Created
May 16, 2022 17:21
-
-
Save zeph1rus/b45738791721f174bfe6d524e480df96 to your computer and use it in GitHub Desktop.
Decrypt Octopus Sensitive Variables in Python using the cryptography crypto library and the Master Key
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from cryptography.hazmat.primitives.ciphers import ( | |
Cipher, algorithms, modes | |
) | |
def octo_decrypt(master_key: str, encrypted_value: str) -> str: | |
""" | |
Decrypts Octopus Sensetive values which are encrypted by AES 256 CBC | |
using the master key from octopus config | |
:param master_key: Octopus Master Key | |
:ptype master_key: str | |
:param encrypted_value: Octopus Encrypted Sensetive Value | |
:ptype encrypted_value: str | |
:return: Returns decrypted string | |
""" | |
cipher, salt = encrypted_value.split("|") | |
decryptor = Cipher( | |
algorithms.AES(base64.b64decode(master_key)), | |
modes.CBC(base64.b64decode(salt)) | |
).decryptor() | |
decrypted_bytes = decryptor.update(base64.b64decode(cipher)) + decryptor.finalize() | |
return decrypted_bytes.decode('utf-8') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment