def reveal_token_tag(self, token_tag):
"""reveal token_tag"""
secrets_path = self.kwargs.get("secrets_path", None)
if secrets_path is None:
raise ValueError("secrets_path not set")
token, func = secret_token_from_tag(token_tag)
return secret_gpg_read(secrets_path, token)
def reveal_token_tag(self, token_tag):
"reveal token_tag"
secrets_path = self.kwargs.get("secrets_path", None)
gpg_obj = self.kwargs.get("gpg_obj", None)
if secrets_path is None:
raise ValueError("secrets_path not set")
if gpg_obj is None:
raise ValueError("secrets_path not set")
token = secret_token_from_tag(token_tag)
return secret_gpg_read(gpg_obj, secrets_path, token)
def hash_token_tag(self, token_tag):
"""
suffixes a secret's hash to its tag:
e.g:
?{gpg:app1/secret/1} gets replaced with
?{gpg:app1/secret/1:deadbeef}
"""
secrets_path = self.kwargs.get("secrets_path", None)
if secrets_path is None:
raise ValueError("secrets_path not set")
token, func = secret_token_from_tag(token_tag)
secret_raw_obj = secret_gpg_raw_read(secrets_path, token)
backend, token_path = secret_token_attributes(token)
sha256 = hashlib.sha256("%s%s".encode("UTF-8") % (token_path.encode("UTF-8"),
secret_raw_obj["data"].encode("UTF-8"))).hexdigest()
sha256 = sha256[:8]
return "?{%s:%s:%s}" % (backend, token_path, sha256)