secread 0.1.4

This Python module allows to retrive secrets from Thycotic Secret Server. It utilizes the REST API

Thycotic Secret Server Reader

This Python module allows to retrive secrets from Thycotic Secret Server. It utilizes the REST API

see: https://docs.thycotic.com/ss/10.8.0/api-scripting/rest-api-reference-download

License

MIT

Installation

Installation with PyPi:

pip install secread

Installation with poetry:

poetry add secread

Configuration

To configure the module use following environment variables. It is also possible to provide the file '.env' with the settings

# copy the template as environment file
cp .env.example .env

# Edit configuration file
vi .env

#############################################################################
# Settings for Thycotic Secret Server Reader

SECRET_SERVER_SITE='https://pw.example.com/SecretServer'
SECRET_SERVER_AUTH_API='/oauth2/token'
SECRET_SERVER_USERNAME='apiuser'
SECRET_SERVER_PASSWORD='my_password_for_apiuser'

# Values for SECRET_SERVER_SSL_VERIFY
# - True    server certificate will be verified (Default)
# - False   server certificate will be ignored; warning
# - Path    path to trusted cerificate bundle e.g. '/etc/ssl/certs/ca-bundle.trust.crt'
SECRET_SERVER_SSL_VERIFY='/etc/ssl/certs/ca-bundle.trust.crt'

# Default field-items to extract from result.
SECRET_SERVER_DEFAULT_SLUGS='["id", "url", "username", "password"]'

# SECRET_SERVER_IS_DUMMY (Default: False)
# - False: Secert-Server-API is active
# - True: The API will not be used. SECRET_SERVER_TEST_DUMMY_RESULT will be returned
# SECRET_SERVER_IS_DUMMY=False

SECRET_SERVER_TEST_DUMMY_RESULT='{"id": "12345", username": "testuser", "password": "testpassword", "url": "https://localhost/SecretServer"}'

# 'name' of the secret that is used for testing on live server
# TEST_SECRET_NAME='GitLab Token netsearch-ro'

Development

The installation instruction for poetry is here: https://python-poetry.org/docs/#installation

git clone https://github.com/jifox/secret-server-reader.git
cd secret-server-reader

# Set python environment to use for development
# poetry env use python3.8

# Install the module
poetry install

# Execute tests (be sure to configure the system before)
poetry run pytest -v

Update pypi

Before updating pypi, the version number must be incremented in following files:

• pyproject.toml
• secread/init.py
• secread/tests/test_secread.py

poetry build
poetry publish

Examples

"""Tests for module secread"""
import os
import pytest
from secread import __version__, SecretServer


def test_version():
    assert __version__ == "0.1.1"


@pytest.fixture
def sec_server():
    return SecretServer()


def test_default_slugs_is_a_list(sec_server: SecretServer):
    slugs = sec_server.SECRET_SERVER_DEFAULT_SLUGS
    assert isinstance(slugs, list)


def test_secretserver(sec_server: SecretServer):
    token = sec_server.getAuthToken()
    assert len(token) > 0, "Token could not be read"


def test_get_secret_response_by_name(sec_server: SecretServer):
    secname = os.getenv("TEST_SECRET_NAME", "GitLab Token netsearch-ro")
    res = sec_server.searchSecretResponse(secname)
    fields = sec_server.getFieldItemWithSlug(res)
    assert "username" in fields.keys(), "Missing username"
    assert "password" in fields.keys(), "Missing password"


def test_get_secret_by_name(sec_server: SecretServer):
    secname = os.getenv("TEST_SECRET_NAME", "GitLab Token netsearch-ro")
    res = sec_server.searchSecret(secname)
    assert "username" in res.keys(), "Missing username"
    assert "password" in res.keys(), "Missing password"