Last active
March 14, 2017 11:53
-
-
Save mccraigmccraig/32585aae94b47a133603c721a5f01f78 to your computer and use it in GitHub Desktop.
boot profile to retrieve encrypted passwords from gpg or env
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
;; ; specify S3 repositories with something like | |
;; | |
;; (set-env! | |
;; :wagons '[[s3-wagon-private "1.2.0"]] | |
;; :repositories #(concat % [["releases" {:url "s3p://your-s3-wagon-bucket/releases/" | |
;; :username [:env/aws_access_key :gpg] | |
;; :passphrase [:env/aws_secret_key :gpg]}] | |
;; ["snapshots" {:url "s3p://your-s3-wagon-bucket/snapshots/" | |
;; :username [:env/aws_access_key :gpg] | |
;; :passphrase [:env/aws_secret_key :gpg]}]]) | |
(configure-repositories! | |
(let [gpg-creds (atom nil) | |
with-creds (atom {}) | |
gpg-cred-file (some | |
(fn [f] (when (.exists f) f)) | |
[(clojure.java.io/file | |
(System/getProperty "user.home") ".lein/credentials.clj.gpg") | |
(clojure.java.io/file | |
(System/getProperty "user.home") ".boot/credentials.clj.gpg")]) | |
decrypt-gpg-creds (fn [] | |
(cond | |
@gpg-creds @gpg-creds | |
gpg-cred-file (reset! gpg-creds (gpg-decrypt gpg-cred-file :as :edn)) | |
:else nil)) | |
gpg-creds-for-url (fn [url] | |
(when url | |
(some | |
(fn [[regex cred]] | |
(if (re-find regex url) cred)) | |
(decrypt-gpg-creds)))) | |
fetch-gpg-cred (fn [url k] | |
(let [cred (-> (gpg-creds-for-url url) | |
(get k))] | |
(when cred (println "got GPG cred for: " url k)) | |
cred)) | |
fetch-env-cred (fn [url k] | |
(when-let [[_ ev] (->> k str (re-matches #"^:env/(.+)$"))] | |
(let [ev (clojure.string/upper-case ev) | |
cred (System/getenv ev)] | |
(when cred (println "got EV cred for: " url k)) | |
cred))) | |
make-sequential (fn [v] | |
(cond (nil? v) nil | |
(sequential? v) v | |
:else [v])) | |
choose-creds (fn [{url :url | |
:as m}] | |
(let [cks (clojure.set/intersection | |
#{:username :password :passphrase} | |
(-> m keys set))] | |
(if (not-empty cks) | |
(into | |
{} | |
(for [ck cks] | |
(do | |
(println "looking for: " url ck) | |
(let [v (some | |
identity | |
(for [cspec (make-sequential (get m ck))] | |
(do | |
(cond | |
(= :gpg cspec) | |
(fetch-gpg-cred url ck) | |
(re-matches #"^:env/.+$" (some-> cspec str)) | |
(fetch-env-cred url cspec)))))] | |
(when v [ck v]))))) | |
(gpg-creds-for-url url)))) | |
configure-repo (fn [m] | |
(let [creds (choose-creds m) | |
m (merge m creds)] | |
;; (when creds | |
;; (prn "configured: " m)) | |
m))] | |
(fn [{:keys [url] :as m}] | |
(when-not (get @with-creds url) | |
(swap! with-creds | |
assoc | |
url | |
(configure-repo m))) | |
(get @with-creds url m)))) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment