trehn/pwget2vault.py

## pwget2vault.py
#!/usr/bin/env python
import base64
from os import getcwd
from os.path import exists, join
from subprocess import check_output, CalledProcessError
from sys import platform


def _ensure_secret(path):
    secret_path = join(path, "pwget.secret")
    try:
        with open(secret_path) as f:
            secret = f.read()
    except IOError:
        if platform == 'darwin':
            try:
                return check_output([
                    "security",
                    "find-generic-password",
                    "-a",
                    "bw_pwget_" + path,
                    "-s",
                    "bundlewrap",
                    "-w",
                ]).strip()
            except CalledProcessError:
                raise IOError(
                    "Unable to read pwget secret from {path} or Mac OS Keychain.".format(
                        path=secret_path,
                    ),
                )
        raise IOError(
            "Unable to read pwget secret from {path}.".format(
                path=secret_path,
            ),
        )
    return secret


def _get_fernet_key():
    secret = _ensure_secret(getcwd())
    return base64.urlsafe_b64encode(base64.b64decode(secret)[:32])


if __name__ == '__main__':
    if exists(".secrets.cfg"):
        raise Exception(".secrets.cfg already exists!")

    version_string = check_output(["bw", "--version"]).strip()
    version_tuple = tuple(int(i) for i in version_string.split("."))
    if version_tuple < (2, 3, 1):
        raise Exception("BundleWrap >= 2.3.1 is required")

    raw_secret = _ensure_secret(getcwd())
    encoded_secret = base64.urlsafe_b64encode(raw_secret)
    fernet_key = _get_fernet_key()

    with open(".secrets.cfg", 'w') as f:
        f.write((
            "# DO NOT COMMIT THIS FILE\n"
            "# share it with your team through a secure channel\n\n"
            "[generate]\nkey = {}\n\n"
            "[encrypt]\nkey = {}\n"
        ).format(
            encoded_secret,
            fernet_key,
        ))

    if exists(".gitignore"):
        with open(".gitignore", 'a') as f:
            f.write(".secrets.cfg\n")

    print("Your .secrets.cfg has been created. Next steps:")
    print("")
    print("* replace all instances of 'repo.libs.pw.get' with 'repo.vault.password_for'")
    print("* replace all instances of 'repo.libs.pw.' with 'repo.vault.'")
    print("* remove pwget.secret")
    print("* remove libs/pw.py")
	#!/usr/bin/env python
	import base64
	from os import getcwd
	from os.path import exists, join
	from subprocess import check_output, CalledProcessError
	from sys import platform


	def _ensure_secret(path):
	secret_path = join(path, "pwget.secret")
	try:
	with open(secret_path) as f:
	secret = f.read()
	except IOError:
	if platform == 'darwin':
	try:
	return check_output([
	"security",
	"find-generic-password",
	"-a",
	"bw_pwget_" + path,
	"-s",
	"bundlewrap",
	"-w",
	]).strip()
	except CalledProcessError:
	raise IOError(
	"Unable to read pwget secret from {path} or Mac OS Keychain.".format(
	path=secret_path,
	),
	)
	raise IOError(
	"Unable to read pwget secret from {path}.".format(
	path=secret_path,
	),
	)
	return secret


	def _get_fernet_key():
	secret = _ensure_secret(getcwd())
	return base64.urlsafe_b64encode(base64.b64decode(secret)[:32])


	if __name__ == '__main__':
	if exists(".secrets.cfg"):
	raise Exception(".secrets.cfg already exists!")

	version_string = check_output(["bw", "--version"]).strip()
	version_tuple = tuple(int(i) for i in version_string.split("."))
	if version_tuple < (2, 3, 1):
	raise Exception("BundleWrap >= 2.3.1 is required")

	raw_secret = _ensure_secret(getcwd())
	encoded_secret = base64.urlsafe_b64encode(raw_secret)
	fernet_key = _get_fernet_key()

	with open(".secrets.cfg", 'w') as f:
	f.write((
	"# DO NOT COMMIT THIS FILE\n"
	"# share it with your team through a secure channel\n\n"
	"[generate]\nkey = {}\n\n"
	"[encrypt]\nkey = {}\n"
	).format(
	encoded_secret,
	fernet_key,
	))

	if exists(".gitignore"):
	with open(".gitignore", 'a') as f:
	f.write(".secrets.cfg\n")

	print("Your .secrets.cfg has been created. Next steps:")
	print("")
	print("* replace all instances of 'repo.libs.pw.get' with 'repo.vault.password_for'")
	print("* replace all instances of 'repo.libs.pw.' with 'repo.vault.'")
	print("* remove pwget.secret")
	print("* remove libs/pw.py")