Reference and use secrets defined in sops file in project repo

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for edvgui from gravatar.com edvgui

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

Sops module

pypi version build status

How to use

  1. Create gpg key on the orchestrator
inmanta@96abdaa7233f:~$ gpg --full-generate-key

  1. Generate key on the dev machine (same as step above)

  2. Import orchestrator key in dev keyring

# On the orchestrator
inmanta@96abdaa7233f:~$ gpg --armor --export email > orchestrator.gpg

# On the dev machine
guillaume@framework:~$ gpg --import orchestrator.gpg
  1. Create keyring file with sops providing fingerprint of dev key and orchestrator key. Edit it using sops binary.
guillaume@framework:/tmp/sops-test$ echo "{}" > test.yml
guillaume@framework:/tmp/sops-test$ sops --pgp 49CAF9DCDAC1643FCBDFCAB93BF8D3BC3B08C360,6F405B4881FF1DE18A4696641BCDCFE5D361E275 -e test.yml > test.encrypted.yml
guillaume@framework:/tmp/sops-test$ sops edit test.encrypted.yml
  1. Reference existing value in sops file in the model.
import mitogen
import files
import files::host
import sops

import std

host = std::Host(
    name="localhost",
    os=std::linux,
    via=mitogen::Local(),
)

files::TextFile(
    host=host,
    path='/example/folder/a.secret',
    owner='guillaume',
    group='guillaume',
    purged=false,
    # The content of the file should be the password of user "a"
    content=sops::create_decrypted_value_reference(
        # The password is located in the decrypted vault file
        sops::create_decrypted_file_reference(
            # The vault should be decrypted with sops, which is
            # installed by this reference.
            sops::create_sops_binary_reference(),
            # The encrypted content of the file can be extracted
            # using this reference
            files::create_text_file_content_reference(
                "file:///example/folder/test.yml",
            ),
            'yml',
        ),
        "users[name=a].password",
    ),
)
  1. (Alternatively) Reference value in sops file, create it if it doesn't exist.
import mitogen
import files
import files::host
import sops

import std

host = std::Host(
    name="localhost",
    os=std::linux,
    via=mitogen::Local(),
)

files::TextFile(
    host=host,
    path='/example/folder/a.secret',
    owner='guillaume',
    group='guillaume',
    purged=false,
    # The content of the file should be the password of user "a", if no password
    # for user a has been defined, create one with default value "b"
    content=sops::create_value_in_vault(
        # The vault should be decrypted with sops, which is
        # installed by this reference.
        sops::create_sops_binary_reference(),
        # The vault is available at this path
        "file:///example/folder/test.yml",
        # This is the location of the password within the vault
        "users[name=a].password",
        default="b",
    ),
)

Running tests

  1. Set up a new virtual environment using uv and install the dependencies.
uv venv -p 3.12
make install
  1. Run tests
uv run pytest tests

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for edvgui from gravatar.com edvgui

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

0.3.2

0.3.1

0.3.0

This version

0.2.3

0.2.2

0.2.1

0.2.0

0.1.0

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

inmanta_module_sops-0.2.3.tar.gz (14.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

inmanta_module_sops-0.2.3-py3-none-any.whl (12.7 kB view details)

Uploaded Python 3

File details

Details for the file inmanta_module_sops-0.2.3.tar.gz.

File metadata

  • Download URL: inmanta_module_sops-0.2.3.tar.gz
  • Upload date:
  • Size: 14.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for inmanta_module_sops-0.2.3.tar.gz
Algorithm Hash digest
SHA256 e456617fb242def45cf5e56e8517f56142edbf89f4258e02be677755cd03e52f
MD5 c7ad0092988b12f02e7118d61361fe5e
BLAKE2b-256 3f643f07f2957111a7a00ec2a34d17525ffb0b61af63694724fe369f6e7b18f8

See more details on using hashes here.

Provenance

The following attestation bundles were made for inmanta_module_sops-0.2.3.tar.gz:

Publisher: continuous-delivery.yml on edvgui/inmanta-module-sops

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file inmanta_module_sops-0.2.3-py3-none-any.whl.

File metadata

File hashes

Hashes for inmanta_module_sops-0.2.3-py3-none-any.whl
Algorithm Hash digest
SHA256 f4f440bf11f2fd58a451d219694b39e8335b28a4c813eee2da68c11ca4a97db2
MD5 e229e98fd5b969f14416d0aee5fd261a
BLAKE2b-256 558b6d42344e8d2a17246ab25024f063f75edfef86ec2fc48d0e212ad194b1c1

See more details on using hashes here.

Provenance

The following attestation bundles were made for inmanta_module_sops-0.2.3-py3-none-any.whl:

Publisher: continuous-delivery.yml on edvgui/inmanta-module-sops

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page