Skip to content

Commit

Permalink
Merge pull request #470 from cloud-gov/fix-build-params-keys-to-decrypt
Browse files Browse the repository at this point in the history 
fix: Decrypt predefined keys in build params
  • Loading branch information
@apburnes
apburnes authored Jun 17, 2024
2 parents d61fc69 + ab92c11 commit b5ea69c
Showing 1 changed file with 21 additions and 4 deletions.
25 changes: 21 additions & 4 deletions src/main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,15 @@
from crypto.decrypt import decrypt


KEYS_TO_DECRYPT = [
'STATUS_CALLBACK',
'GITHUB_TOKEN',
'AWS_ACCESS_KEY_ID',
'AWS_SECRET_ACCESS_KEY',
'BUCKET',
]


def load_vcap():
vcap_application = json.loads(os.getenv('VCAP_APPLICATION', '{}'))
vcap_services = json.loads(os.getenv('VCAP_SERVICES', '{}'))
Expand All @@ -25,7 +34,13 @@ def load_vcap():
os.environ[uev_env_var] = uev_ups['credentials']['key']


def decrypt_params(encrypted):
def decrypt_key_value(k, v, encryption_key):
if k in KEYS_TO_DECRYPT:
return decrypt(v, encryption_key)
return v


def decrypt_params(params):
vcap_application = json.loads(os.getenv('VCAP_APPLICATION', '{}'))
vcap_services = json.loads(os.getenv('VCAP_SERVICES', '{}'))

Expand All @@ -38,7 +53,9 @@ def decrypt_params(encrypted):

encryption_key = encryption_ups['credentials']['key']

return decrypt(args.params, encryption_key)
params = {k: decrypt_key_value(k, v, encryption_key) for (k, v) in params.items()}

return params


if __name__ == "__main__":
Expand All @@ -53,8 +70,8 @@ def decrypt_params(encrypted):
args = parser.parse_args()

if args.params:
decrypted = decrypt_params(args.params)
params = json.loads(decrypted)
params = json.loads(args.params)
params = decrypt_params(params)
else:
params = json.load(args.file)

Expand Down

0 comments on commit b5ea69c

Please sign in to comment.