forked from hswaw/hscloud
tools/secretstore: decrypt secrets when requesting plaintext path
This commit is contained in:
parent
598a079f57
commit
c10f00b7da
1 changed files with 9 additions and 2 deletions
|
@ -46,13 +46,20 @@ class SecretStore(object):
|
|||
return os.path.exists(c) or os.path.exists(p)
|
||||
|
||||
def plaintext(self, suffix):
|
||||
return os.path.join(self.proot, suffix)
|
||||
p = os.path.join(self.proot, suffix)
|
||||
c = os.path.join(self.croot, suffix)
|
||||
|
||||
if not os.path.exists(p) or os.path.getctime(p) < os.path.getctime(c):
|
||||
logger.info("Decrypting {} ({})...".format(suffix, c))
|
||||
decrypt(c, p)
|
||||
|
||||
return p
|
||||
|
||||
def open(self, suffix, mode, *a, **kw):
|
||||
p = os.path.join(self.proot, suffix)
|
||||
c = os.path.join(self.croot, suffix)
|
||||
if 'w' in mode:
|
||||
return open(p, mode, *a, *kw)
|
||||
return open(p, mode, *a, **kw)
|
||||
|
||||
if not self.exists(suffix):
|
||||
raise SecretStoreMissing("Secret {} does not exist".format(suffix))
|
||||
|
|
Loading…
Reference in a new issue