Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
def load_from_encrypted(app):
tempname = str(uuid.uuid4())
encrypted_file_name = "secrets-%s.cfg.encrypted" % tempname
decrypted_file_name = "secrets-%s.cfg.decrypted" % tempname
storage_client = storage.Client()
bucket = storage_client.get_bucket('vault')
blob = bucket.blob('secrets.cfg.encrypted')
blob.download_to_filename(encrypted_file_name)
client = kms_v1.KeyManagementServiceClient()
key_name = client.crypto_key_path('app', 'global', 'keyring', 'secrets')
try:
with open(encrypted_file_name, 'rb') as content_file:
cipher_text = content_file.read()
decrypted = client.decrypt(key_name, cipher_text)
with open(decrypted_file_name, 'w') as decrypted_file:
decrypted_file.write(\
decrypted.plaintext.decode("utf-8"))
app.config.from_pyfile(decrypted_file_name)
finally:
os.remove(encrypted_file_name)
os.remove(decrypted_file_name)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.