diff options
author | Zuul <zuul@review.opendev.org> | 2021-05-28 16:47:11 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2021-05-28 16:47:11 +0000 |
commit | e18532497f22ff2feb8b22c1df8d1fc34f1560c4 (patch) | |
tree | 918ea28cecf4f8b73957b4bca3fafa5fe4034eac /tools | |
parent | d48201651ae3da39ee665c91b73597676b228295 (diff) | |
parent | d0846bdc6fe0e7619bced048af1635c1b6f66f27 (diff) | |
download | zuul-e18532497f22ff2feb8b22c1df8d1fc34f1560c4.tar.gz |
Merge "Add a tool to decrypt a secret"
Diffstat (limited to 'tools')
-rwxr-xr-x | tools/decrypt_secret.py | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/tools/decrypt_secret.py b/tools/decrypt_secret.py new file mode 100755 index 000000000..d8ad1a055 --- /dev/null +++ b/tools/decrypt_secret.py @@ -0,0 +1,49 @@ +#!/usr/bin/env python + +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import argparse +from zuul.lib import encryption +import zuul.configloader +import zuul.model + + +DESCRIPTION = """Decrypt a Zuul secret. +""" + + +def main(): + parser = argparse.ArgumentParser(description=DESCRIPTION) + parser.add_argument('private_key', + help="The path to the private key") + parser.add_argument('file', + help="The YAML file with secrets") + args = parser.parse_args() + + (private_secrets_key, public_secrets_key) = \ + encryption.deserialize_rsa_keypair(open(args.private_key, 'rb').read()) + parser = zuul.configloader.SecretParser(None) + sc = zuul.model.SourceContext('project', 'master', 'path', False) + + data = zuul.configloader.safe_load_yaml(open(args.file).read(), sc) + for element in data: + if 'secret' not in element: + continue + s = element['secret'] + secret = parser.fromYaml(s) + print(secret.name) + print(secret.decrypt(private_secrets_key).secret_data) + + +if __name__ == '__main__': + main() |