Reference and use secrets defined in sops file in project repo

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for edvgui from gravatar.com edvgui

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

Sops module

pypi version build status

How to use

  1. Create gpg key on the orchestrator
inmanta@96abdaa7233f:~$ gpg --full-generate-key

  1. Generate key on the dev machine (same as step above)

  2. Import orchestrator key in dev keyring

# On the orchestrator
inmanta@96abdaa7233f:~$ gpg --armor --export email > orchestrator.gpg

# On the dev machine
guillaume@framework:~$ gpg --import orchestrator.gpg
  1. Create keyring file with sops providing fingerprint of dev key and orchestrator key. Edit it using sops binary.
guillaume@framework:/tmp/sops-test$ echo "{}" > test.yml
guillaume@framework:/tmp/sops-test$ sops --pgp 49CAF9DCDAC1643FCBDFCAB93BF8D3BC3B08C360,6F405B4881FF1DE18A4696641BCDCFE5D361E275 -e test.yml > test.encrypted.yml
guillaume@framework:/tmp/sops-test$ sops edit test.encrypted.yml
  1. Reference existing value in sops file in the model.
import mitogen
import files
import files::host
import sops

import std

host = std::Host(
    name="localhost",
    os=std::linux,
    via=mitogen::Local(),
)

files::TextFile(
    host=host,
    path='/example/folder/a.secret',
    owner='guillaume',
    group='guillaume',
    purged=false,
    # The content of the file should be the password of user "a"
    content=sops::create_decrypted_value_reference(
        # The password is located in the decrypted vault file
        sops::create_decrypted_file_reference(
            # The vault should be decrypted with sops, which is
            # installed by this reference.
            sops::create_sops_binary_reference(),
            # The encrypted content of the file can be extracted
            # using this reference
            files::create_text_file_content_reference(
                "file:///example/folder/test.yml",
            ),
            'yml',
        ),
        "users[name=a].password",
    ),
)
  1. (Alternatively) Reference value in sops file, create it if it doesn't exist.
import mitogen
import files
import files::host
import sops

import std

host = std::Host(
    name="localhost",
    os=std::linux,
    via=mitogen::Local(),
)

files::TextFile(
    host=host,
    path='/example/folder/a.secret',
    owner='guillaume',
    group='guillaume',
    purged=false,
    # The content of the file should be the password of user "a", if no password
    # for user a has been defined, create one with default value "b"
    content=sops::create_value_in_vault(
        # The vault should be decrypted with sops, which is
        # installed by this reference.
        sops::create_sops_binary_reference(),
        # The vault is available at this path
        "file:///example/folder/test.yml",
        # This is the location of the password within the vault
        "users[name=a].password",
        default="b",
    ),
)

Running tests

  1. Set up a new virtual environment using uv and install the dependencies.
uv venv -p 3.12
make install
  1. Run tests
uv run pytest tests

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for edvgui from gravatar.com edvgui

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

0.3.2

0.3.1

This version

0.3.0

0.2.3

0.2.2

0.2.1

0.2.0

0.1.0

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

inmanta_module_sops-0.3.0.tar.gz (15.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

inmanta_module_sops-0.3.0-py3-none-any.whl (19.1 kB view details)

Uploaded Python 3

File details

Details for the file inmanta_module_sops-0.3.0.tar.gz.

File metadata

  • Download URL: inmanta_module_sops-0.3.0.tar.gz
  • Upload date:
  • Size: 15.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for inmanta_module_sops-0.3.0.tar.gz
Algorithm Hash digest
SHA256 a418433352e8160ff0a5b947e268055a1d674e57f6979936a0007c4146e69bf1
MD5 f438b369c4274bc6236c0a7730bd628a
BLAKE2b-256 b29db305795b908d186b6f19716ce974e1f920cbca198eadd1eda32cbe598990

See more details on using hashes here.

Provenance

The following attestation bundles were made for inmanta_module_sops-0.3.0.tar.gz:

Publisher: continuous-delivery.yml on edvgui/inmanta-module-sops

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file inmanta_module_sops-0.3.0-py3-none-any.whl.

File metadata

File hashes

Hashes for inmanta_module_sops-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 d48f5fa53915d4280f6e54af40c1435ab5d99debb47d755784c9fc9360f31584
MD5 13ad6cd857aa4c9030065c2de39d051f
BLAKE2b-256 57bdc026c16956f91868d9580ef2c2c1c18a7180655b09d70caccfaa8429ae56

See more details on using hashes here.

Provenance

The following attestation bundles were made for inmanta_module_sops-0.3.0-py3-none-any.whl:

Publisher: continuous-delivery.yml on edvgui/inmanta-module-sops

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page