Reference and use secrets defined in sops file in project repo

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for edvgui from gravatar.com edvgui

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

Sops module

pypi version build status

How to use

  1. Create gpg key on the orchestrator
inmanta@96abdaa7233f:~$ gpg --full-generate-key

  1. Generate key on the dev machine (same as step above)

  2. Import orchestrator key in dev keyring

# On the orchestrator
inmanta@96abdaa7233f:~$ gpg --armor --export email > orchestrator.gpg

# On the dev machine
guillaume@framework:~$ gpg --import orchestrator.gpg
  1. Create keyring file with sops providing fingerprint of dev key and orchestrator key. Edit it using sops binary.
guillaume@framework:/tmp/sops-test$ echo "{}" > test.yml
guillaume@framework:/tmp/sops-test$ sops --pgp 49CAF9DCDAC1643FCBDFCAB93BF8D3BC3B08C360,6F405B4881FF1DE18A4696641BCDCFE5D361E275 -e test.yml > test.encrypted.yml
guillaume@framework:/tmp/sops-test$ sops edit test.encrypted.yml
  1. Reference existing value in sops file in the model.
import mitogen
import files
import files::host
import sops

import std

host = std::Host(
    name="localhost",
    os=std::linux,
    via=mitogen::Local(),
)

files::TextFile(
    host=host,
    path='/example/folder/a.secret',
    owner='guillaume',
    group='guillaume',
    purged=false,
    # The content of the file should be the password of user "a"
    content=sops::create_decrypted_value_reference(
        # The password is located in the decrypted vault file
        sops::create_decrypted_file_reference(
            # The vault should be decrypted with sops, which is
            # installed by this reference.
            sops::create_sops_binary_reference(),
            # The encrypted content of the file can be extracted
            # using this reference
            files::create_text_file_content_reference(
                "file:///example/folder/test.yml",
            ),
            'yml',
        ),
        "users[name=a].password",
    ),
)
  1. (Alternatively) Reference value in sops file, create it if it doesn't exist.
import mitogen
import files
import files::host
import sops

import std

host = std::Host(
    name="localhost",
    os=std::linux,
    via=mitogen::Local(),
)

files::TextFile(
    host=host,
    path='/example/folder/a.secret',
    owner='guillaume',
    group='guillaume',
    purged=false,
    # The content of the file should be the password of user "a", if no password
    # for user a has been defined, create one with default value "b"
    content=sops::create_value_in_vault(
        # The vault should be decrypted with sops, which is
        # installed by this reference.
        sops::create_sops_binary_reference(),
        # The vault is available at this path
        "file:///example/folder/test.yml",
        # This is the location of the password within the vault
        "users[name=a].password",
        default="b",
    ),
)

Running tests

  1. Set up a new virtual environment using uv and install the dependencies.
uv venv -p 3.12
make install
  1. Run tests
uv run pytest tests

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for edvgui from gravatar.com edvgui

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

0.3.2

0.3.1

0.3.0

0.2.3

0.2.2

This version

0.2.1

0.2.0

0.1.0

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

inmanta_module_sops-0.2.1.tar.gz (12.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

inmanta_module_sops-0.2.1-py3-none-any.whl (11.5 kB view details)

Uploaded Python 3

File details

Details for the file inmanta_module_sops-0.2.1.tar.gz.

File metadata

  • Download URL: inmanta_module_sops-0.2.1.tar.gz
  • Upload date:
  • Size: 12.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for inmanta_module_sops-0.2.1.tar.gz
Algorithm Hash digest
SHA256 abd1fc8b1a18150b725a55b1c1bdcadb25b40002bc40779b6fbed5af0b605694
MD5 c2910ac51f4a22f66be6a635499e1e8e
BLAKE2b-256 a207a9d79772a4563a1d26adbffd68753ef9406eec3032efae5a5a6687c181b7

See more details on using hashes here.

Provenance

The following attestation bundles were made for inmanta_module_sops-0.2.1.tar.gz:

Publisher: continuous-delivery.yml on edvgui/inmanta-module-sops

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file inmanta_module_sops-0.2.1-py3-none-any.whl.

File metadata

File hashes

Hashes for inmanta_module_sops-0.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 aa7a56382896c2e786d7f3b1c5f9211f2c308af77ba9ab07ff23db46380bfc49
MD5 d26cfb1d3675f424e019aa139bdbd6c7
BLAKE2b-256 fc50e846f9bdb971c28382f7160a760ea37ed3b4f982db94f214c653a1654ca3

See more details on using hashes here.

Provenance

The following attestation bundles were made for inmanta_module_sops-0.2.1-py3-none-any.whl:

Publisher: continuous-delivery.yml on edvgui/inmanta-module-sops

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page