultSecret(_bytes) secret.load() self.assertEqual(secret.bytes, _bytes)
def test(self): secret = vault.VaultSecret() secret.load() self.assertIsNone(secret._bytes)