-
Notifications
You must be signed in to change notification settings - Fork 0
/
secrets.py
54 lines (42 loc) · 1.52 KB
/
secrets.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
from ansible.constants import DEFAULT_VAULT_ID_MATCH
from ansible.parsing.vault import VaultLib, VaultSecret
from getpass import getpass
import yaml
class Secrets:
def __init__(self, path, keyphrase):
self.path = path
self.keyphrase = keyphrase
self.data = None
def read(self):
vault = VaultLib([(DEFAULT_VAULT_ID_MATCH, VaultSecret(self.keyphrase.encode('utf-8')))])
with open(self.path) as f:
ciphered = f.read()
cleartext = vault.decrypt(ciphered)
self.data = yaml.safe_load(cleartext)
def write(self):
cleartext = yaml.dump(self.data)
vault = VaultLib([(DEFAULT_VAULT_ID_MATCH, VaultSecret(self.keyphrase.encode('utf-8')))])
ciphered = vault.encrypt(cleartext)
with open(self.path, 'wb') as f:
f.write(ciphered)
def new_vault(self):
self.data = {'max_id': 0, 'entries': []}
def add_entry(self, entry):
entry['id'] = self.data['max_id'] + 1
self.data['entries'].append(entry)
self.data['max_id'] += 1
def entries(self):
return self.data['entries']
def replace_entry(self, old, new):
entries = self.data['entries']
idx = entries.index(old)
entries[idx] = new
def main():
keyphrase = getpass('Keyphrase:')
s = Secrets('vault.yml', keyphrase)
s.new_vault()
s.add_entry({'title': 'wells cargo', 'username': 'unsuspecting', 'password': 'customer'})
print(s.data)
s.write()
if __name__ == "__main__":
main()