Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Try to add encryption for secrets #36

Merged
merged 5 commits into from
Apr 22, 2024
Merged

Try to add encryption for secrets #36

merged 5 commits into from
Apr 22, 2024

Conversation

oiintam
Copy link
Collaborator

@oiintam oiintam commented Apr 18, 2024
edited
Loading

Encrypted secrets and key already generated and put into the respective directory.

Manual testing: using same code segment to decrypt and print out the password plainly, example:

(pandeia_16.1) -bash-4.2$ python test2.py
my password -  1234567890+_~lalala

(pandeia_16.1) -bash-4.2$ cd -
/internal/data1/secrets
(pandeia_16.1) -bash-4.2$ cat test
1234567890+_~lalala
(pandeia_16.1) -bash-4.2$ cat encrypted_test
gAAAAABmIULCnl96-v02L9E_3Ra21Xfv9ykrSaKZS0NhAhINYXedgfcoqHK4HxuURUc9XRREfmScfn3cbzrIPn5uYiUTRO_B__MYEx31aMlu85ONcDcHcVk=
-bash-4.2$ cat test2.py
from cryptography.fernet import Fernet

# read encrypted pwd and convert into byte
with open('/internal/data1/secrets/encrypted_test') as f:
    encpwd = f.read().strip()
    encpwdbyt = bytes(encpwd, 'utf-8')
f.close()

# read key and convert into byte
with open('/internal/data1/secrets/ref_key') as f:
    refKey = ''.join(f.readlines())
    refKeybyt = bytes(refKey, 'utf-8')
f.close()

# use the key and encrypt pwd
keytouse = Fernet(refKeybyt)
myPassbyt = (keytouse.decrypt(encpwdbyt))
myPass = myPassbyt.decode("utf-8")
print("my password - ",myPass)

Test run: https://glitch.etc.stsci.edu/jwst/test/reports/user_pandeia_jwst_oit_secret_JETC-513_2024-04-22-12:21:01.html

PR that has the same change: https://github.com/spacetelescope/etc-controller/pull/135

Address JETC-513

@oiintam oiintam marked this pull request as draft April 19, 2024 13:11
@oiintam oiintam changed the title Try to add encryption for secrets [Testing in progress] Try to add encryption for secrets Apr 19, 2024
@oiintam oiintam marked this pull request as ready for review April 22, 2024 15:41
@oiintam oiintam marked this pull request as draft April 22, 2024 15:43
@oiintam oiintam marked this pull request as ready for review April 22, 2024 16:24
@oiintam
Copy link
Collaborator Author

oiintam commented Apr 22, 2024

plssph4 is using this branch; login and admin ssph page look good.

@oiintam oiintam self-assigned this Apr 22, 2024
@oiintam oiintam changed the title [Testing in progress] Try to add encryption for secrets Try to add encryption for secrets Apr 22, 2024
dchitti-stsci
dchitti-stsci approved these changes Apr 22, 2024
View reviewed changes
Copy link
Collaborator

@dchitti-stsci dchitti-stsci left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@oiintam oiintam merged commit 0144994 into master Apr 22, 2024
@oiintam oiintam deleted the oit_secret_JETC-513 branch April 22, 2024 20:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dchitti-stsci dchitti-stsci dchitti-stsci approved these changes

@isaacspitzer isaacspitzer isaacspitzer approved these changes

@ariedel ariedel Awaiting requested review from ariedel

@cdsontag cdsontag Awaiting requested review from cdsontag

Assignees

@oiintam oiintam

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@oiintam @isaacspitzer @dchitti-stsci