Reference and use secrets defined in sops file in project repo

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for edvgui from gravatar.com edvgui

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

Sops module

pypi version build status

How to use

  1. Create gpg key on the orchestrator
inmanta@96abdaa7233f:~$ gpg --full-generate-key

  1. Generate key on the dev machine (same as step above)

  2. Import orchestrator key in dev keyring

# On the orchestrator
inmanta@96abdaa7233f:~$ gpg --armor --export email > orchestrator.gpg

# On the dev machine
guillaume@framework:~$ gpg --import orchestrator.gpg
  1. Create keyring file with sops providing fingerprint of dev key and orchestrator key. Edit it using sops binary.
guillaume@framework:/tmp/sops-test$ echo "{}" > test.yml
guillaume@framework:/tmp/sops-test$ sops --pgp 49CAF9DCDAC1643FCBDFCAB93BF8D3BC3B08C360,6F405B4881FF1DE18A4696641BCDCFE5D361E275 -e test.yml > test.encrypted.yml
guillaume@framework:/tmp/sops-test$ sops edit test.encrypted.yml
  1. Reference existing value in sops file in the model.
import mitogen
import files
import files::host
import sops

import std

host = std::Host(
    name="localhost",
    os=std::linux,
    via=mitogen::Local(),
)

files::TextFile(
    host=host,
    path='/example/folder/a.secret',
    owner='guillaume',
    group='guillaume',
    purged=false,
    # The content of the file should be the password of user "a"
    content=sops::create_decrypted_value_reference(
        # The password is located in the decrypted vault file
        sops::create_decrypted_file_reference(
            # The vault should be decrypted with sops, which is
            # installed by this reference.
            sops::create_sops_binary_reference(),
            # The encrypted content of the file can be extracted
            # using this reference
            files::create_text_file_content_reference(
                "file:///example/folder/test.yml",
            ),
            'yml',
        ),
        "users[name=a].password",
    ),
)
  1. (Alternatively) Reference value in sops file, create it if it doesn't exist.
import mitogen
import files
import files::host
import sops

import std

host = std::Host(
    name="localhost",
    os=std::linux,
    via=mitogen::Local(),
)

files::TextFile(
    host=host,
    path='/example/folder/a.secret',
    owner='guillaume',
    group='guillaume',
    purged=false,
    # The content of the file should be the password of user "a", if no password
    # for user a has been defined, create one with default value "b"
    content=sops::create_value_in_vault(
        # The vault should be decrypted with sops, which is
        # installed by this reference.
        sops::create_sops_binary_reference(),
        # The vault is available at this path
        "file:///example/folder/test.yml",
        # This is the location of the password within the vault
        "users[name=a].password",
        default="b",
    ),
)

Running tests

  1. Set up a new virtual environment using uv and install the dependencies.
uv venv -p 3.12
make install
  1. Run tests
uv run pytest tests

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for edvgui from gravatar.com edvgui

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

This version

0.3.2

0.3.1

0.3.0

0.2.3

0.2.2

0.2.1

0.2.0

0.1.0

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

inmanta_module_sops-0.3.2.tar.gz (15.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

inmanta_module_sops-0.3.2-py3-none-any.whl (15.1 kB view details)

Uploaded Python 3

File details

Details for the file inmanta_module_sops-0.3.2.tar.gz.

File metadata

  • Download URL: inmanta_module_sops-0.3.2.tar.gz
  • Upload date:
  • Size: 15.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for inmanta_module_sops-0.3.2.tar.gz
Algorithm Hash digest
SHA256 800c9f0d243273525c8ac780e3ac6654545453f6d4a0f83644cb3e2bc70a0c0f
MD5 9bf13b81343408c25db319348c94f11b
BLAKE2b-256 e82c131ba762a5c9f52da7ebba70b2c67c28c88e8b3c6fb5857a38ba177d0b2c

See more details on using hashes here.

Provenance

The following attestation bundles were made for inmanta_module_sops-0.3.2.tar.gz:

Publisher: continuous-delivery.yml on edvgui/inmanta-module-sops

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file inmanta_module_sops-0.3.2-py3-none-any.whl.

File metadata

File hashes

Hashes for inmanta_module_sops-0.3.2-py3-none-any.whl
Algorithm Hash digest
SHA256 1502d68e7de7890fae82f779962c01880d86ae4b895a840483783f28b6e7fbb3
MD5 70ff8dd9040061b872ba65580b3ebe40
BLAKE2b-256 363a782533a479d45c4945f50382beecfa3656a723e8d212d9fdfb89b5de5d13

See more details on using hashes here.

Provenance

The following attestation bundles were made for inmanta_module_sops-0.3.2-py3-none-any.whl:

Publisher: continuous-delivery.yml on edvgui/inmanta-module-sops

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page