vault-runner.py

# Import python libs
import os
import string

# Import third party libs
from M2Crypto import RSA

# Import salt libs
import salt.utils


def _add(minion, key, value):
     path = '{0}/{1}/{2}'.format(__opts__['vault_root'], minion, key)
     try:
         os.makedirs(os.path.dirname(path))
     except OSError:
         if not os.path.isdir(os.path.dirname(path)):
             raise
     with salt.utils.fopen(path, 'w') as f:
         f.write(value)

def _encrypt_for_minion(minion, value):
    pub_key = RSA.load_pub_key(
            '{0}/minions/{1}'.format(__opts__['pki_dir'], minion))
    return pub_key.public_encrypt(value, RSA.pkcs1_oaep_padding).encode('base64')

def generate(key, minions, length=16, alphanum=False):
    if alphanum:
        value = ''
        while len(value) < length:
            value += ''.join([x for x in os.urandom(length*10) if x in string.letters+string.digits])
    else:
        value = os.urandom(length).encode('base64').replace('\n', '')[0:length]

    for minion in minions.split(','):
        _add(minion, key, _encrypt_for_minion(minion, value))