Compare commits
2 Commits
3b92357186
...
44a4a917a1
Author | SHA1 | Date | |
---|---|---|---|
44a4a917a1 | |||
726981a881 |
|
@ -66,10 +66,10 @@ ENV_KEY_PREFIX = 'ENV_KEY_PREFIX'
|
||||||
ENV_KEY_SECRETS_DIRECTORY = 'SECRETS_DIRECTORY'
|
ENV_KEY_SECRETS_DIRECTORY = 'SECRETS_DIRECTORY'
|
||||||
|
|
||||||
ENV_KEY_VAULT_URL = 'VAULT_URL'
|
ENV_KEY_VAULT_URL = 'VAULT_URL'
|
||||||
ENV_KEY_VAULT_TOKEN = 'VAULT_TOKEN' #noqa: S105
|
ENV_KEY_VAULT_TOKEN = 'VAULT_TOKEN' # noqa: S105
|
||||||
ENV_KEY_VAULT_MOUNT_POINT = 'VAULT_MOUNT_POINT'
|
ENV_KEY_VAULT_MOUNT_POINT = 'VAULT_MOUNT_POINT'
|
||||||
|
|
||||||
ENV_KEY_PASS_FOLDER = 'PASS_STORE_SUBFOLDER' #noqa: S105
|
ENV_KEY_PASS_FOLDER = 'PASS_STORE_SUBFOLDER' # noqa: S105
|
||||||
|
|
||||||
DEFAULT_SECRETS_DIRECTORY = Path('secrets')
|
DEFAULT_SECRETS_DIRECTORY = Path('secrets')
|
||||||
|
|
||||||
|
@ -118,15 +118,19 @@ class SecretLoader:
|
||||||
self.env_key_prefix = self._load_or_none(ENV_KEY_PREFIX)
|
self.env_key_prefix = self._load_or_none(ENV_KEY_PREFIX)
|
||||||
if self.env_key_prefix is not None:
|
if self.env_key_prefix is not None:
|
||||||
logger.info('Environment enabled with prefix: %s', self.env_key_prefix)
|
logger.info('Environment enabled with prefix: %s', self.env_key_prefix)
|
||||||
assert (
|
if self.env_key_prefix != self.env_key_prefix.upper():
|
||||||
self.env_key_prefix == self.env_key_prefix.upper()
|
msg = 'Prefix must be uppercase'
|
||||||
), 'Prefix must be uppercase'
|
raise ValueError(msg)
|
||||||
assert not self.env_key_prefix.endswith(
|
if self.env_key_prefix.endswith('_'):
|
||||||
'_',
|
msg = 'Prefix must not end with _ (this will be added automatically)'
|
||||||
), 'Prefix must not end with _ (this will be added automatically)'
|
raise ValueError(msg)
|
||||||
|
|
||||||
# Setup secrets path
|
# Setup secrets path
|
||||||
self.secret_folder = Path(self.hardcoded.get(ENV_KEY_SECRETS_DIRECTORY) or self._load_or_none_env(ENV_KEY_SECRETS_DIRECTORY) or DEFAULT_SECRETS_DIRECTORY)
|
self.secret_folder = Path(
|
||||||
|
self.hardcoded.get(ENV_KEY_SECRETS_DIRECTORY)
|
||||||
|
or self._load_or_none_env(ENV_KEY_SECRETS_DIRECTORY)
|
||||||
|
or DEFAULT_SECRETS_DIRECTORY,
|
||||||
|
)
|
||||||
|
|
||||||
# Setup pass
|
# Setup pass
|
||||||
self.pass_folder = self._load_or_none(ENV_KEY_PASS_FOLDER)
|
self.pass_folder = self._load_or_none(ENV_KEY_PASS_FOLDER)
|
||||||
|
@ -206,8 +210,12 @@ class SecretLoader:
|
||||||
if self.pass_folder is None:
|
if self.pass_folder is None:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
cmd = ['pass', 'show', f'{self.pass_folder}/{secret_name.lower()}']
|
process = subprocess.run( # noqa: S603
|
||||||
process = subprocess.run(cmd, capture_output=True, check=False)
|
['/usr/bin/pass', 'show', f'{self.pass_folder}/{secret_name.lower()}'],
|
||||||
|
capture_output=True,
|
||||||
|
check=False,
|
||||||
|
shell=False,
|
||||||
|
)
|
||||||
if process.returncode:
|
if process.returncode:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user