def update_secret(session, secret, kms_arn): secretsmanager = session.client('secretsmanager') secretsmanager.update_secret( SecretId=secret['name'], Description=secret['description'] if 'description' in secret else '', KmsKeyId=secret['kms'] if 'kms' in secret else '', SecretString=kms.decrypt( session, secret['value'], kms_arn).decode('utf-8') )
def parse_yaml_parameter_value(session, param_data, kms_arn): yaml_param_value = str(param_data['value']) decrypt_on_deploy = param_data[ 'decryptOnDeploy'] if 'decryptOnDeploy' in param_data else True if param_data['type'] == 'SecureString' and decrypt_on_deploy: yaml_param_value = kms.decrypt(session, yaml_param_value, kms_arn).decode('utf-8') return yaml_param_value
def decrypt(env_file, output, profile, region): session.aws_profile = profile session.aws_region = region with open(env_file, 'r') as source: data = yaml.safe_load(source.read()) kms_arn = str(data['kms']['arn']) if 'secrets' not in data: data['secrets'] = [] if 'parameters' not in data: data['parameters'] = [] _session = session.session() for secret in data['secrets']: secret['value'] = kms.decrypt(_session, secret['value'], kms_arn).decode('utf-8') try: secret['value'] = json.loads(secret['value']) except ValueError: pass for parameter in data['parameters']: if parameter['type'] == 'SecureString' and type( parameter['value']) is str: decrypted_value = kms.decrypt(_session, parameter['value'], kms_arn).decode('utf-8') if '\n' in decrypted_value: parameter['value'] = Literal(decrypted_value) else: parameter['value'] = decrypted_value output_file = output if output else f"{env_file}.dec" with open(output_file, 'w') as outfile: yaml.safe_dump(data, outfile)
def view_secret(env_file, name, profile, region): session.aws_profile = profile session.aws_region = region with open(env_file, 'r') as env: yaml_data = yaml.safe_load(env.read()) secret = next( (param for param in yaml_data['secrets'] if param['name'] == name), None) if secret is None: raise Exception(f'secret {name} not found') kms_arn = str(yaml_data['kms']['arn']) param_value = kms.decrypt(session.session(), str(secret['value']), kms_arn).decode('utf-8') print(param_value)
def view_parameter(env_file, name, non_decrypt, profile, region): session.aws_profile = profile session.aws_region = region with open(env_file, 'r') as env: yaml_data = yaml.safe_load(env.read()) parameter = next( (param for param in yaml_data['parameters'] if param['name'] == name), None) if parameter is None: raise Exception(f'parameter {name} not found') if parameter['type'] == 'SecureString' and not non_decrypt: kms_arn = str(yaml_data['kms']['arn']) param_value = kms.decrypt(session.session(), str(parameter['value']), kms_arn).decode('utf-8') else: param_value = str(parameter['value']) print(param_value)
def parse_yaml_secret_value(session, secret_data, kms_arn): yaml_secret_value = str(secret_data['value']) yaml_secret_value = kms.decrypt(session, yaml_secret_value, kms_arn).decode('utf-8') return yaml_secret_value