hea-scripts 1.0.0b2

A collection of scripts for the HEA project.

HEA Scripts

Contains scripts for configuring a Health Enterprise Analytics (HEA) deployment. The primary scripts handle Fernet symmetric encryption of secrets stored in .env files.

Setup

Install the package in editable mode (the dev container does this automatically):

pip install --user -e .

Requires Python 3.10 - 3.12.

Usage

Generate an encryption key

hea-gen-encryption-key

Save the printed key in your .env file as HEA_ENCRYPTION_KEY, or in a dedicated file (recommended) referenced by HEA_ENCRYPTION_KEY_FILE. If using a file, restrict its permissions:

chmod 600 hea_encryption_key.txt

Encrypt / decrypt a value

# Encrypt a literal value
hea-encryption --encrypt <value>

# Encrypt a property already in .env (result is written to stdout with {crypt} prefix)
hea-encryption --encrypt -p <PROPERTY_NAME>

# Decrypt a token
hea-encryption --decrypt <token>

# Read input from a file
hea-encryption --encrypt -f <file>
hea-encryption --decrypt -f <file>

# Write output to a file instead of stdout
hea-encryption --encrypt <value> -o <output_file>

Configuration

Scripts expect a .env file in the working directory. The encryption key is resolved in this order:

1. HEA_ENCRYPTION_KEY_FILE environment variable (path to key file)
2. HEA_ENCRYPTION_KEY_FILE in .env (path to key file)
3. HEA_ENCRYPTION_KEY environment variable (inline key)
4. HEA_ENCRYPTION_KEY in .env (inline key)

Encrypted values stored in .env use the format:

PROPERTY={crypt}<fernet-token>

Contributing

Install the package with the dev optional dependencies to get pytest:

pip install --user -e ".[dev]"

Run the tests:

python -m pytest tests/

Deploying: Run pyproject-build to build a source package and weel.

To deploy, the twine command is configured with a custom .pypirc file located at .devcontainer/pyproject-pypirc. Add your repositories and credentials to that file, and twine upload -r should work.