def test_set_key_vault_no_key(): lib = Crypto() lib._vault = mock_vault = mock.Mock() key = lib.generate_key() mock_vault.get_secret.return_value = Secret("MockSecret", "", {"key": key}) lib.use_encryption_key_from_vault("SomeKeyValue") assert mock_vault.get_secret.called_once_with("SomeKeyValue") assert lib._key is not None
def test_set_key_vault_error_empty(): lib = Crypto() lib._vault = mock_vault = mock.Mock() key = lib.generate_key() mock_vault.get_secret.return_value = Secret("MockSecret", "", {}) with pytest.raises(ValueError): lib.use_encryption_key_from_vault("SomeKeyValue") assert mock_vault.get_secret.called_once_with("SomeKeyValue") assert lib._key is None
def test_set_key_vault_key(): lib = Crypto() lib._secrets = mock_secrets = mock.Mock() key = lib.generate_key() mock_secrets.get_secret.return_value = Secret("MockSecret", "", { "first": "something", "second": key }) lib.use_encryption_key_from_vault("SomeKeyValue", "second") assert mock_secrets.get_secret.called_once_with("SomeKeyValue") assert lib._key is not None
def load_key(args): """Parse encryption key arguments into a Crypto library instance.""" lib = Crypto() if args.text: lib.use_encryption_key(args.text) elif args.file: with open(args.file) as infile: lib.use_encryption_key(infile.read()) elif args.secret: name, _, key = args.secret.partition(".") lib.use_encryption_key_from_vault(name, key) else: raise RuntimeError("Unhandled encryption key type") return lib