Skip to content
Permalink
Browse files

Revert "Resolves #73: Support binary secrets"

  • Loading branch information...
alex-luminal committed Oct 24, 2018
1 parent 8b7363f commit cc841c64a69a5bf20e269404a665ea2e46431bc1
Showing with 15 additions and 22 deletions.
  1. +15 −22 credstash.py
@@ -141,13 +141,6 @@ def printStdErr(s):
sys.stderr.write("\n")


def printStdOut(s):
if hasattr(sys.stdout, 'buffer'):
sys.stdout.buffer.write(s)
else:
sys.stdout.write(s)


def fatal(s):
printStdErr(s)
sys.exit(1)
@@ -175,24 +168,23 @@ def value_or_filename(string):
# string to this function before it passes the actual value.
# If an empty string is passes in, just return an empty string
if string == "":
return "".encode()
return ""

output = ""
if string == '-':
try:
output = sys.stdin.read().encode()
return sys.stdin.read()
except KeyboardInterrupt:
raise argparse.ArgumentTypeError("Unable to read value from stdin")
elif string[0] == "@":
filename = string[1:]
try:
with open(os.path.expanduser(filename), 'rb') as f:
with open(os.path.expanduser(filename)) as f:
output = f.read()
except IOError:
raise argparse.ArgumentTypeError("Unable to read file %s" %
filename)
else:
output = string.encode()
output = string
return output


@@ -372,7 +364,7 @@ def getAllAction(args, region, **session_params):
elif args.format == 'dotenv':
output_func = dotenv_dump
output_args = {}
printStdout(output_func(secrets, **output_args))
print(output_func(secrets, **output_args))


@clean_fail
@@ -457,13 +449,13 @@ def getSecretAction(args, region, **session_params):
elif args.format == 'dotenv':
output_func = dotenv_dump
output_args = {}
printStdout(output_func(secrets, **output_args))
sys.stdout.write(output_func(secrets, **output_args))
else:
printStdout(getSecret(args.credential, args.version,
sys.stdout.write(getSecret(args.credential, args.version,
region=region, table=args.table,
context=args.context,
**session_params))
if args.newline:
if not args.noline:
sys.stdout.write("\n")
except ItemNotFound as e:
fatal(e)
@@ -627,7 +619,7 @@ def open_aes_ctr_legacy(key_service, material):
hmac = codecs.decode(material['hmac'].value, "hex")
else:
hmac = codecs.decode(material['hmac'], "hex")
return _open_aes_ctr(key, LEGACY_NONCE, ciphertext, hmac, digest_method)
return _open_aes_ctr(key, LEGACY_NONCE, ciphertext, hmac, digest_method).decode("utf-8")


def seal_aes_ctr_legacy(key_service, secret, digest_method=DEFAULT_DIGEST):
@@ -664,15 +656,15 @@ def _open_aes_ctr(key, nonce, ciphertext, expected_hmac, digest_method):
return decryptor.update(ciphertext) + decryptor.finalize()


def _seal_aes_ctr(data, key, nonce, digest_method):
def _seal_aes_ctr(plaintext, key, nonce, digest_method):
data_key, hmac_key = _halve_key(key)
encryptor = Cipher(
algorithms.AES(data_key),
modes.CTR(nonce),
backend=default_backend()
).encryptor()

ciphertext = encryptor.update(data) + encryptor.finalize()
ciphertext = encryptor.update(plaintext.encode("utf-8")) + encryptor.finalize()
return ciphertext, _get_hmac(hmac_key, ciphertext, digest_method)


@@ -786,9 +778,10 @@ def get_parser():
help="encryption context key/value pairs "
"associated with the credential in the form "
"of \"key=value\"")
parsers[action].add_argument("-n", "--noline", help=argparse.SUPPRESS)
parsers[action].add_argument("-e", "--newline", action="store_true",
help="Append newline to returned value")
parsers[action].add_argument("-n", "--noline", action="store_true",
help="Don't append newline to returned "
"value (useful in scripts or with "
"binary files)")
parsers[action].add_argument("-v", "--version", default="",
help="Get a specific version of the "
"credential (defaults to the latest version)")

0 comments on commit cc841c6

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.