diff options
| author | James E. Blair <jeblair@redhat.com> | 2017-03-15 13:03:40 -0700 |
|---|---|---|
| committer | James E. Blair <jeblair@redhat.com> | 2017-03-29 12:44:39 -0700 |
| commit | 01f83b73f27997d534a0a13f29d051143a32a598 (patch) | |
| tree | 1aee9d98de12a402961455f039389dd2b2a7f007 /tests/encrypt_secret.py | |
| parent | 22994f9a09f48d2c94bcd5406dc8f03f56cefc06 (diff) | |
| download | zuul-01f83b73f27997d534a0a13f29d051143a32a598.tar.gz | |
Add secret top-level config object
This adds secrets as a top-level config object, including a new
custom YAML tag to indicate encrypted data.
It also adds a script which encrypts data for use in tests.
Change-Id: I92a6bc048874f8aa4ebe0dd27180b253bede7370
Diffstat (limited to 'tests/encrypt_secret.py')
| -rw-r--r-- | tests/encrypt_secret.py | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/tests/encrypt_secret.py b/tests/encrypt_secret.py new file mode 100644 index 000000000..ab45018d5 --- /dev/null +++ b/tests/encrypt_secret.py @@ -0,0 +1,51 @@ +#!/usr/bin/env python + +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import sys +import os + +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives.asymmetric import padding +from cryptography.hazmat.primitives import serialization +from cryptography.hazmat.primitives import hashes + +FIXTURE_DIR = os.path.join(os.path.dirname(__file__), + 'fixtures') + + +def main(): + private_key_file = os.path.join(FIXTURE_DIR, 'private.pem') + with open(private_key_file, "rb") as f: + private_key = serialization.load_pem_private_key( + f.read(), + password=None, + backend=default_backend() + ) + + # Extract public key from private + public_key = private_key.public_key() + + # https://cryptography.io/en/stable/hazmat/primitives/asymmetric/rsa/#encryption + ciphertext = public_key.encrypt( + sys.argv[1], + padding.OAEP( + mgf=padding.MGF1(algorithm=hashes.SHA1()), + algorithm=hashes.SHA1(), + label=None + ) + ) + print(ciphertext.encode('base64')) + +if __name__ == '__main__': + main() |