From 42df8b2909577205b6ce2ea04cf1c577c7d91097 Mon Sep 17 00:00:00 2001 From: Jon Michael Aanes Date: Mon, 8 Jul 2024 00:27:21 +0200 Subject: [PATCH] Only return first line --- secret_loader/__init__.py | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/secret_loader/__init__.py b/secret_loader/__init__.py index de938d8..2d42bcc 100644 --- a/secret_loader/__init__.py +++ b/secret_loader/__init__.py @@ -24,6 +24,24 @@ Secret loading order: locally, and configuration of the `PASS_STORE_SUBFOLDER` through one of the above methods. 4. Vault instance if configured. Suited for production environments. + +## TODO + +- [ ] Mlock secrets to prevent leakage to swap file. +- [ ] Wrap secrets in intelligent strings: + * Instead of returning None on unloaded, return UnknownSecret, that produce + error when formatted. + * `repr(secret)` should not include contents, but only the secret and how + it was loaded. + * Methods on `Secret` should be kept minimal. +- [ ] Vault: + * [ ] Ensure vault code path works. + * [ ] Document usage and requirements. + +## License + +Copyright 2024 Jon Michael Aanes. +All rights reserved. """ import logging import os @@ -120,7 +138,11 @@ class SecretLoader: process = subprocess.run(cmd, capture_output = True) if process.returncode: return None - return process.stdout.decode('utf8') + + password_file = process.stdout.decode('utf8') + for line in password_file.split('\n'): + return line + return None def _load_or_none_vault(self, env_key: str) -> str | None: if self.vault_client is None: