First version
This commit is contained in:
parent
8d73870611
commit
5b42c8328e
15
pyproject.toml
Normal file
15
pyproject.toml
Normal file
@ -0,0 +1,15 @@
|
||||
[project]
|
||||
name = "lib-secret-manager"
|
||||
version = "0.1.0"
|
||||
description = "Shared secret manager that consumes secrets"
|
||||
readme = "README.md"
|
||||
requires-python = ">=3.10"
|
||||
authors = [{ name = "Florian Gänsejunge" }]
|
||||
dependencies = ["simple-logger-handler @ git+https://git.gansejunge.com/notifier/lib-logger-handler.git@main"]
|
||||
|
||||
[build-system]
|
||||
requires = ["setuptools>=61"]
|
||||
build-backend = "setuptools.build_meta"
|
||||
|
||||
[project.urls]
|
||||
Homepage = "https://git.gansejunge.com/notifier/lib-secret-manager"
|
||||
6
secret_manager/__init__.py
Normal file
6
secret_manager/__init__.py
Normal file
@ -0,0 +1,6 @@
|
||||
from .credentials_loader import return_credentials, cleanup_secret_files
|
||||
|
||||
__all__ = [
|
||||
"return_credentials",
|
||||
"cleanup_secret_files",
|
||||
]
|
||||
36
secret_manager/credentials_loader.py
Normal file
36
secret_manager/credentials_loader.py
Normal file
@ -0,0 +1,36 @@
|
||||
from simple_logger_handler import setup_logger
|
||||
import os
|
||||
from typing import Set
|
||||
|
||||
logger = setup_logger(__name__)
|
||||
|
||||
|
||||
def return_credentials(path: str) -> str:
|
||||
"""Read and return credentials from a file."""
|
||||
logger.debug(f"Opening credentials for path:{path}")
|
||||
try:
|
||||
with open(path) as file:
|
||||
return file.read().strip()
|
||||
except FileNotFoundError:
|
||||
logger.fatal(f"[FATAL] Secret file not found: {path}")
|
||||
raise
|
||||
except Exception as e:
|
||||
logger.fatal(f"[FATAL] Failed to read secret file {path}: {e}")
|
||||
raise
|
||||
|
||||
|
||||
def cleanup_secret_files(secret_paths: Set[str]) -> None:
|
||||
"""Delete secret files after they've been loaded into memory.
|
||||
|
||||
Args:
|
||||
secret_paths: Set of file paths to delete
|
||||
"""
|
||||
for path in secret_paths:
|
||||
try:
|
||||
if os.path.exists(path):
|
||||
os.remove(path)
|
||||
logger.debug(f"Deleted secret file: {path}")
|
||||
else:
|
||||
logger.debug(f"Secret file already removed: {path}")
|
||||
except Exception as e:
|
||||
logger.warning(f"Could not delete secret file {path}: {e}")
|
||||
26
secret_manager/fernet_encryption.py
Normal file
26
secret_manager/fernet_encryption.py
Normal file
@ -0,0 +1,26 @@
|
||||
from cryptography.fernet import Fernet
|
||||
from simple_logger_handler import setup_logger
|
||||
|
||||
logger = setup_logger(__name__)
|
||||
|
||||
try:
|
||||
with open("/etc/secrets/encryption_key", "rb") as file:
|
||||
encryption_key = file.read()
|
||||
except FileNotFoundError:
|
||||
logger.fatal("[FATAL] Encryption key not found")
|
||||
raise
|
||||
except Exception as e:
|
||||
logger.fatal(f"[FATAL] Failed to read encryption key: {e}")
|
||||
raise
|
||||
|
||||
fernet = Fernet(encryption_key)
|
||||
|
||||
|
||||
def encrypt_token(token: str) -> str:
|
||||
"""Encrypt a token string."""
|
||||
return fernet.encrypt(token.encode()).decode()
|
||||
|
||||
|
||||
def decrypt_token(token: str) -> str:
|
||||
"""Decrypt a token string."""
|
||||
return fernet.decrypt(token.encode()).decode()
|
||||
Loading…
x
Reference in New Issue
Block a user