def delete_secret(self, key):
"""Deletes a secret."""
if not self.vault_layer:
msg = "No secrets-vault layer in this environment"
self.logger.error(msg)
raise RequiresVaultError(msg)
else:
client = Dynamodb(config.boto_config).client
resp = client.delete_item(
TableName=self.__secrets_table_name,
Key={'id': {'S': key}})['Item']['value']['B']
return resp
def delete_secret(self, key):
"""Deletes a secret."""
if not self.vault_layer:
msg = "No secrets-vault layer in this environment"
self.logger.error(msg)
raise RequiresVaultError(msg)
else:
client = Dynamodb(config.boto_config).client
resp = client.delete_item(TableName=self.__secrets_table_name,
Key={'id': {
'S': key
}})['Item']['value']['B']
return resp
def get_secret(self, key):
"""Retrieves a secret."""
if not self.vault_layer:
msg = "No secrets-vault layer in this environment"
self.logger.error(msg)
raise RequiresVaultError(msg)
else:
client = Dynamodb(config.boto_config).client
encrypted = client.get_item(
TableName=self.__secrets_table_name,
Key={'id': {'S': key}})['Item']['value']['B']
# Decrypt using KMS (assuming the secret value is a string)
client = boto3.client('kms')
plaintext = client.decrypt(CiphertextBlob=encrypted)['Plaintext']
return plaintext.decode()
def get_secret(self, key):
"""Retrieves a secret."""
if not self.vault_layer:
msg = "No secrets-vault layer in this environment"
self.logger.error(msg)
raise RequiresVaultError(msg)
else:
client = Dynamodb(config.boto_config).client
encrypted = client.get_item(TableName=self.__secrets_table_name,
Key={'id': {
'S': key
}})['Item']['value']['B']
# Decrypt using KMS (assuming the secret value is a string)
client = boto3.client('kms')
plaintext = client.decrypt(CiphertextBlob=encrypted)['Plaintext']
return plaintext.decode()
def dynamodb(self):
"""Connection to AWS DynamoDB."""
if self.__dynamodb is None:
self.__dynamodb = Dynamodb(config.boto_config)
return self.__dynamodb
