This commit is contained in:
parent
aca9ddfc02
commit
42df8b2909
SSH Key Fingerprint:
SHA256:Ab0GfHGCblESJx7JRE4fj4bFy/KRpeLhi41y4pF3sNA
|
|
@ -24,6 +24,24 @@ Secret loading order:
|
|||
locally, and configuration of the `PASS_STORE_SUBFOLDER` through one of the above
|
||||
methods.
|
||||
4. Vault instance if configured. Suited for production environments.
|
||||
|
||||
## TODO
|
||||
|
||||
- [ ] Mlock secrets to prevent leakage to swap file.
|
||||
- [ ] Wrap secrets in intelligent strings:
|
||||
* Instead of returning None on unloaded, return UnknownSecret, that produce
|
||||
error when formatted.
|
||||
* `repr(secret)` should not include contents, but only the secret and how
|
||||
it was loaded.
|
||||
* Methods on `Secret` should be kept minimal.
|
||||
- [ ] Vault:
|
||||
* [ ] Ensure vault code path works.
|
||||
* [ ] Document usage and requirements.
|
||||
|
||||
## License
|
||||
|
||||
Copyright 2024 Jon Michael Aanes.
|
||||
All rights reserved.
|
||||
"""
|
||||
import logging
|
||||
import os
|
||||
|
|
@ -120,7 +138,11 @@ class SecretLoader:
|
|||
process = subprocess.run(cmd, capture_output = True)
|
||||
if process.returncode:
|
||||
return None
|
||||
return process.stdout.decode('utf8')
|
||||
|
||||
password_file = process.stdout.decode('utf8')
|
||||
for line in password_file.split('\n'):
|
||||
return line
|
||||
return None
|
||||
|
||||
def _load_or_none_vault(self, env_key: str) -> str | None:
|
||||
if self.vault_client is None:
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user