cli.certificates Namespace Reference

Classes
class	CertificateCommand
class	UploadCertificateCommand

Functions
def	__derive_key__ (password, salt=None)
def	__encrypt_data__ (password, salt, data)
def	update_secrets_value (secret_id, salt, private_key)
def	get_secret_value (client, secret_id)
def	put_secret_value (client, secret_id, secrets)

Variables
list	AWS_REGIONS
string	SALT = 'LTzkm1w/p3ReDm9kmfmnwQ=='
string	ENCODING = 'utf-8'
int	AES_KEY_BYTES = 32

Detailed Description

Run cumanage operations in an AWS hosted stack.

Function Documentation

__derive_key__()

def cli.certificates.__derive_key__	(		password,
			salt = None
	)

Return key using PBKDF2

Definition at line 25 of file certificates.py.

def __derive_key__(password, salt=None):
    '''Return key using PBKDF2'''
    if not salt:
        salt = SALT
    return PBKDF2(
        password,
        salt.encode(ENCODING),
        AES_KEY_BYTES
    )

__encrypt_data__()

def cli.certificates.__encrypt_data__	(		password,
			salt,
			data
	)

Encrypt given data using password and PBKDF2 key stretching

Definition at line 36 of file certificates.py.

def __encrypt_data__(password, salt, data):
    '''Encrypt given data using password and PBKDF2 key stretching'''
    key = __derive_key__(password, salt)
    aes_cipher = AES.new(key, AES.MODE_CTR, counter=Counter.new(128))
    return aes_cipher.encrypt(data.encode(ENCODING))

get_secret_value()

def cli.certificates.get_secret_value	(		client,
			secret_id
	)

Return the JSON data for the provided `secret_id`

If there is no secret for the provided `secret_id` return an empty
dictionary.

Definition at line 118 of file certificates.py.

def get_secret_value(client, secret_id):
    '''Return the JSON data for the provided `secret_id`

    If there is no secret for the provided `secret_id` return an empty
    dictionary.
    '''
    try:
        response = client.get_secret_value(SecretId=secret_id)
        return json.loads(response['SecretString'])
    except client.exceptions.ResourceNotFoundException:
        return {}

put_secret_value()

def cli.certificates.put_secret_value	(		client,
			secret_id,
			secrets
	)

Create or Update secret value of the provided `secret_id`

Definition at line 131 of file certificates.py.

def put_secret_value(client, secret_id, secrets):
    '''Create or Update secret value of the provided `secret_id`'''
    json_secrets = json.dumps(secrets)
    if get_secret_value(client, secret_id) == {}:
        response = client.create_secret(
            Name=secret_id,
            SecretString=json_secrets
        )
    else:
        response = client.put_secret_value(
            SecretId=secret_id,
            SecretString=json.dumps(secrets)
        )
    return response['ARN']

update_secrets_value()

def cli.certificates.update_secrets_value	(		secret_id,
			salt,
			private_key
	)

Update new secrets value for `secret_id`

Definition at line 102 of file certificates.py.

def update_secrets_value(secret_id, salt, private_key):
    '''Update new secrets value for `secret_id`'''
    arns = []
    for region in AWS_REGIONS:
        client = boto3.client('secretsmanager', region_name=region)
        secret_dictionary = get_secret_value(client, secret_id)

        secret_dictionary['salt'] = salt
        secret_dictionary['password'] = private_key

        arn = put_secret_value(client, secret_id, secret_dictionary)
        arns.append(arn)

    return arns

Variable Documentation

AWS_REGIONS

list cli.certificates.AWS_REGIONS

Initial value:

=  [
    'us-east-2',
    'us-west-2',
]

Definition at line 16 of file certificates.py.