mirror of
https://github.com/getsops/sops.git
synced 2026-02-05 12:45:21 +01:00
Add type perservation support
This commit is contained in:
Julien Vehent
@@ -225,14 +225,6 @@ files in place with rotation enabled:
|
||||
sops -e -i -r $file
|
||||
done
|
||||
|
||||
Limitations on types
|
||||
~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
`sops` converts all values to string prior to encrypting them. If you wish to
|
||||
encrypt YAML or JSON types that are not string, you may need to perform an extra
|
||||
conversion step after `sops` decryption to recover your original type. We will
|
||||
most likely fix this in the future.
|
||||
|
||||
Cryptographic details
|
||||
---------------------
|
||||
|
||||
|
||||
22
example.json
22
example.json
@@ -1,21 +1,21 @@
|
||||
{
|
||||
"address": {
|
||||
"city": "ENC[AES256_GCM,data:2wNRKB+Sjjw=,iv:rmATLCPii2WMzcT80Wp9gOpYQqzx6juRmCf9ioz2ZLM=,aad:dj0QZW0BvZVjF1Dn25hOJpcwcVB0qYvEIhGWgxq6YzQ=,tag:wOoPYU+8BA9DiNFlsal3Aw==]",
|
||||
"postalCode": "ENC[AES256_GCM,data:xwWZ/np9Gxv3CQ==,iv:OLwOr7iliPyWWBtKfUUH7E1wQlxJLA6aFxIfNAEC/M0=,aad:8mw5NU8MpyBlrh7XaUqa642jeyJWGqKvduaQ5bWJ5pc=,tag:VFmnc4Ay+yKzyHcrKeEzZQ==]",
|
||||
"state": "ENC[AES256_GCM,data:3jY=,iv:Y2bEgkjdn91Pbf5RgJMbyCsyfhV7XWdDhe8wVwTQue0=,aad:DcA5kW1rrET9TxQ4kn9jHSpoMlkcPKs5O5n9wZjZYCQ=,tag:ad1xdNnFwkqx/8EOKVVHIA==]",
|
||||
"streetAddress": "ENC[AES256_GCM,data:payzP57DGPl5S9Z7uQ==,iv:UIz34fk9zH4z6hYfu0duXmAnI8CqnoRhoaIUqg1YoYA=,aad:hll9Baw40lMjwj7HePQ1o1Lsuh1LCwrE6+bkG4025sg=,tag:FDBhYxMmJ1Wj/uxYxdvVZg==]"
|
||||
"city": "ENC[AES256_GCM,data:2wNRKB+Sjjw=,iv:rmATLCPii2WMzcT80Wp9gOpYQqzx6juRmCf9ioz2ZLM=,aad:dj0QZW0BvZVjF1Dn25hOJpcwcVB0qYvEIhGWgxq6YzQ=,tag:wOoPYU+8BA9DiNFlsal3Aw==,type:str]",
|
||||
"postalCode": "ENC[AES256_GCM,data:xwWZ/np9Gxv3CQ==,iv:OLwOr7iliPyWWBtKfUUH7E1wQlxJLA6aFxIfNAEC/M0=,aad:8mw5NU8MpyBlrh7XaUqa642jeyJWGqKvduaQ5bWJ5pc=,tag:VFmnc4Ay+yKzyHcrKeEzZQ==,type:str]",
|
||||
"state": "ENC[AES256_GCM,data:3jY=,iv:Y2bEgkjdn91Pbf5RgJMbyCsyfhV7XWdDhe8wVwTQue0=,aad:DcA5kW1rrET9TxQ4kn9jHSpoMlkcPKs5O5n9wZjZYCQ=,tag:ad1xdNnFwkqx/8EOKVVHIA==,type:str]",
|
||||
"streetAddress": "ENC[AES256_GCM,data:payzP57DGPl5S9Z7uQ==,iv:UIz34fk9zH4z6hYfu0duXmAnI8CqnoRhoaIUqg1YoYA=,aad:hll9Baw40lMjwj7HePQ1o1Lsuh1LCwrE6+bkG4025sg=,tag:FDBhYxMmJ1Wj/uxYxdvVZg==,type:str]"
|
||||
},
|
||||
"age": "ENC[AES256_GCM,data:4Y4=,iv:hi1iSH19dHSgG/c7yVbNj4yzueHSmmY46yYqeNCoX5M=,aad:nnyubQyaWeLTcz9k9cMHUlgTwVDMyHf32sWCBm7KWAA=,tag:4lcMjstadzI8K40BoDEfDA==]",
|
||||
"firstName": "ENC[AES256_GCM,data:KVe8Dw==,iv:+eg+Rjvaqa2EEp6ufw9c4hwWwObxRLPmxx3fG6rkyps=,aad:3BdHcorHfbvM2Jcs96zX0JY2VQL5dBNgy7zwhqLNqAU=,tag:5OD6MN9SPhBmXuA81hyxhQ==]",
|
||||
"lastName": "ENC[AES256_GCM,data:1+koqsI=,iv:b2kBxSW4yOnLFc8qoeylkMtiO/6qr4cZ5VTntXTyXO8=,aad:W7HXukq3lUUMj9i57UehILG2NAp8XCgJMYbvgflWJIY=,tag:HOrgi1L+IRP+X5JGMnm7Ig==]",
|
||||
"age": "ENC[AES256_GCM,data:4Y4=,iv:hi1iSH19dHSgG/c7yVbNj4yzueHSmmY46yYqeNCoX5M=,aad:nnyubQyaWeLTcz9k9cMHUlgTwVDMyHf32sWCBm7KWAA=,tag:4lcMjstadzI8K40BoDEfDA==,type:int]",
|
||||
"firstName": "ENC[AES256_GCM,data:KVe8Dw==,iv:+eg+Rjvaqa2EEp6ufw9c4hwWwObxRLPmxx3fG6rkyps=,aad:3BdHcorHfbvM2Jcs96zX0JY2VQL5dBNgy7zwhqLNqAU=,tag:5OD6MN9SPhBmXuA81hyxhQ==,type:str]",
|
||||
"lastName": "ENC[AES256_GCM,data:1+koqsI=,iv:b2kBxSW4yOnLFc8qoeylkMtiO/6qr4cZ5VTntXTyXO8=,aad:W7HXukq3lUUMj9i57UehILG2NAp8XCgJMYbvgflWJIY=,tag:HOrgi1L+IRP+X5JGMnm7Ig==,type:str]",
|
||||
"phoneNumbers": [
|
||||
{
|
||||
"number": "ENC[AES256_GCM,data:Oo0IxdtBrnfE+bTf,iv:tQ1E/JQ4lHZvj1nQnGL2sKE30sCctjiMCiagS2Yzch8=,aad:P+m5gD3pKfNEOy6t61vbKhEpPtMFI2NZjBPrD/m8T9w=,tag:6iRMUVUEx3UZvUTGTjCdwg==]",
|
||||
"type": "ENC[AES256_GCM,data:M3zOKQ==,iv:pD9RO4BPUVu6AWPo2DprRsOqouN+0HJn+RXQAXhfB2s=,aad:KFBBVEEnSjdmah3i2XmPx7wWEiFPrxpnfKYW4BSolhk=,tag:liwNnip/L6SZ9srn0N5G4g==]"
|
||||
"number": "ENC[AES256_GCM,data:Oo0IxdtBrnfE+bTf,iv:tQ1E/JQ4lHZvj1nQnGL2sKE30sCctjiMCiagS2Yzch8=,aad:P+m5gD3pKfNEOy6t61vbKhEpPtMFI2NZjBPrD/m8T9w=,tag:6iRMUVUEx3UZvUTGTjCdwg==,type:str]",
|
||||
"type": "ENC[AES256_GCM,data:M3zOKQ==,iv:pD9RO4BPUVu6AWPo2DprRsOqouN+0HJn+RXQAXhfB2s=,aad:KFBBVEEnSjdmah3i2XmPx7wWEiFPrxpnfKYW4BSolhk=,tag:liwNnip/L6SZ9srn0N5G4g==,type:str]"
|
||||
},
|
||||
{
|
||||
"number": "ENC[AES256_GCM,data:BI2f/qFUea6UHYQ+,iv:jaVLMju6h7s+AlF7CsPbpUFXO2YtYAqYsCIsyHgfrfI=,aad:N+8sVpdTlY5I+DcvnY018Iyh/QesD7bvwfKHRr7q2L0=,tag:hHPPpQKP4cUIXfh9CFe4dA==]",
|
||||
"type": "ENC[AES256_GCM,data:EfKAdEUP,iv:Td+sGaS8XXRqzY98OK08zmdqsO2EqVGK1/yDTursD8U=,aad:h9zi8s+EBsfR3BQG4r+t+uqeChK4Hw6B9nJCrValXnI=,tag:GxSk1LAQIJNGyUy7AvlanQ==]"
|
||||
"number": "ENC[AES256_GCM,data:BI2f/qFUea6UHYQ+,iv:jaVLMju6h7s+AlF7CsPbpUFXO2YtYAqYsCIsyHgfrfI=,aad:N+8sVpdTlY5I+DcvnY018Iyh/QesD7bvwfKHRr7q2L0=,tag:hHPPpQKP4cUIXfh9CFe4dA==,type:str]",
|
||||
"type": "ENC[AES256_GCM,data:EfKAdEUP,iv:Td+sGaS8XXRqzY98OK08zmdqsO2EqVGK1/yDTursD8U=,aad:h9zi8s+EBsfR3BQG4r+t+uqeChK4Hw6B9nJCrValXnI=,tag:GxSk1LAQIJNGyUy7AvlanQ==,type:str]"
|
||||
}
|
||||
],
|
||||
"sops": {
|
||||
|
||||
19
example.yaml
19
example.yaml
@@ -1,18 +1,19 @@
|
||||
# The secrets below are unreadable without access to one of the sops master key
|
||||
myapp1: ENC[AES256_GCM,data:Tr7oc19nc6t1m9OrUeo=,iv:1vzlPZLfy6wa14/x17P8Ix8wEGDeY0v2dIboZmmwpww=,aad:NpobRzMzpDOkqijzONm8KglltzG+aBV7BJAxtm77veo=,tag:kaYqRgGGBhXhODSSmIZwyA==]
|
||||
myapp1: ENC[AES256_GCM,data:Tr7oc19nc6t1m9OrUeo=,iv:1vzlPZLfy6wa14/x17P8Ix8wEGDeY0v2dIboZmmwpww=,aad:NpobRzMzpDOkqijzONm8KglltzG+aBV7BJAxtm77veo=,tag:kaYqRgGGBhXhODSSmIZwyA==,type:str]
|
||||
app2:
|
||||
db:
|
||||
user: ENC[AES256_GCM,data:YNKE,iv:H9CDb4aUHBJeF2MSTKHQuOwlLxQVdx12AhT0+Dob4JQ=,aad:jlF2KvytlQIgyMpOoO/BiQbukiMwrh1j94Oys+YMgk0=,tag:NeDysIHV9CGtMAQq9i4vMg==]
|
||||
password: ENC[AES256_GCM,data:p673JCgHYw==,iv:EOOeivCp/Fd80xFdMYX0QeZn6orGTK8CeckmipjKqYY=,aad:UAhi/SHK0aCzptnFkFG4dW8Vv1ASg7TDHD6lui9mmKQ=,tag:QE6uuhRx+cGInwSVdmxXzA==]
|
||||
user: ENC[AES256_GCM,data:YNKE,iv:H9CDb4aUHBJeF2MSTKHQuOwlLxQVdx12AhT0+Dob4JQ=,aad:jlF2KvytlQIgyMpOoO/BiQbukiMwrh1j94Oys+YMgk0=,tag:NeDysIHV9CGtMAQq9i4vMg==,type:str]
|
||||
password: ENC[AES256_GCM,data:p673JCgHYw==,iv:EOOeivCp/Fd80xFdMYX0QeZn6orGTK8CeckmipjKqYY=,aad:UAhi/SHK0aCzptnFkFG4dW8Vv1ASg7TDHD6lui9mmKQ=,tag:QE6uuhRx+cGInwSVdmxXzA==,type:str]
|
||||
# private key for secret operations in app2
|
||||
key: |-
|
||||
ENC[AES256_GCM,data:Ea3zTFSOlg1PDZmBa1U2dtKl3pO4nTmaFswJx41fPfq3u8O2/Bq1UVfXn2SrO13obfr6xH4zuUceCDTvW2qvphlan5ir609EXt4dE2TEEcjVKhmAHf4LMwlZVAbvTJtlsnvo/aYJH95uctjsSX5h8pBlLaTGBGYwMrZuMyRU6vdcMWyha+piJckUc9sq7fevy1TSqIxf1Usbn/0NEklWm2VSNzQ2Urqtny6EXar+xU7NfYSRJ3mqmcJZ14oIeXPdpk962RwMEFWdYrbE7D59kWU2BgMjDxYJD5KXpWiw2YCrA/wsATxVCbZlwqC+TJFA5WAUZX756mFhV/t2Li3zQyDNUe6KkMXV9qwf/oV1j5sVRVFsKDYIBqhi3qWBVA+SO9RloQMjhru+IsdbQcS4LKq/1DrBENeZuJ0djUAxKLVfJzMGUf89ju3m9IEPovW8mfF0RbfAGRwFHMO9nEXCxrTLERf3owdR3u4j5/rNBpIvvy1z+2dy6sAx/eyNdS+cn5qO9BPAxsXpSwkaI96rlBagwH1Pfxus0x/D00j93OpE+M8MgQ/9LA68FlCFU4OAQlvw8f7MPoxnq+/+gFTS/qqjTR6EoUuX5NH2WY93YCC5TCbe4GOXyP0H05PbIWq55UMVLNcpAyac3gO4kL5O5U8=,iv:Dl61tsemKH0fdmNul/PmEEsRYFAh8GorR8GRupus/EM=,aad:Ft2aSYYukD1x8pMj1WvmodLjJV6waPy5FqdlImWyQKA=,tag:EPg4KpWqni/buCFjFL857A==]
|
||||
number: ENC[AES256_GCM,data:XMrBalgZ9tvBxQ==,iv:XyEAAaIzVy/2trnJhLrjMInLg8tMI4CAX9+ccnj3T1Y=,aad:JOlAkP159UxDjL1CrumTuQDqgW2+VOIwz7bdfaJIIn4=,tag:WOHOMJS4nhSdj/aQcGbU1A==]
|
||||
ENC[AES256_GCM,data:Ea3zTFSOlg1PDZmBa1U2dtKl3pO4nTmaFswJx41fPfq3u8O2/Bq1UVfXn2SrO13obfr6xH4zuUceCDTvW2qvphlan5ir609EXt4dE2TEEcjVKhmAHf4LMwlZVAbvTJtlsnvo/aYJH95uctjsSX5h8pBlLaTGBGYwMrZuMyRU6vdcMWyha+piJckUc9sq7fevy1TSqIxf1Usbn/0NEklWm2VSNzQ2Urqtny6EXar+xU7NfYSRJ3mqmcJZ14oIeXPdpk962RwMEFWdYrbE7D59kWU2BgMjDxYJD5KXpWiw2YCrA/wsATxVCbZlwqC+TJFA5WAUZX756mFhV/t2Li3zQyDNUe6KkMXV9qwf/oV1j5sVRVFsKDYIBqhi3qWBVA+SO9RloQMjhru+IsdbQcS4LKq/1DrBENeZuJ0djUAxKLVfJzMGUf89ju3m9IEPovW8mfF0RbfAGRwFHMO9nEXCxrTLERf3owdR3u4j5/rNBpIvvy1z+2dy6sAx/eyNdS+cn5qO9BPAxsXpSwkaI96rlBagwH1Pfxus0x/D00j93OpE+M8MgQ/9LA68FlCFU4OAQlvw8f7MPoxnq+/+gFTS/qqjTR6EoUuX5NH2WY93YCC5TCbe4GOXyP0H05PbIWq55UMVLNcpAyac3gO4kL5O5U8=,iv:Dl61tsemKH0fdmNul/PmEEsRYFAh8GorR8GRupus/EM=,aad:Ft2aSYYukD1x8pMj1WvmodLjJV6waPy5FqdlImWyQKA=,tag:EPg4KpWqni/buCFjFL857A==,type:str]
|
||||
integer: ENC[AES256_GCM,data:h9JvmpGYpXZAHg==,iv:zHUU/KWxgi3q+KDFv56QsEJ2e7fN+9Bm1u+JUSQffzs=,aad:LPYNegFpDJClRISzERd/IgcTPn5EOrlYYLRfzhDHVOo=,tag:EUNSGSD7Q4vtD+oAyTaCDw==,type:int]
|
||||
float: ENC[AES256_GCM,data:wuPp0ku4iw==,iv:CdFwwT/MujK3nf7kbNXBwUrRJ25ecR1ne8DLK1jo0Xg=,aad:/L0DMviDGlgzitxVrTOINkWjxaG764zIc4+9TWWpXl4=,tag:ZyvBXcLsRcXjRR2DVE+gxA==,type:float]
|
||||
an_array:
|
||||
- ENC[AES256_GCM,data:td1aAv4s4cOzSo0=,iv:ErVqte7GpQ3JfzVpVRf7pWSQZDHn6W0iAntKWFsMqio=,aad:RiYy8fKX/yVY7KRgXSOIzydT0+TwK7WGzSFSy+1GmVM=,tag:aSGLCmNZsGcBjxEGvNQRwA==]
|
||||
- ENC[AES256_GCM,data:2K8C418jef8zoAY=,iv:cXE4Hwdl4ZHzAHHyyXqaIMFs0mn65JUehDdaw/aM0WI=,aad:RlAgUZUZ1DvxD9/lZQk9KOHKl4L+fYETaAdpDVekCaA=,tag:CORSBzis6Vy45dEvT/UtMg==]
|
||||
- ENC[AES256_GCM,data:hbcOBbsaWmlnrpeuwLfh1ttsi8zj/pxMc1LYqhdksT/oQb80g2z0FE4QwUVb7VV+x98LAWHofVyV8Q==,iv:/sXHXde82r2FyG3Z3vC5x8zONB14RwC0GmtkiYEUNLI=,aad:BQb8l5fZzF/aa/EYnrOQvRfGUTq9QmJOAR/zmgOfYDA=,tag:fjNeg3Manjl6B2U2oflRhg==]
|
||||
- ENC[AES256_GCM,data:LLHkzGobqL53ws6E2zglkA==,iv:g9z3zz4DUzJr4Cim0SVqKF736w2mZoItqbB0TcsGrQU=,aad:Odrvz0loqFdd9wKJz0ULMX/lyEQcX8WaHE59MgeXkcI=,tag:V+rV/AeZ4uEgtwGhlamTag==]
|
||||
- ENC[AES256_GCM,data:td1aAv4s4cOzSo0=,iv:ErVqte7GpQ3JfzVpVRf7pWSQZDHn6W0iAntKWFsMqio=,aad:RiYy8fKX/yVY7KRgXSOIzydT0+TwK7WGzSFSy+1GmVM=,tag:aSGLCmNZsGcBjxEGvNQRwA==,type:str]
|
||||
- ENC[AES256_GCM,data:2K8C418jef8zoAY=,iv:cXE4Hwdl4ZHzAHHyyXqaIMFs0mn65JUehDdaw/aM0WI=,aad:RlAgUZUZ1DvxD9/lZQk9KOHKl4L+fYETaAdpDVekCaA=,tag:CORSBzis6Vy45dEvT/UtMg==,type:str]
|
||||
- ENC[AES256_GCM,data:hbcOBbsaWmlnrpeuwLfh1ttsi8zj/pxMc1LYqhdksT/oQb80g2z0FE4QwUVb7VV+x98LAWHofVyV8Q==,iv:/sXHXde82r2FyG3Z3vC5x8zONB14RwC0GmtkiYEUNLI=,aad:BQb8l5fZzF/aa/EYnrOQvRfGUTq9QmJOAR/zmgOfYDA=,tag:fjNeg3Manjl6B2U2oflRhg==,type:str]
|
||||
- ENC[AES256_GCM,data:LLHkzGobqL53ws6E2zglkA==,iv:g9z3zz4DUzJr4Cim0SVqKF736w2mZoItqbB0TcsGrQU=,aad:Odrvz0loqFdd9wKJz0ULMX/lyEQcX8WaHE59MgeXkcI=,tag:V+rV/AeZ4uEgtwGhlamTag==,type:str]
|
||||
sops:
|
||||
kms:
|
||||
- enc: CiC6yCOtzsnFhkfdIslYZ0bAf//gYLYCmIu87B3sy/5yYxKnAQEBAQB4usgjrc7JxYZH3SLJWGdGwH//4GC2ApiLvOwd7Mv+cmMAAAB+MHwGCSqGSIb3DQEHBqBvMG0CAQAwaAYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAyGdRODuYMHbA8Ozj8CARCAO7opMolPJUmBXd39Zlp0L2H9fzMKidHm1vvaF6nNFq0ClRY7FlIZmTm4JfnOebPseffiXFn9tG8cq7oi
|
||||
|
||||
@@ -84,7 +84,7 @@ example_multiline: |
|
||||
this is a
|
||||
multiline
|
||||
entry
|
||||
|
||||
example_number: 1234.5678
|
||||
"""
|
||||
|
||||
DEFAULT_JSON = """{
|
||||
@@ -92,7 +92,9 @@ DEFAULT_JSON = """{
|
||||
"example_array": [
|
||||
"example_value1",
|
||||
"example_value2"
|
||||
]}"""
|
||||
],
|
||||
"example_number": 1234.5678
|
||||
}"""
|
||||
|
||||
DEFAULT_TEXT = """Welcome to SOPS!
|
||||
Remove this text and add your content to the file.
|
||||
@@ -437,11 +439,12 @@ def walk_list_and_decrypt(branch, key, stash=None):
|
||||
|
||||
def decrypt(value, key, stash=None):
|
||||
"""Return a decrypted value."""
|
||||
# operate on bytes, but return a string
|
||||
value = value.encode('utf-8')
|
||||
valre = b'^ENC\[AES256_GCM,data:(.+),iv:(.+),aad:(.+),tag:(.+)'
|
||||
# extract fields using a regex
|
||||
res = re.match(b'^ENC\[AES256_GCM,data:(.+),iv:(.+),aad:(.+),tag:(.+)\]$',
|
||||
value)
|
||||
if 'type:' in value:
|
||||
valre += b',type:(.+)'
|
||||
valre += b'\]'
|
||||
res = re.match(valre, value.encode('utf-8'))
|
||||
# if the value isn't in encrypted form, return it as is
|
||||
if res is None:
|
||||
return value
|
||||
@@ -449,6 +452,11 @@ def decrypt(value, key, stash=None):
|
||||
iv = b64decode(res.group(2))
|
||||
aad = b64decode(res.group(3))
|
||||
tag = b64decode(res.group(4))
|
||||
valtype = 'str'
|
||||
try:
|
||||
valtype = res.group(5)
|
||||
except:
|
||||
None
|
||||
decryptor = Cipher(algorithms.AES(key),
|
||||
modes.GCM(iv, tag),
|
||||
default_backend()
|
||||
@@ -460,7 +468,12 @@ def decrypt(value, key, stash=None):
|
||||
stash['iv'] = iv
|
||||
stash['aad'] = aad
|
||||
stash['cleartext'] = cleartext
|
||||
return cleartext.decode('utf-8')
|
||||
if valtype == b'str':
|
||||
return cleartext.decode('utf-8')
|
||||
if valtype == b'int':
|
||||
return int(cleartext.decode('utf-8'))
|
||||
if valtype == b'float':
|
||||
return float(cleartext.decode('utf-8'))
|
||||
|
||||
|
||||
def walk_and_encrypt(branch, key, stash=None):
|
||||
@@ -502,6 +515,11 @@ def walk_list_and_encrypt(branch, key, stash=None):
|
||||
|
||||
def encrypt(value, key, stash=None):
|
||||
"""Return an encrypted string of the value provided."""
|
||||
valtype = 'str'
|
||||
if isinstance(value, int):
|
||||
valtype = 'int'
|
||||
if isinstance(value, float):
|
||||
valtype = 'float'
|
||||
value = str(value).encode('utf-8')
|
||||
# if we have a stash, and the value of cleartext has not changed,
|
||||
# attempt to take the IV and AAD value from the stash.
|
||||
@@ -519,10 +537,12 @@ def encrypt(value, key, stash=None):
|
||||
encryptor.authenticate_additional_data(aad)
|
||||
enc_value = encryptor.update(value) + encryptor.finalize()
|
||||
return "ENC[AES256_GCM,data:{value},iv:{iv},aad:{aad}," \
|
||||
"tag:{tag}]".format(value=b64encode(enc_value).decode('utf-8'),
|
||||
iv=b64encode(iv).decode('utf-8'),
|
||||
aad=b64encode(aad).decode('utf-8'),
|
||||
tag=b64encode(encryptor.tag).decode('utf-8'))
|
||||
"tag:{tag},type:{valtype}]".format(
|
||||
value=b64encode(enc_value).decode('utf-8'),
|
||||
iv=b64encode(iv).decode('utf-8'),
|
||||
aad=b64encode(aad).decode('utf-8'),
|
||||
tag=b64encode(encryptor.tag).decode('utf-8'),
|
||||
valtype=valtype)
|
||||
|
||||
|
||||
def get_key(tree, need_key=False):
|
||||
|
||||
@@ -78,7 +78,7 @@ class TreeTest(unittest2.TestCase):
|
||||
# - SOPS_PGP_FP env variable is used
|
||||
# - panic error is raise and program quit with code 111 if
|
||||
# nothing is defined
|
||||
log= logging.getLogger( "TreeTest.test_verify_or_create_sops_branch" )
|
||||
log = logging.getLogger( "TreeTest.test_verify_or_create_sops_branch" )
|
||||
kms_arns = "arn:aws:kms:us-east-1:656532927350:key/" + \
|
||||
"920aff2e-c5f1-4040-943a-047fa387b27e+arn:aws:iam::" +\
|
||||
"927034868273:role/sops-dev, arn:aws:kms:ap-southeast-1:" + \
|
||||
@@ -147,8 +147,19 @@ class TreeTest(unittest2.TestCase):
|
||||
key = os.urandom(32)
|
||||
with mock.patch.object(builtins, 'open', m):
|
||||
tree = sops.load_file_into_tree('path', 'json')
|
||||
crypttree = sops.walk_and_encrypt(tree, key)
|
||||
cleartree = sops.walk_and_decrypt(crypttree, key)
|
||||
crypttree = sops.walk_and_encrypt(dict(tree), key)
|
||||
cleartree = sops.walk_and_decrypt(dict(crypttree), key)
|
||||
assert cleartree == tree
|
||||
|
||||
def test_numbers_encrypt_and_decrypt(self):
|
||||
"""Test encryption/decryption of numbers"""
|
||||
m = mock.mock_open(read_data='{"a":1234,"b":[567,890.123],"c":5.4999517527e+10}')
|
||||
tree = dict()
|
||||
key = os.urandom(32)
|
||||
with mock.patch.object(builtins, 'open', m):
|
||||
tree = sops.load_file_into_tree('path', 'json')
|
||||
crypttree = sops.walk_and_encrypt(dict(tree), key)
|
||||
cleartree = sops.walk_and_decrypt(dict(crypttree), key)
|
||||
assert cleartree == tree
|
||||
|
||||
def test_walk_list_and_encrypt(self):
|
||||
@@ -167,10 +178,10 @@ class TreeTest(unittest2.TestCase):
|
||||
|
||||
def test_encrypt_decrypt(self):
|
||||
"""Test a roundtrip in the encryption/decryption code"""
|
||||
origin = "AAAAAAAA"
|
||||
key = os.urandom(32)
|
||||
cryptstr = sops.encrypt("AAAAAAA", key)
|
||||
clearstr = sops.decrypt(cryptstr, key)
|
||||
assert clearstr == "AAAAAAA"
|
||||
clearstr = sops.decrypt(sops.encrypt(origin, key), key)
|
||||
assert clearstr == origin
|
||||
|
||||
# Test keys management
|
||||
def test_get_key(self):
|
||||
|
||||
Reference in New Issue
Block a user