First version
This commit is contained in:
parent
8d73870611
commit
5b42c8328e
15
pyproject.toml
Normal file
15
pyproject.toml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
[project]
|
||||||
|
name = "lib-secret-manager"
|
||||||
|
version = "0.1.0"
|
||||||
|
description = "Shared secret manager that consumes secrets"
|
||||||
|
readme = "README.md"
|
||||||
|
requires-python = ">=3.10"
|
||||||
|
authors = [{ name = "Florian Gänsejunge" }]
|
||||||
|
dependencies = ["simple-logger-handler @ git+https://git.gansejunge.com/notifier/lib-logger-handler.git@main"]
|
||||||
|
|
||||||
|
[build-system]
|
||||||
|
requires = ["setuptools>=61"]
|
||||||
|
build-backend = "setuptools.build_meta"
|
||||||
|
|
||||||
|
[project.urls]
|
||||||
|
Homepage = "https://git.gansejunge.com/notifier/lib-secret-manager"
|
||||||
6
secret_manager/__init__.py
Normal file
6
secret_manager/__init__.py
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
from .credentials_loader import return_credentials, cleanup_secret_files
|
||||||
|
|
||||||
|
__all__ = [
|
||||||
|
"return_credentials",
|
||||||
|
"cleanup_secret_files",
|
||||||
|
]
|
||||||
36
secret_manager/credentials_loader.py
Normal file
36
secret_manager/credentials_loader.py
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
from simple_logger_handler import setup_logger
|
||||||
|
import os
|
||||||
|
from typing import Set
|
||||||
|
|
||||||
|
logger = setup_logger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
def return_credentials(path: str) -> str:
|
||||||
|
"""Read and return credentials from a file."""
|
||||||
|
logger.debug(f"Opening credentials for path:{path}")
|
||||||
|
try:
|
||||||
|
with open(path) as file:
|
||||||
|
return file.read().strip()
|
||||||
|
except FileNotFoundError:
|
||||||
|
logger.fatal(f"[FATAL] Secret file not found: {path}")
|
||||||
|
raise
|
||||||
|
except Exception as e:
|
||||||
|
logger.fatal(f"[FATAL] Failed to read secret file {path}: {e}")
|
||||||
|
raise
|
||||||
|
|
||||||
|
|
||||||
|
def cleanup_secret_files(secret_paths: Set[str]) -> None:
|
||||||
|
"""Delete secret files after they've been loaded into memory.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
secret_paths: Set of file paths to delete
|
||||||
|
"""
|
||||||
|
for path in secret_paths:
|
||||||
|
try:
|
||||||
|
if os.path.exists(path):
|
||||||
|
os.remove(path)
|
||||||
|
logger.debug(f"Deleted secret file: {path}")
|
||||||
|
else:
|
||||||
|
logger.debug(f"Secret file already removed: {path}")
|
||||||
|
except Exception as e:
|
||||||
|
logger.warning(f"Could not delete secret file {path}: {e}")
|
||||||
26
secret_manager/fernet_encryption.py
Normal file
26
secret_manager/fernet_encryption.py
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
from cryptography.fernet import Fernet
|
||||||
|
from simple_logger_handler import setup_logger
|
||||||
|
|
||||||
|
logger = setup_logger(__name__)
|
||||||
|
|
||||||
|
try:
|
||||||
|
with open("/etc/secrets/encryption_key", "rb") as file:
|
||||||
|
encryption_key = file.read()
|
||||||
|
except FileNotFoundError:
|
||||||
|
logger.fatal("[FATAL] Encryption key not found")
|
||||||
|
raise
|
||||||
|
except Exception as e:
|
||||||
|
logger.fatal(f"[FATAL] Failed to read encryption key: {e}")
|
||||||
|
raise
|
||||||
|
|
||||||
|
fernet = Fernet(encryption_key)
|
||||||
|
|
||||||
|
|
||||||
|
def encrypt_token(token: str) -> str:
|
||||||
|
"""Encrypt a token string."""
|
||||||
|
return fernet.encrypt(token.encode()).decode()
|
||||||
|
|
||||||
|
|
||||||
|
def decrypt_token(token: str) -> str:
|
||||||
|
"""Decrypt a token string."""
|
||||||
|
return fernet.decrypt(token.encode()).decode()
|
||||||
Loading…
x
Reference in New Issue
Block a user