2017-07-24 15:59:10 +00:00
|
|
|
"""Script to get, put and delete secrets stored in credstash."""
|
|
|
|
import argparse
|
|
|
|
import getpass
|
|
|
|
|
|
|
|
from homeassistant.util.yaml import _SECRET_NAMESPACE
|
|
|
|
|
2019-07-24 20:18:40 +00:00
|
|
|
# mypy: allow-untyped-defs
|
|
|
|
|
2019-07-31 19:25:30 +00:00
|
|
|
REQUIREMENTS = ["credstash==1.15.0"]
|
2017-07-24 15:59:10 +00:00
|
|
|
|
|
|
|
|
|
|
|
def run(args):
|
|
|
|
"""Handle credstash script."""
|
|
|
|
parser = argparse.ArgumentParser(
|
2019-07-31 19:25:30 +00:00
|
|
|
description=(
|
|
|
|
"Modify Home Assistant secrets in credstash."
|
|
|
|
"Use the secrets in configuration files with: "
|
|
|
|
"!secret <name>"
|
|
|
|
)
|
|
|
|
)
|
|
|
|
parser.add_argument("--script", choices=["credstash"])
|
2017-07-24 15:59:10 +00:00
|
|
|
parser.add_argument(
|
2019-07-31 19:25:30 +00:00
|
|
|
"action",
|
|
|
|
choices=["get", "put", "del", "list"],
|
|
|
|
help="Get, put or delete a secret, or list all available secrets",
|
|
|
|
)
|
|
|
|
parser.add_argument("name", help="Name of the secret", nargs="?", default=None)
|
2017-07-24 15:59:10 +00:00
|
|
|
parser.add_argument(
|
2019-07-31 19:25:30 +00:00
|
|
|
"value", help="The value to save when putting a secret", nargs="?", default=None
|
|
|
|
)
|
2017-07-24 15:59:10 +00:00
|
|
|
|
2020-04-04 15:07:36 +00:00
|
|
|
# pylint: disable=import-error, no-member, import-outside-toplevel
|
2017-07-24 15:59:10 +00:00
|
|
|
import credstash
|
|
|
|
|
|
|
|
args = parser.parse_args(args)
|
|
|
|
table = _SECRET_NAMESPACE
|
|
|
|
|
|
|
|
try:
|
|
|
|
credstash.listSecrets(table=table)
|
2019-03-28 21:37:44 +00:00
|
|
|
except Exception: # pylint: disable=broad-except
|
2017-07-24 15:59:10 +00:00
|
|
|
credstash.createDdbTable(table=table)
|
|
|
|
|
2019-07-31 19:25:30 +00:00
|
|
|
if args.action == "list":
|
|
|
|
secrets = [i["name"] for i in credstash.listSecrets(table=table)]
|
2017-07-24 15:59:10 +00:00
|
|
|
deduped_secrets = sorted(set(secrets))
|
|
|
|
|
2019-07-31 19:25:30 +00:00
|
|
|
print("Saved secrets:")
|
2017-07-24 15:59:10 +00:00
|
|
|
for secret in deduped_secrets:
|
|
|
|
print(secret)
|
|
|
|
return 0
|
|
|
|
|
|
|
|
if args.name is None:
|
|
|
|
parser.print_help()
|
|
|
|
return 1
|
|
|
|
|
2019-07-31 19:25:30 +00:00
|
|
|
if args.action == "put":
|
2017-07-24 15:59:10 +00:00
|
|
|
if args.value:
|
|
|
|
the_secret = args.value
|
|
|
|
else:
|
2019-08-23 16:53:33 +00:00
|
|
|
the_secret = getpass.getpass(f"Please enter the secret for {args.name}: ")
|
2017-07-24 15:59:10 +00:00
|
|
|
current_version = credstash.getHighestVersion(args.name, table=table)
|
2019-07-31 19:25:30 +00:00
|
|
|
credstash.putSecret(
|
|
|
|
args.name, the_secret, version=int(current_version) + 1, table=table
|
|
|
|
)
|
2019-08-23 16:53:33 +00:00
|
|
|
print(f"Secret {args.name} put successfully")
|
2019-07-31 19:25:30 +00:00
|
|
|
elif args.action == "get":
|
2017-07-24 15:59:10 +00:00
|
|
|
the_secret = credstash.getSecret(args.name, table=table)
|
|
|
|
if the_secret is None:
|
2019-08-23 16:53:33 +00:00
|
|
|
print(f"Secret {args.name} not found")
|
2017-07-24 15:59:10 +00:00
|
|
|
else:
|
2019-08-23 16:53:33 +00:00
|
|
|
print(f"Secret {args.name}={the_secret}")
|
2019-07-31 19:25:30 +00:00
|
|
|
elif args.action == "del":
|
2017-07-24 15:59:10 +00:00
|
|
|
credstash.deleteSecrets(args.name, table=table)
|
2019-08-23 16:53:33 +00:00
|
|
|
print(f"Deleted secret {args.name}")
|