2017-07-24 15:59:10 +00:00
|
|
|
"""Script to get, put and delete secrets stored in credstash."""
|
|
|
|
|
import argparse
|
|
|
|
|
import getpass
|
|
|
|
|
|
|
|
|
|
from homeassistant.util.yaml import _SECRET_NAMESPACE
|
|
|
|
|
|
2019-03-28 21:37:44 +00:00
|
|
|
REQUIREMENTS = ['credstash==1.15.0']
|
2017-07-24 15:59:10 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def run(args):
|
|
|
|
|
"""Handle credstash script."""
|
|
|
|
|
parser = argparse.ArgumentParser(
|
2017-08-22 10:32:46 +00:00
|
|
|
description=("Modify Home Assistant secrets in credstash."
|
2017-07-24 15:59:10 +00:00
|
|
|
"Use the secrets in configuration files with: "
|
|
|
|
|
"!secret <name>"))
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'--script', choices=['credstash'])
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'action', choices=['get', 'put', 'del', 'list'],
|
|
|
|
|
help="Get, put or delete a secret, or list all available secrets")
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'name', help="Name of the secret", nargs='?', default=None)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'value', help="The value to save when putting a secret",
|
|
|
|
|
nargs='?', default=None)
|
|
|
|
|
|
2019-03-28 22:33:21 +00:00
|
|
|
# pylint: disable=import-error, no-member
|
2017-07-24 15:59:10 +00:00
|
|
|
import credstash
|
|
|
|
|
|
|
|
|
|
args = parser.parse_args(args)
|
|
|
|
|
table = _SECRET_NAMESPACE
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
credstash.listSecrets(table=table)
|
2019-03-28 21:37:44 +00:00
|
|
|
except Exception: # pylint: disable=broad-except
|
2017-07-24 15:59:10 +00:00
|
|
|
credstash.createDdbTable(table=table)
|
|
|
|
|
|
|
|
|
|
if args.action == 'list':
|
|
|
|
|
secrets = [i['name'] for i in credstash.listSecrets(table=table)]
|
|
|
|
|
deduped_secrets = sorted(set(secrets))
|
|
|
|
|
|
|
|
|
|
print('Saved secrets:')
|
|
|
|
|
for secret in deduped_secrets:
|
|
|
|
|
print(secret)
|
|
|
|
|
return 0
|
|
|
|
|
|
|
|
|
|
if args.name is None:
|
|
|
|
|
parser.print_help()
|
|
|
|
|
return 1
|
|
|
|
|
|
|
|
|
|
if args.action == 'put':
|
|
|
|
|
if args.value:
|
|
|
|
|
the_secret = args.value
|
|
|
|
|
else:
|
|
|
|
|
the_secret = getpass.getpass('Please enter the secret for {}: '
|
|
|
|
|
.format(args.name))
|
|
|
|
|
current_version = credstash.getHighestVersion(args.name, table=table)
|
|
|
|
|
credstash.putSecret(args.name,
|
|
|
|
|
the_secret,
|
|
|
|
|
version=int(current_version) + 1,
|
|
|
|
|
table=table)
|
|
|
|
|
print('Secret {} put successfully'.format(args.name))
|
|
|
|
|
elif args.action == 'get':
|
|
|
|
|
the_secret = credstash.getSecret(args.name, table=table)
|
|
|
|
|
if the_secret is None:
|
|
|
|
|
print('Secret {} not found'.format(args.name))
|
|
|
|
|
else:
|
|
|
|
|
print('Secret {}={}'.format(args.name, the_secret))
|
|
|
|
|
elif args.action == 'del':
|
|
|
|
|
credstash.deleteSecrets(args.name, table=table)
|
|
|
|
|
print('Deleted secret {}'.format(args.name))
|
