def extract_from_vault(args): vault_file = args.v password = get_password(args.p) editor = VaultEditor(args.c, password, vault_file) vault_data = {} if os.path.isfile(vault_file): encrypted = is_encrypted(vault_file) if encrypted: editor.decrypt_file() try: with open(vault_file, 'r') as v: vault_data = yaml.load(v) for item in args.i: key, file = item.split('=') try: if vault_data[key]: with open(file, 'wb') as unpack: unpack.write(base64.b64decode(vault_data[key])) console('Extracted %s to %s' % (key, file)) except Exception, e: console('Could not extract %s to %s, %s' % (key, file, e)) except: if encrypted: editor.encrypt_file()
def test_decrypt_1_0_newline(self): if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2: raise SkipTest dirpath = tempfile.mkdtemp() filename = os.path.join(dirpath, "foo-ansible-1.0-ansible-newline-ansible.yml") shutil.rmtree(dirpath) shutil.copytree("vault_test_data", dirpath) ve = VaultEditor(None, "ansible\nansible\n", filename) # make sure the password functions for the cipher error_hit = False try: ve.decrypt_file() except errors.AnsibleError, e: error_hit = True
def test_decrypt_1_0(self): if self._is_fips(): raise SkipTest('Vault-1.0 will not function on FIPS enabled systems') if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2: raise SkipTest dirpath = tempfile.mkdtemp() filename = os.path.join(dirpath, "foo-ansible-1.0.yml") shutil.rmtree(dirpath) shutil.copytree("vault_test_data", dirpath) ve = VaultEditor(None, "ansible", filename) # make sure the password functions for the cipher error_hit = False try: ve.decrypt_file() except errors.AnsibleError, e: error_hit = True
def test_decrypt_1_0(self): if self._is_fips(): raise SkipTest( 'Vault-1.0 will not function on FIPS enabled systems') if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2: raise SkipTest dirpath = tempfile.mkdtemp() filename = os.path.join(dirpath, "foo-ansible-1.0.yml") shutil.rmtree(dirpath) shutil.copytree("vault_test_data", dirpath) ve = VaultEditor(None, "ansible", filename) # make sure the password functions for the cipher error_hit = False try: ve.decrypt_file() except errors.AnsibleError, e: error_hit = True
def decrypt_file(self, filename): ''' Decrypt File Args: filename: Pass the filename to encrypt. Returns: No return. ''' if not os.path.exists(filename): print "Invalid filename %s. Does not exist" % filename return if self.vault_password is None: print "ENV Variable PYANSI_VAULT_PASSWORD not set" return if not self.is_file_encrypted(filename): # No need to do anything. return cipher = 'AES256' vaulteditor = VaultEditor(cipher, self.vault_password, filename) vaulteditor.decrypt_file()
def add_to_vault(args): vault_file = args.v password = get_password(args.p) editor = VaultEditor(args.c, password, vault_file) console("Adding entries to %s" % vault_file) if args.t and os.path.isfile(vault_file): os.remove(vault_file) vault_data = {} if os.path.isfile(vault_file): if is_encrypted(vault_file): editor.decrypt_file() with open(vault_file, 'r') as v: vault_data = yaml.load(v) vault_args = parse_vault_args(args.i) vault_data = dict(vault_data.items() + vault_args.items()) with open(vault_file, 'w') as v: v.write( yaml.dump(vault_data, default_flow_style=False) ) editor.encrypt_file()
def add_to_vault(args): vault_file = args.v password = get_password(args.p) editor = VaultEditor(args.c, password, vault_file) console("Adding entries to %s" % vault_file) if args.t and os.path.isfile(vault_file): os.remove(vault_file) vault_data = {} if os.path.isfile(vault_file): if is_encrypted(vault_file): editor.decrypt_file() with open(vault_file, 'r') as v: vault_data = yaml.load(v) vault_args = parse_vault_args(args.i) vault_data = dict(vault_data.items() + vault_args.items()) with open(vault_file, 'w') as v: v.write(yaml.dump(vault_data, default_flow_style=False)) editor.encrypt_file()