Python create secret
60 Python code examples are found related to "
create secret".
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
Example 1
| Source File: kubernetes_tools.py From paasta with Apache License 2.0 | 7 votes |
|
def create_secret(
kube_client: KubeClient,
secret: str,
service: str,
secret_provider: BaseSecretProvider,
) -> None:
service = sanitise_kubernetes_name(service)
sanitised_secret = sanitise_kubernetes_name(secret)
kube_client.core.create_namespaced_secret(
namespace="paasta",
body=V1Secret(
metadata=V1ObjectMeta(
name=f"paasta-secret-{service}-{sanitised_secret}",
labels={
"yelp.com/paasta_service": service,
"paasta.yelp.com/service": service,
},
),
data={
secret: base64.b64encode(
secret_provider.decrypt_secret_raw(secret)
).decode("utf-8")
},
),
)
Example 2
| Source File: kubernetes_tools.py From paasta with Apache License 2.0 | 7 votes |
|
def create_kubernetes_secret_signature(
kube_client: KubeClient, secret: str, service: str, secret_signature: str
) -> None:
service = sanitise_kubernetes_name(service)
secret = sanitise_kubernetes_name(secret)
kube_client.core.create_namespaced_config_map(
namespace="paasta",
body=V1ConfigMap(
metadata=V1ObjectMeta(
name=f"paasta-secret-{service}-{secret}-signature",
labels={
"yelp.com/paasta_service": service,
"paasta.yelp.com/service": service,
},
),
data={"signature": secret_signature},
),
)
Example 3
| Source File: controller.py From dask-gateway with BSD 3-Clause "New" or "Revised" License | 7 votes |
|
def create_secret_if_not_exists(self, cluster):
name = cluster["metadata"]["name"]
namespace = cluster["metadata"]["namespace"]
secret = self.make_secret(name)
secret["metadata"]["ownerReferences"] = [
{
"apiVersion": cluster["apiVersion"],
"kind": cluster["kind"],
"name": cluster["metadata"]["name"],
"uid": cluster["metadata"]["uid"],
}
]
self.log.info("Creating new credentials for cluster %s.%s", namespace, name)
try:
await self.core_client.create_namespaced_secret(namespace, secret)
except ApiException as exc:
if exc.status != 409:
raise
return secret["metadata"]["name"]
Example 4
| Source File: container.py From django-cloud-deploy with Apache License 2.0 | 6 votes |
|
def create_secret(self,
secret_data: kubernetes.client.V1Secret,
configuration: (
kubernetes.client.configuration.Configuration) = None,
namespace: str = 'default'):
"""Create a Kubernetes Secret.
Kubernetes Secrets are intended to hold sensitive information. They are
accessible inside Pods.
Args:
secret_data: Definition of the secret.
configuration: A Kubernetes configuration which has access to the
cluster for the service. If not set, it will use the default
kubernetes configuration.
namespace: Namespace of the service.
"""
api_client = kubernetes.client.ApiClient(configuration)
api_instance = kubernetes.client.CoreV1Api(api_client)
api_instance.create_namespaced_secret(namespace=namespace,
body=secret_data)
Example 5
| Source File: kms.py From jdcloud-cli with Apache License 2.0 | 6 votes |
|
def create_secret_version(self):
client_factory = ClientFactory('kms')
client = client_factory.get(self.app)
if client is None:
return
try:
from jdcloud_sdk.services.kms.apis.CreateSecretVersionRequest import CreateSecretVersionRequest
params_dict = collect_user_args(self.app)
headers = collect_user_headers(self.app)
req = CreateSecretVersionRequest(params_dict, headers)
resp = client.send(req)
Printer.print_result(resp)
except ImportError:
print('{"error":"This api is not supported, please use the newer version"}')
except Exception as e:
print(e)
Example 6
| Source File: pod.py From jdcloud-cli with Apache License 2.0 | 6 votes |
|
def create_secret(self):
client_factory = ClientFactory('pod')
client = client_factory.get(self.app)
if client is None:
return
try:
from jdcloud_sdk.services.pod.apis.CreateSecretRequest import CreateSecretRequest
params_dict = collect_user_args(self.app)
headers = collect_user_headers(self.app)
req = CreateSecretRequest(params_dict, headers)
resp = client.send(req)
Printer.print_result(resp)
except ImportError:
print('{"error":"This api is not supported, please use the newer version"}')
except Exception as e:
print(e)
Example 7
| Source File: util.py From elastic with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def create_docker_image_secret(args):
configure_yaml_docker(args.image_name)
commands = [
format_command(
f"""
kubectl create secret
docker-registry pet-docker-secret
--docker-server={args.server}
--docker-username={args.username}
--docker-password={args.password}
--docker-email='test@test.com'"""
)
]
run_commands(commands)
logger.info("Docker image registered..")
# Deploy AKS cluster
Example 8
| Source File: install.py From infrabox with MIT License | 6 votes |
|
def create_secret(self, name, namespace, data):
secrets_dir = os.path.join(self.args.o, 'infrabox', 'templates', 'secrets')
if not os.path.exists(secrets_dir):
os.mkdir(secrets_dir)
d = {}
for k, v in data.iteritems():
d[k] = base64.b64encode(v)
s = {
"apiVersion": "v1",
"kind": "Secret",
"metadata": {
"name": name,
"namespace": namespace
},
"type": "Opaque",
"data": d
}
o = os.path.join(secrets_dir, namespace + '-' + name + '.yaml')
with open(o, 'w') as outfile:
yaml.dump(s, outfile, default_flow_style=False)
Example 9
| Source File: intercom.py From SempoBlockchain with GNU General Public License v3.0 | 6 votes |
|
def create_intercom_secret(user_id, device_type):
"""
Function to generate an intercom secret using HMAC for identity verification for customer support.
:param user_id: Sempo UserID to generate a unique hash.
:param device_type: Web, Android or iOS
:return:
"""
if device_type is 'WEB':
secret = current_app.config['INTERCOM_WEB_SECRET']
elif device_type is 'ANDROID':
secret = current_app.config['INTERCOM_ANDROID_SECRET']
else:
return Exception('No device_type provided')
secret_bytes = secret.encode('ascii')
id_bytes = str(user_id).encode('ascii')
result = hmac.new(secret_bytes, id_bytes, hashlib.sha256).hexdigest()
return result
Example 10
| Source File: mcg.py From ocs-ci with MIT License | 6 votes |
|
def create_aws_backingstore_secret(self, name):
"""
Creates a secret for NooBaa's backingstore
Args:
name: The name to be given to the secret
Returns:
OCS: The secret resource
"""
bs_secret_data = templating.load_yaml(constants.MCG_BACKINGSTORE_SECRET_YAML)
bs_secret_data['metadata']['name'] += f'-{name}'
bs_secret_data['metadata']['namespace'] = self.namespace
bs_secret_data['data']['AWS_ACCESS_KEY_ID'] = base64.urlsafe_b64encode(
self.aws_access_key_id.encode('UTF-8')
).decode('ascii')
bs_secret_data['data']['AWS_SECRET_ACCESS_KEY'] = base64.urlsafe_b64encode(
self.aws_access_key.encode('UTF-8')
).decode('ascii')
return create_resource(**bs_secret_data)
Example 11
| Source File: protocol.py From huawei-lpv2 with MIT License | 6 votes |
|
def create_secret_key(mac_address: str) -> bytes:
mac_address_key = (mac_address.replace(":", "") + "0000").encode()
mixed_secret_key = [
((key1_byte << 4) ^ key2_byte) & 0xFF
for key1_byte, key2_byte in zip(bytes.fromhex(SECRET_KEY_1), bytes.fromhex(SECRET_KEY_2))
]
mixed_secret_key_hash = hashlib.sha256(bytes(mixed_secret_key)).digest()
final_mixed_key = [
((mixed_key_hash_byte >> 6) ^ mac_address_byte) & 0xFF
for mixed_key_hash_byte, mac_address_byte in zip(mixed_secret_key_hash, mac_address_key)
]
return hashlib.sha256(bytes(final_mixed_key)).digest()[:AES_KEY_SIZE]
Example 12
| Source File: scan_engine_api.py From vm-console-client-python with MIT License | 6 votes |
|
def create_shared_secret(self, **kwargs): # noqa: E501
"""Scan Engine Shared Secret # noqa: E501
Returns the current valid shared secret or generates a new shared secret. The endpoint returns an existing shared secret if one was previously generated and it has not yet expired. Conversely, the endpoint will generate and return a new shared secret for either of the following conditions: a shared secret was not previously generated or the previously-generated shared secret has expired. The shared secret is valid for 60 minutes from the moment it is generated. # noqa: E501
This method makes a synchronous HTTP request by default. To make an
asynchronous HTTP request, please pass async_req=True
>>> thread = api.create_shared_secret(async_req=True)
>>> result = thread.get()
:param async_req bool
:return: str
If the method is called asynchronously,
returns the request thread.
"""
kwargs['_return_http_data_only'] = True
if kwargs.get('async_req'):
return self.create_shared_secret_with_http_info(**kwargs) # noqa: E501
else:
(data) = self.create_shared_secret_with_http_info(**kwargs) # noqa: E501
return data
Example 13
| Source File: secret.py From resolwe with Apache License 2.0 | 6 votes |
|
def create_secret(self, value, contributor, metadata=None, expires=None):
"""Create a new secret, returning its handle.
:param value: Secret value to store
:param contributor: User owning the secret
:param metadata: Optional metadata dictionary (must be JSON serializable)
:param expires: Optional date/time of expiry (defaults to None, which means that
the secret never expires)
:return: Secret handle
"""
if metadata is None:
metadata = {}
secret = self.create(
value=value, contributor=contributor, metadata=metadata, expires=expires,
)
return str(secret.handle)
Example 14
| Source File: KubernetesResources.py From k8s-mongo-operator with GNU Affero General Public License v3.0 | 6 votes |
|
def createSecret(cls, secret_name: str, namespace: str, secret_data: Dict[str, str],
labels: Optional[Dict[str, str]] = None) -> client.V1Secret:
"""
Creates a secret object.
:param secret_name: The name of the secret.
:param namespace: The name space for the secret.
:param secret_data: The secret data.
:param labels: Optional labels for this secret, defaults to the default labels (see `cls.createDefaultLabels`).
:return: The secret model object.
"""
return client.V1Secret(
metadata=client.V1ObjectMeta(
name=secret_name,
namespace=namespace,
labels=cls.createDefaultLabels(secret_name) if labels is None else labels
),
string_data=secret_data,
)
Example 15
| Source File: manager.py From polyaxon with Apache License 2.0 | 5 votes |
|
def create_or_update_secret(self, name, body, reraise=False):
try:
return self.create_secret(name=name, body=body), True
except ApiException:
try:
return self.update_secret(name=name, body=body), False
except ApiException as e:
if reraise:
raise PolyaxonK8SError("Connection error: %s" % e) from e
else:
logger.error("K8S error: {}".format(e))
Example 16
| Source File: ssm_client.py From tencentcloud-cli with Apache License 2.0 | 5 votes |
|
def doCreateSecret(argv, arglist):
g_param = parse_global_arg(argv)
if "help" in argv:
show_help("CreateSecret", g_param[OptionsDefine.Version])
return
param = {
"SecretName": argv.get("--SecretName"),
"VersionId": argv.get("--VersionId"),
"Description": argv.get("--Description"),
"KmsKeyId": argv.get("--KmsKeyId"),
"SecretBinary": argv.get("--SecretBinary"),
"SecretString": argv.get("--SecretString"),
}
cred = credential.Credential(g_param[OptionsDefine.SecretId], g_param[OptionsDefine.SecretKey])
http_profile = HttpProfile(
reqTimeout=60 if g_param[OptionsDefine.Timeout] is None else int(g_param[OptionsDefine.Timeout]),
reqMethod="POST",
endpoint=g_param[OptionsDefine.Endpoint]
)
profile = ClientProfile(httpProfile=http_profile, signMethod="HmacSHA256")
mod = CLIENT_MAP[g_param[OptionsDefine.Version]]
client = mod.SsmClient(cred, g_param[OptionsDefine.Region], profile)
client._sdkVersion += ("_CLI_" + __version__)
models = MODELS_MAP[g_param[OptionsDefine.Version]]
model = models.CreateSecretRequest()
model.from_json_string(json.dumps(param))
rsp = client.CreateSecret(model)
result = rsp.to_json_string()
jsonobj = None
try:
jsonobj = json.loads(result)
except TypeError as e:
jsonobj = json.loads(result.decode('utf-8')) # python3.3
FormatOutput.output("action", jsonobj, g_param[OptionsDefine.Output], g_param[OptionsDefine.Filter])
Example 17
| Source File: secret_behaviors.py From barbican with Apache License 2.0 | 5 votes |
|
def create_secret(self, model, extra_headers=None, omit_headers=None,
use_auth=True, user_name=None, admin=None):
"""Create a secret from the data in the model.
:param model: The metadata used to create the secret
:param extra_headers: Optional HTTP headers to add to the request
:param omit_headers: headers to delete before making the request
:param use_auth: Boolean for whether to send authentication headers
:param user_name: The user name used to create the secret
:param admin: The user with permissions to delete the secrets
:return: A tuple containing the response from the create
and the href to the newly created secret
"""
resp = self.client.post('secrets', request_model=model,
extra_headers=extra_headers,
omit_headers=omit_headers, use_auth=use_auth,
user_name=user_name)
# handle expected JSON parsing errors for unauthenticated requests
if resp.status_code == 401 and not use_auth:
return resp, None
returned_data = self.get_json(resp)
secret_ref = returned_data.get('secret_ref')
if secret_ref:
if admin is None:
admin = user_name
self.created_entities.append((secret_ref, admin))
return resp, secret_ref
Example 18
| Source File: __init__.py From async-hvac with Apache License 2.0 | 5 votes |
|
def create_role_secret_id(self, role_name, meta=None, cidr_list=None, wrap_ttl=None, mount_point='approle'):
"""
POST /auth/<mount_point>/role/<role name>/secret-id
"""
url = '/v1/auth/{0}/role/{1}/secret-id'.format(mount_point, role_name)
params = {}
if meta is not None:
params['metadata'] = json.dumps(meta)
if cidr_list is not None:
params['cidr_list'] = cidr_list
return await (await self._post(url, json=params, wrap_ttl=wrap_ttl)).json()
Example 19
| Source File: __init__.py From async-hvac with Apache License 2.0 | 5 votes |
|
def create_role_custom_secret_id(self, role_name, secret_id, meta=None, mount_point='approle'):
"""
POST /auth/<mount_point>/role/<role name>/custom-secret-id
"""
url = '/v1/auth/{0}/role/{1}/custom-secret-id'.format(mount_point, role_name)
params = {
'secret_id': secret_id
}
if meta is not None:
params['meta'] = meta
return await (await self._post(url, json=params)).json()
Example 20
| Source File: pavement.py From GeoHealthCheck with MIT License | 5 votes |
|
def create_secret_key():
"""create secret key for SECRET_KEY in instance/config_site.py"""
info('Secret key: \'%s\'' % codecs.encode(os.urandom(24), 'hex').decode())
info('Copy/paste this key to set the SECRET_KEY')
info('value in instance/config_site.py')
Example 21
| Source File: api.py From MusicBoxApi with MIT License | 5 votes |
|
def createSecretKey(size):
return binascii.hexlify(os.urandom(size))[:16]
# list去重
Example 22
| Source File: manager.py From polyaxon with Apache License 2.0 | 5 votes |
|
def create_secret(self, name, body):
resp = self.k8s_api.create_namespaced_secret(
namespace=self.namespace, body=body
)
logger.debug("Secret `{}` was created".format(name))
return resp
Example 23
| Source File: concourse.py From cc-utils with Apache License 2.0 | 5 votes |
|
def create_image_pull_secret(
credentials: GcrCredentials,
image_pull_secret_name: str,
namespace: str,
):
"""Create an image pull secret in the K8s cluster to allow pods to download images from gcr"""
not_none(credentials)
not_empty(image_pull_secret_name)
not_empty(namespace)
ctx = kube_ctx
namespace_helper = ctx.namespace_helper()
namespace_helper.create_if_absent(namespace)
secret_helper = ctx.secret_helper()
if not secret_helper.get_secret(image_pull_secret_name, namespace):
secret_helper.create_gcr_secret(
namespace=namespace,
name=image_pull_secret_name,
password=credentials.passwd(),
user_name=credentials.username(),
email=credentials.email(),
server_url=credentials.host(),
)
service_account_helper = ctx.service_account_helper()
service_account_helper.patch_image_pull_secret_into_service_account(
name="default",
namespace=namespace,
image_pull_secret_name=image_pull_secret_name
)
# Constants related to the MitM-Proxy installation.
# The name under which the config map will be stored in K8s
Example 24
| Source File: helper.py From cc-utils with Apache License 2.0 | 5 votes |
|
def create_gcr_secret(
self,
namespace: str,
name: str,
password: str,
email: str,
user_name: str='_json_key',
server_url: str='https://eu.gcr.io'
):
metadata = V1ObjectMeta(name=name, namespace=namespace)
secret = V1Secret(metadata=metadata)
auth = '{user}:{gcr_secret}'.format(
user=user_name,
gcr_secret=password
)
docker_config = {
server_url: {
'username': user_name,
'email': email,
'password': password,
'auth': base64.b64encode(auth.encode('utf-8')).decode('utf-8')
}
}
encoded_docker_config = base64.b64encode(
json.dumps(docker_config).encode('utf-8')
).decode('utf-8')
secret.data = {
'.dockercfg': encoded_docker_config
}
secret.type = 'kubernetes.io/dockercfg'
self.core_api.create_namespaced_secret(namespace=namespace, body=secret)
Example 25
| Source File: utils.py From cc-utils with Apache License 2.0 | 5 votes |
|
def create_basic_auth_secret(
secret_name: str,
namespace: str,
basic_auth_cred: BasicAuthCred=None
):
""" Creates a secret with the configured TLS certificates in the K8s cluster.
Optionally adds credentials for Basic Authentication"""
not_empty(secret_name)
not_empty(namespace)
ctx = kube_ctx
namespace_helper = ctx.namespace_helper()
namespace_helper.create_if_absent(namespace)
secret_helper = ctx.secret_helper()
if not secret_helper.get_secret(secret_name, namespace):
ht = HtpasswdFile()
ht.set_password(basic_auth_cred.user, basic_auth_cred.password)
data = {
'auth':ht.to_string().decode('utf-8'),
}
secret_helper.put_secret(
name=secret_name,
data=data,
namespace=namespace,
)
Example 26
| Source File: lambda_function.py From aws-encryption-workshop with MIT License | 5 votes |
|
def create_secret(service_client, arn, token):
"""Generate a new secret
This method first checks for the existence of a secret for the passed in token. If one does not exist, it will generate a
new secret and put it with the passed in token.
Args:
service_client (client): The secrets manager service client
arn (string): The secret ARN or other identifier
token (string): The ClientRequestToken associated with the secret version
Raises:
ValueError: If the current secret is not valid JSON
KeyError: If the secret json does not contain the expected keys
"""
# Make sure the current secret exists
current_dict = get_secret_dict(service_client, arn, "AWSCURRENT")
# Now try to get the secret version, if that fails, put a new secret
try:
get_secret_dict(service_client, arn, "AWSPENDING", token)
logger.info("createSecret: Successfully retrieved secret for %s." % arn)
except service_client.exceptions.ResourceNotFoundException:
# Generate a random password
passwd = service_client.get_random_password(ExcludeCharacters='/@"\'\\')
current_dict['password'] = passwd['RandomPassword']
# Put the secret
service_client.put_secret_value(SecretId=arn, ClientRequestToken=token, SecretString=json.dumps(current_dict), VersionStages=['AWSPENDING'])
logger.info("createSecret: Successfully put secret for ARN %s and version %s." % (arn, token))
Example 27
| Source File: __init__.py From nexmo-python with MIT License | 5 votes |
|
def create_secret(self, api_key, secret):
body = {"secret": secret}
return self._post_json(
self.api_host, "/accounts/{api_key}/secrets".format(api_key=api_key), body
)
Example 28
| Source File: ssm_client.py From tencentcloud-sdk-python with Apache License 2.0 | 5 votes |
|
def CreateSecret(self, request):
"""创建新的凭据信息,通过KMS进行加密保护。每个Region最多可创建存储1000个凭据信息。
:param request: Request instance for CreateSecret.
:type request: :class:`tencentcloud.ssm.v20190923.models.CreateSecretRequest`
:rtype: :class:`tencentcloud.ssm.v20190923.models.CreateSecretResponse`
"""
try:
params = request._serialize()
body = self.call("CreateSecret", params)
response = json.loads(body)
if "Error" not in response["Response"]:
model = models.CreateSecretResponse()
model._deserialize(response["Response"])
return model
else:
code = response["Response"]["Error"]["Code"]
message = response["Response"]["Error"]["Message"]
reqid = response["Response"]["RequestId"]
raise TencentCloudSDKException(code, message, reqid)
except Exception as e:
if isinstance(e, TencentCloudSDKException):
raise
else:
raise TencentCloudSDKException(e.message, e.message)
Example 29
| Source File: utils.py From amivapi with GNU Affero General Public License v3.0 | 5 votes |
|
def create_token_secret_on_startup(app):
"""Create a token secret in the database if it doesn't exist.
The secret key is stored in the database to ensure consistency.
The database collection holding this key is called `config`.
"""
with app.app_context(): # Context for db connection
config = app.data.driver.db['config']
result = config.find_one(
{'TOKEN_SECRET': {'$exists': True, '$nin': [None, '']}})
if result is None:
config.insert_one({'TOKEN_SECRET': token_urlsafe()})
Example 30
| Source File: pps_pb2_grpc.py From python-pachyderm with Apache License 2.0 | 5 votes |
|
def CreateSecret(self, request, context):
# missing associated documentation comment in .proto file
pass
context.set_code(grpc.StatusCode.UNIMPLEMENTED)
context.set_details('Method not implemented!')
raise NotImplementedError('Method not implemented!')
Example 31
| Source File: pps.py From python-pachyderm with Apache License 2.0 | 5 votes |
|
def create_secret(self, secret_name, data, labels=None, annotations=None):
"""
Creates a new secret.
Params:
* `secret_name`: The name of the secret to create.
* `data`: A dict of string keys -> string or bytestring values to
store in the secret. Each key must consist of alphanumeric characters,
`-`, `_` or `.`.
* `labels`: A dict of string keys -> string values representing the
kubernetes labels to attach to the secret.
* `annotations`: A dict representing the kubernetes annotations to
attach to the secret.
"""
encoded_data = {}
for k, v in data.items():
if isinstance(v, str):
v = v.encode("utf8")
encoded_data[k] = base64.b64encode(v).decode("utf8")
f = json.dumps({
"kind": "Secret",
"apiVersion": "v1",
"metadata": {
"name": secret_name,
"labels": labels,
"annotations": annotations,
},
"data": encoded_data,
}).encode("utf8")
return self._req(Service.PPS, "CreateSecret", file=f)
Example 32
| Source File: passwords.py From tripleo-common with Apache License 2.0 | 5 votes |
|
def create_rndc_key_secret():
# The rndc key secret is a base64-encoded hmac-sha256 value
h = hmac.new(
passlib.pwd.genword(length=_MIN_PASSWORD_SIZE).encode('utf-8'),
msg=passlib.pwd.genword(length=_MIN_PASSWORD_SIZE).encode('utf-8'),
digestmod=hashlib.sha256)
return base64.b64encode(h.digest()).decode('utf-8')
Example 33
| Source File: mastermind.py From cs101 with GNU General Public License v3.0 | 5 votes |
|
def create_secret():
"""Create secret: four distinct letters from A-F."""
c = [ "A", "B", "C", "D", "E", "F" ]
secret = ""
for i in range(4):
letter = random.choice(c)
c.remove(letter)
secret = secret + letter
return secret
Example 34
| Source File: KeyVaultUtil.py From azure-linux-extensions with Apache License 2.0 | 5 votes |
|
def create_secret(self, AccessToken, KeyVaultURL, secret_value, KeyEncryptionAlgorithm, DiskEncryptionKeyFileName):
"""
create secret api https://msdn.microsoft.com/en-us/library/azure/dn903618.aspx
https://mykeyvault.vault.azure.net/secrets/{secret-name}?api-version={api-version}
"""
try:
secret_name = str(uuid.uuid4())
secret_keyvault_uri = self.urljoin(KeyVaultURL, "secrets", secret_name)
self.logger.log("secret_keyvault_uri is: {0} and keyvault_uri is:{1}".format(secret_keyvault_uri, KeyVaultURL))
if KeyEncryptionAlgorithm is None:
request_content = '{{"value":"{0}","attributes":{{"enabled":"true"}},"tags":{{"DiskEncryptionKeyFileName":"{1}"}}}}'\
.format(str(secret_value), DiskEncryptionKeyFileName)
else:
request_content = '{{"value":"{0}","attributes":{{"enabled":"true"}},"tags":{{"DiskEncryptionKeyEncryptionAlgorithm":"{1}","DiskEncryptionKeyFileName":"{2}"}}}}'\
.format(str(secret_value), KeyEncryptionAlgorithm, DiskEncryptionKeyFileName)
http_util = HttpUtil(self.logger)
headers = {}
headers["Content-Type"] = "application/json"
headers["Authorization"] = "Bearer " + AccessToken
result = http_util.Call(method='PUT', http_uri=secret_keyvault_uri + '?api-version=' + self.api_version, data=request_content, headers=headers)
self.logger.log("{0} {1}".format(result.status, result.getheaders()))
result_content = result.read()
# Do NOT log the result_content. It contains the uploaded secret and we don't want that in the logs.
result_json = json.loads(result_content)
secret_id = result_json["id"]
http_util.connection.close()
if result.status != httplib.OK and result.status != httplib.ACCEPTED:
self.logger.log("the result status failed.")
return None
return secret_id
except Exception as e:
self.logger.log("Failed to create_secret with error: {0}, stack trace: {1}".format(e, traceback.format_exc()))
return None
Example 35
| Source File: app.py From controller with MIT License | 5 votes |
|
def create_object_store_secret(self):
try:
self._scheduler.secret.get(self.id, 'objectstorage-keyfile')
except KubeException:
secret = self._scheduler.secret.get(
settings.WORKFLOW_NAMESPACE, 'objectstorage-keyfile').json()
self._scheduler.secret.create(self.id, 'objectstorage-keyfile', secret['data'])
Example 36
| Source File: cfn_rsakey_provider.py From cfn-secret-provider with Apache License 2.0 | 5 votes |
|
def create_or_update_secret(self, overwrite=False, new_secret=True):
try:
if new_secret:
private_key, public_key = self.create_key()
else:
private_key, public_key = self.get_key()
kwargs = {
"Name": self.get("Name"),
"KeyId": self.get("KeyAlias"),
"Type": "SecureString",
"Overwrite": overwrite,
"Value": private_key,
}
if self.get("Description") != "":
kwargs["Description"] = self.get("Description")
response = self.ssm.put_parameter(**kwargs)
version = response["Version"] if "Version" in response else 1
self.set_attribute("Arn", self.arn)
self.set_attribute("PublicKey", public_key)
self.set_attribute("PublicKeyPEM", self.public_key_to_pem(private_key))
self.set_attribute(
"Hash", hashlib.md5(public_key.encode("utf-8")).hexdigest()
)
self.set_attribute("Version", version)
if not ssm_parameter_name.equals(self.physical_resource_id, self.arn):
# prevent CFN deleting a resource with identical Arns in different formats.
self.physical_resource_id = self.arn
except ClientError as e:
self.physical_resource_id = "could-not-create"
self.fail(str(e))
Example 37
| Source File: utils.py From shhh with MIT License | 5 votes |
|
def create_secret(passphrase: str,
secret: str,
expire: int,
tries: int,
haveibeenpwned: bool) -> Tuple[Dict, int]:
"""Create a secret.
Args:
passphrase (str): Passphrase needed to encrypt the secret.
secret (str): Secret to encrypt.
expire (int): Number of days the secret will be stored.
tries (int): Number of tries to read the secret before it gets deleted.
haveibeenpwned (bool): Passphrase has been checked with haveibeenpwned.
"""
now = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
expiration_date = datetime.strptime(
now, "%Y-%m-%d %H:%M:%S") + timedelta(days=expire)
slug = _generate_unique_slug()
Entries.create(slug_link=slug,
encrypted_text=Secret(secret.encode(), passphrase).encrypt(),
date_created=now,
date_expires=expiration_date,
tries=tries,
haveibeenpwned=haveibeenpwned)
app.logger.info(f"{slug} created and expires on {expiration_date}")
timez = datetime.now(timezone.utc).astimezone().tzname()
return dict(
status=Status.CREATED.value,
details="Secret successfully created.",
slug=slug,
link=f"{request.url_root}r/{slug}",
expires_on=f"{expiration_date.strftime('%Y-%m-%d at %H:%M')} {timez}"), 201
Example 38
| Source File: secrets.py From calm-dsl with Apache License 2.0 | 5 votes |
|
def create_secret(name, value):
"""Creates the secret"""
secrets = get_secrets_names()
if name in secrets:
LOG.error("Secret {} already present !!!".format(name))
return
LOG.debug("Creating secret {}".format(name))
Secret.create(name, value)
LOG.info(highlight_text("Secret {} created".format(name)))
Example 39
| Source File: flash.py From specter-diy with MIT License | 5 votes |
|
def create_new_secret(self, path):
"""Generate new secret and default PIN config"""
# generate new and save
secret = get_random_bytes(32)
# save secret
with open(path+"/secret","wb") as f:
f.write(secret)
# set pin object
self.pin = None
self._pin_attempts_max = 10
self._pin_attempts_left = 10
self.secret = secret
self.save_state()
return secret
Example 40
| Source File: custom.py From azure-cli-extensions with MIT License | 5 votes |
|
def create_plan_secret(cmd, client, plan_name,
secret_name, secret_value, secret_note=None,
secret_filters=None, resource_group_name=None):
plan = client.get(resource_group_name=resource_group_name, plan_name=plan_name)
token = client.write_environments_action(resource_group_name=resource_group_name, plan_name=plan_name)
data = {}
data['secretName'] = secret_name
data['value'] = secret_value
data['notes'] = secret_note
data['type'] = cs_api.SecretType.ENVIRONMENT_VARIABLE.value
data['scope'] = cs_api.SecretScope.USER.value
data['filters'] = secret_filters
return cs_api.create_secret(token.access_token, plan.id, data, cli_ctx=cmd.cli_ctx)
Example 41
| Source File: _non_arm_apis.py From azure-cli-extensions with MIT License | 5 votes |
|
def create_secret(access_token, plan_id, data, api_root=None, **_):
url = f'{api_root}/secrets'
headers = {'Authorization': f'Bearer {access_token}'}
params = {'planId': plan_id}
response = session.post(url, headers=headers, json=data, params=params)
return response
Example 42
| Source File: netEaseEncode.py From MusicBox with MIT License | 5 votes |
|
def createSecretKey(size):
# 2中 os.urandom返回是个字符串。3中变成bytes。
# 不过加密的目的是需要一个字符串。
# 因为密钥之后会被加密到rsa中一起发送出去。
# 所以即使是个固定的密钥也是可以的。
# return (''.join(map(lambda xx: (hex(ord(xx))[2:]), os.urandom(size))))[0:16]
return bytes(''.join(random.sample('1234567890qwertyuipasdfghjklzxcvbnm', 16)), 'utf-8')
Example 43
| Source File: vault_client.py From airflow with Apache License 2.0 | 5 votes |
|
def create_or_update_secret(self,
secret_path: str,
secret: dict,
method: Optional[str] = None,
cas: Optional[int] = None) -> Response:
"""
Creates or updates secret.
:param secret_path: The path of the secret.
:type secret_path: str
:param secret: Secret to create or update for the path specified
:type secret: dict
:param method: Optional parameter to explicitly request a POST (create) or PUT (update) request to
the selected kv secret engine. If no argument is provided for this parameter, hvac attempts to
intelligently determine which method is appropriate. Only valid for KV engine version 1
:type method: str
:param cas: Set the "cas" value to use a Check-And-Set operation. If not set the write will be
allowed. If set to 0 a write will only be allowed if the key doesn't exist.
If the index is non-zero the write will only be allowed if the key's current version
matches the version specified in the cas parameter. Only valid for KV engine version 2.
:type cas: int
:rtype: requests.Response
:return: The response of the create_or_update_secret request.
See https://hvac.readthedocs.io/en/stable/usage/secrets_engines/kv_v1.html
and https://hvac.readthedocs.io/en/stable/usage/secrets_engines/kv_v2.html for details.
"""
if self.kv_engine_version == 2 and method:
raise VaultError("The method parameter is only valid for version 1")
if self.kv_engine_version == 1 and cas:
raise VaultError("The cas parameter is only valid for version 2")
if self.kv_engine_version == 1:
response = self.client.secrets.kv.v1.create_or_update_secret(
secret_path=secret_path, secret=secret, mount_point=self.mount_point, method=method)
else:
response = self.client.secrets.kv.v2.create_or_update_secret(
secret_path=secret_path, secret=secret, mount_point=self.mount_point, cas=cas)
return response
Example 44
| Source File: secret.py From deepWordBug with Apache License 2.0 | 5 votes |
|
def create_secret(self, name, data, labels=None, driver=None):
"""
Create a secret
Args:
name (string): Name of the secret
data (bytes): Secret data to be stored
labels (dict): A mapping of labels to assign to the secret
driver (DriverConfig): A custom driver configuration. If
unspecified, the default ``internal`` driver will be used
Returns (dict): ID of the newly created secret
"""
if not isinstance(data, bytes):
data = data.encode('utf-8')
data = base64.b64encode(data)
if six.PY3:
data = data.decode('ascii')
body = {
'Data': data,
'Name': name,
'Labels': labels
}
if driver is not None:
if utils.version_lt(self._version, '1.31'):
raise errors.InvalidVersion(
'Secret driver is only available for API version > 1.31'
)
body['Driver'] = driver
url = self._url('/secrets/create')
return self._result(
self._post_json(url, data=body), True
)
Example 45
| Source File: kdc.py From dcos-kafka-service with Apache License 2.0 | 5 votes |
|
def create_keytab_secret(args: dict, kerberos=None):
if not kerberos:
kerberos = sdk_auth.KerberosEnvironment(persist=True)
principals = parse_principals(args.principals_file)
kerberos.add_principals(principals)
if args.secret_name:
kerberos.set_keytab_path(args.secret_name, args.binary_secret)
kerberos.finalize()
log.info("KDC cluster successfully deployed")
Example 46
| Source File: rhopenshift.py From wrapanapi with MIT License | 5 votes |
|
def create_secret(self, namespace, **kwargs):
"""Creates Secret entity using REST API.
Args:
namespace: openshift namespace where entity has to be created
kwargs: Secret data
Return: data if entity was created w/o errors
"""
secret = self.kclient.V1Secret(**kwargs)
secret_name = secret.to_dict()['metadata']['name']
self.logger.info("creating secret %s", secret_name)
output = self.k_api.create_namespaced_secret(namespace=namespace, body=secret)
self.wait_secret_exist(namespace=namespace, name=secret_name)
return output
Example 47
| Source File: cce.py From python-otcclient with MIT License | 5 votes |
|
def create_secret():
if OtcConfig.CLUSTER:
cce.convertClusterNameToId()
url = "https://" + OtcConfig.DEFAULT_HOST + "/api/v1/namespaces/" + OtcConfig.NAMESPACE + "/secrets"
req = utils_templates.create_request("cce_create_secret")
#print(req)
ret = utils_http.post(url, req)
cce.otcOutputHandler().print_output(ret,mainkey="")
return ret
Example 48
| Source File: resource_manager.py From cloudify-manager with Apache License 2.0 | 5 votes |
|
def create_secret(key, secret, tenant):
sm = get_storage_manager()
timestamp = utils.get_formatted_timestamp()
new_secret = models.Secret(
id=key,
value=encrypt(secret['value']),
created_at=timestamp,
updated_at=timestamp,
visibility=secret['visibility'],
is_hidden_value=secret['is_hidden_value'],
tenant=tenant
)
created_secret = sm.put(new_secret)
return created_secret
Example 49
| Source File: paasta_deployd_steps.py From paasta with Apache License 2.0 | 5 votes |
|
def create_secret_json_file(context, secret_name, service, signature):
secret = {
"environments": {
"devc": {"ciphertext": "ScrambledNonsense", "signature": signature}
}
}
if not os.path.exists(os.path.join(context.soa_dir, service, "secrets")):
os.makedirs(os.path.join(context.soa_dir, service, "secrets"))
with open(
os.path.join(context.soa_dir, service, "secrets", f"{secret_name}.json"), "w"
) as secret_file:
json.dump(secret, secret_file)
Example 50
| Source File: K8sSecret.py From kubernetes-py with Apache License 2.0 | 5 votes |
|
def create_image_pull_secret(config=None, prefix=None, name=None, data=None):
s = Secret()
if name is not None:
s.name = "{0}-docker-{1}".format(name, str(uuid.uuid4().hex[:5]))
elif name is None and prefix is not None:
s.name = "{0}-docker-{1}".format(prefix, str(uuid.uuid4().hex[:5]))
else:
s.name = "docker-{0}".format(str(uuid.uuid4().hex[:5]))
s.dockerconfigjson = data
k8s = K8sSecret(config=config, name=s.name)
k8s.model = s
k8s.create()
return k8s
Example 51
| Source File: tenants_utils.py From inference-model-manager with Apache License 2.0 | 5 votes |
|
def create_secret(name, cert, id_token):
cert_secret_metadata = k8s_client.V1ObjectMeta(name=CERT_SECRET_NAME)
cert_secret_data = {"ca.crt": cert}
cert_secret = k8s_client.V1Secret(api_version="v1", data=cert_secret_data,
kind="Secret", metadata=cert_secret_metadata,
type="Opaque")
api_instance = get_k8s_api_client(id_token)
try:
response = api_instance.create_namespaced_secret(namespace=name,
body=cert_secret)
except ApiException as apiException:
raise KubernetesCreateException('secret', apiException)
logger.info('Secret {} created'.format(CERT_SECRET_NAME))
return response
Example 52
| Source File: create_application_insights.py From takeoff with GNU General Public License v3.0 | 5 votes |
|
def create_databricks_secret(self, application_name: str, instrumentation_secret: Secret):
"""Create Databricks secret for Application Insights connectivity
Args:
application_name: Name of the application
instrumentation_secret: Secret to connect to Application Insights
"""
db = CreateDatabricksSecretFromValue(self.env, self.config)
db._create_scope(application_name)
db._add_secrets(application_name, [instrumentation_secret])
Example 53
| Source File: barbican.py From rally-openstack with Apache License 2.0 | 5 votes |
|
def create_secret(self, name=None, payload=None,
payload_content_type=None, payload_content_encoding=None,
algorithm=None, bit_length=None, secret_type=None,
mode=None, expiration=None):
"""Create Secret
:param name: A friendly name for the secret
:param payload: The unecrypted secret data
:param payload_content_type: the format/type of the secret data
:param payload_content_encoding: the encoding of the secret data
:param algorithm: the algorithm associated with this secret key
:param bit_length: The bit length of this secret key
:param mode: the algorigthm mode used with this secret key
:param secret_type: The secret type for this secret key
:param exipration: the expiration time of the secret in ISO8601
format
:returns: a new secret object
"""
name = name or self.generate_random_name()
val = self._clients.barbican().secrets.create(
name=name, payload=payload,
payload_content_type=payload_content_type,
payload_content_encoding=payload_content_encoding,
algorithm=algorithm, bit_length=bit_length, mode=mode,
secret_type=secret_type, expiration=expiration)
val.store()
return val
Example 54
| Source File: secrets_client.py From fandogh-cli with MIT License | 5 votes |
|
def create_secret(name, secret_type, fields):
response = get_session().post(base_secrets_url,
json={
"name": name,
"type": secret_type,
"fields": parse_key_values(fields)
},
)
if response.status_code != 200:
raise get_exception(response)
else:
return response.json()
Example 55
| Source File: create_secret.py From python-docs-samples with Apache License 2.0 | 5 votes |
|
def create_secret(project_id, secret_id):
"""
Create a new secret with the given name. A secret is a logical wrapper
around a collection of secret versions. Secret versions hold the actual
secret material.
"""
# Import the Secret Manager client library.
from google.cloud import secretmanager
# Create the Secret Manager client.
client = secretmanager.SecretManagerServiceClient()
# Build the resource name of the parent project.
parent = client.project_path(project_id)
# Create the secret.
response = client.create_secret(parent, secret_id, {
'replication': {
'automatic': {},
},
})
# Print the new secret name.
print('Created secret: {}'.format(response.name))
# [END secretmanager_create_secret]
return response
Example 56
| Source File: twx.py From twx with MIT License | 5 votes |
|
def create_secret_chat(self, user: User, on_success: callable):
"""
Create a secret chat with the user.
:param user: User to start secret chat with.
:param on_success: Will return the chat and meta information.
"""
pass
Example 57
| Source File: _proxy.py From openstacksdk with Apache License 2.0 | 5 votes |
|
def create_secret(self, **attrs):
"""Create a new secret from attributes
:param dict attrs: Keyword arguments which will be used to create a
:class:`~openstack.key_manager.v1.secret.Secret`,
comprised of the properties on the Order class.
:returns: The results of secret creation
:rtype: :class:`~openstack.key_manager.v1.secret.Secret`
"""
return self._create(_secret.Secret, **attrs)
Example 58
| Source File: libvirt.py From avocado-vt with GNU General Public License v2.0 | 4 votes |
|
def create_secret(params, remote_args=None):
"""
Create a secret with 'virsh secret-define'
:param params: Test run params
:param remote_args: Parameters for remote host
:return: UUID of the secret
"""
sec_usage_type = params.get("sec_usage", "volume")
sec_desc = params.get("sec_desc", "secret_description")
sec_ephemeral = params.get("sec_ephemeral", "no") == "yes"
sec_private = params.get("sec_private", "no") == "yes"
sec_uuid = params.get("sec_uuid", "")
sec_volume = params.get("sec_volume", "/path/to/volume")
sec_name = params.get("sec_name", "secret_name")
sec_target = params.get("sec_target", "secret_target")
supporting_usage_types = ['volume', 'ceph', 'iscsi', 'tls', 'vtpm']
if sec_usage_type not in supporting_usage_types:
raise exceptions.TestError("Supporting secret usage types are: %s" %
supporting_usage_types)
# prepare secret xml
sec_xml = secret_xml.SecretXML("no", "yes")
# set common attributes
sec_xml.description = sec_desc
sec_xml.usage = sec_usage_type
if sec_ephemeral:
sec_xml.secret_ephmeral = "yes"
if sec_private:
sec_xml.secret_private = "yes"
if sec_uuid:
sec_xml.uuid = sec_uuid
sec_xml.usage = sec_usage_type
# set specific attributes for different usage type
if sec_usage_type in ['volume']:
sec_xml.volume = sec_volume
if sec_usage_type in ['ceph', 'tls', 'vtpm']:
sec_xml.usage_name = sec_name
if sec_usage_type in ['iscsi']:
sec_xml.target = sec_target
sec_xml.xmltreefile.write()
logging.debug("The secret xml is: %s" % sec_xml)
# define the secret and get its uuid
if remote_args:
server_ip = remote_args.get("remote_ip", "")
server_user = remote_args.get("remote_user", "")
server_pwd = remote_args.get("remote_pwd", "")
if not all([server_ip, server_user, server_pwd]):
raise exceptions.TestError("remote_[ip|user|pwd] are necessary!")
remote_virsh_session = virsh.VirshPersistent(**remote_args)
remote.scp_to_remote(server_ip, '22', server_user, server_pwd,
sec_xml.xml, sec_xml.xml, limit="",
log_filename=None, timeout=600, interface=None)
ret = remote_virsh_session.secret_define(sec_xml.xml)
remote_virsh_session.close_session()
else:
ret = virsh.secret_define(sec_xml.xml)
check_exit_status(ret)
try:
sec_uuid = re.findall(r".+\S+(\ +\S+)\ +.+\S+",
ret.stdout_text)[0].lstrip()
except IndexError:
raise exceptions.TestError("Fail to get newly created secret uuid")
return sec_uuid
