Reference and use secrets defined in sops file in project repo

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for edvgui from gravatar.com edvgui

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

Sops module

pypi version build status

How to use

  1. Create gpg key on the orchestrator
inmanta@96abdaa7233f:~$ gpg --full-generate-key

  1. Generate key on the dev machine (same as step above)

  2. Import orchestrator key in dev keyring

# On the orchestrator
inmanta@96abdaa7233f:~$ gpg --armor --export email > orchestrator.gpg

# On the dev machine
guillaume@framework:~$ gpg --import orchestrator.gpg
  1. Create keyring file with sops providing fingerprint of dev key and orchestrator key. Edit it using sops binary.
guillaume@framework:/tmp/sops-test$ echo "{}" > test.yml
guillaume@framework:/tmp/sops-test$ sops --pgp 49CAF9DCDAC1643FCBDFCAB93BF8D3BC3B08C360,6F405B4881FF1DE18A4696641BCDCFE5D361E275 -e test.yml > test.encrypted.yml
guillaume@framework:/tmp/sops-test$ sops edit test.encrypted.yml
  1. Reference existing value in sops file in the model.
import mitogen
import files
import files::host
import sops

import std

host = std::Host(
    name="localhost",
    os=std::linux,
    via=mitogen::Local(),
)

files::TextFile(
    host=host,
    path='/example/folder/a.secret',
    owner='guillaume',
    group='guillaume',
    purged=false,
    # The content of the file should be the password of user "a"
    content=sops::create_decrypted_value_reference(
        # The password is located in the decrypted vault file
        sops::create_decrypted_file_reference(
            # The vault should be decrypted with sops, which is
            # installed by this reference.
            sops::create_sops_binary_reference(),
            # The encrypted content of the file can be extracted
            # using this reference
            files::create_text_file_content_reference(
                "file:///example/folder/test.yml",
            ),
            'yml',
        ),
        "users[name=a].password",
    ),
)
  1. (Alternatively) Reference value in sops file, create it if it doesn't exist.
import mitogen
import files
import files::host
import sops

import std

host = std::Host(
    name="localhost",
    os=std::linux,
    via=mitogen::Local(),
)

files::TextFile(
    host=host,
    path='/example/folder/a.secret',
    owner='guillaume',
    group='guillaume',
    purged=false,
    # The content of the file should be the password of user "a", if no password
    # for user a has been defined, create one with default value "b"
    content=sops::create_value_in_vault(
        # The vault should be decrypted with sops, which is
        # installed by this reference.
        sops::create_sops_binary_reference(),
        # The vault is available at this path
        "file:///example/folder/test.yml",
        # This is the location of the password within the vault
        "users[name=a].password",
        default="b",
    ),
)

Running tests

  1. Set up a new virtual environment using uv and install the dependencies.
uv venv -p 3.12
make install
  1. Run tests
uv run pytest tests

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for edvgui from gravatar.com edvgui

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

0.3.2

0.3.1

0.3.0

0.2.3

0.2.2

0.2.1

This version

0.2.0

0.1.0

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

inmanta_module_sops-0.2.0.tar.gz (11.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

inmanta_module_sops-0.2.0-py3-none-any.whl (10.6 kB view details)

Uploaded Python 3

File details

Details for the file inmanta_module_sops-0.2.0.tar.gz.

File metadata

  • Download URL: inmanta_module_sops-0.2.0.tar.gz
  • Upload date:
  • Size: 11.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for inmanta_module_sops-0.2.0.tar.gz
Algorithm Hash digest
SHA256 77162dff8143371ea9c0e069f2e0c1a18267b61b4fd1efa3e6998f3b05387d34
MD5 07c64440a23ac2138c0e1a965f87b35f
BLAKE2b-256 fa3dc86b599801769fabf971049a1c156fe5e9a78ace4b60c43d6053449aa1d0

See more details on using hashes here.

Provenance

The following attestation bundles were made for inmanta_module_sops-0.2.0.tar.gz:

Publisher: continuous-delivery.yml on edvgui/inmanta-module-sops

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file inmanta_module_sops-0.2.0-py3-none-any.whl.

File metadata

File hashes

Hashes for inmanta_module_sops-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 e0f08283a00dc461ac0ac4f0d2d4f3665642dac820f57e573d92c02e1277da21
MD5 1789a3da0720ccc85554db8ac98c09c9
BLAKE2b-256 efefe05d8c653c0e90b0936a6cccf651d905cb49ac691508ec34d63765548cf1

See more details on using hashes here.

Provenance

The following attestation bundles were made for inmanta_module_sops-0.2.0-py3-none-any.whl:

Publisher: continuous-delivery.yml on edvgui/inmanta-module-sops

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page