From 43da3b227272448796458b718bfe8450955b2741 Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Wed, 31 May 2023 06:00:15 +0000 Subject: automatic import of python-nitor-vault --- .gitignore | 1 + python-nitor-vault.spec | 203 ++++++++++++++++++++++++++++++++++++++++++++++++ sources | 1 + 3 files changed, 205 insertions(+) create mode 100644 python-nitor-vault.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore index e69de29..81b757d 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +/nitor-vault-0.54.tar.gz diff --git a/python-nitor-vault.spec b/python-nitor-vault.spec new file mode 100644 index 0000000..8edee90 --- /dev/null +++ b/python-nitor-vault.spec @@ -0,0 +1,203 @@ +%global _empty_manifest_terminate_build 0 +Name: python-nitor-vault +Version: 0.54 +Release: 1 +Summary: Vault for storing locally encypted data in S3 using KMS keys +License: Apache 2.0 +URL: http://github.com/NitorCreations/vault +Source0: https://mirrors.nju.edu.cn/pypi/web/packages/9a/0b/c9a322ab546d325ad80c154c890178ffe2650637c6c66a8f9ed504ffc2d3/nitor-vault-0.54.tar.gz +BuildArch: noarch + +Requires: python3-argcomplete +Requires: python3-cryptography +Requires: python3-future +Requires: python3-requests +Requires: python3-threadlocal-aws +Requires: python3-pypiwin32 +Requires: python3-win-unicode-console +Requires: python3-wmi + +%description +Command line tools and libraries for encrypting keys and values using client-side encryption with AWS KMS keys. +# Installation +The easiest install is the python package from pypi: +``` +pip install nitor-vault +``` +Javascript and java versions are available from npm and maven central respectively and installation will depend on your needs. +# Example usage +Initialize vault bucket and other infrastructure: `vault --init`. Will create a CloudFormation stack. +Encrypt a file and store in vault bucket: `vault -s my-key -f ` +Decrypt a file: `vault -l ` +Encrypt a single value and store in vault bucket `vault -s my-key -v my-value` +Decrypt a single value `vault -l my-key` +## Using encrypted CloudFormation stack parameters +Encrypt a value like this: `$ vault -e 'My secret value'` +The command above will print the base64 encoded value encrypted with your vault KMS key. Use that value in a CF parameter. The value is then also safe to commit into version control and you can use it in scripts for example like this: +``` +#!/bin/bash +MY_ENCRYPTED_SECRET="AQICAHhu3HREZVp0YXWZLoAceH1Nr2ZTXoNZZKTriJY71pQOjAHKtG5uYCdJOKYy9dhMEX03AAAAbTBrBgkqhkiG9w0BBwagXjBcAgEAMFcGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMYy/tKGJFDQP6f9m1AgEQgCq1E1q8I+btMUdwRK8wYFNyE/5ntICNM96VPDnYbeTgcHzLoCx+HM1cGvc" +UNENCRYPTED_SECRET="$(vault -y $MY_ENCRYPTED_SECRET)" +``` +Obviously you need to make sure that in the context of running vault there is some sort of way for providing kms permissions by for example adding the decryptPolicy managed policy from the vault cloudformation stack to the ec2 instance or whatever runs the code. +To decrypt the parameter value at stack creation or update time, use a custom resource: +``` +Parameters: + MySecret: + Type: String + Description: Param value encrypted with KMS +Resources: + DecryptSecret: + Type: "Custom::VaultDecrypt" + Properties: + ServiceToken: "arn:aws:lambda:::function:vault-decrypter" + Ciphertext: { "Ref": "MySecret" } + DatabaseWithSecretAsPassword: + Type: "AWS::RDS::DBInstance" + Properties: + MasterUserPassword: + Fn::Sub: ${DecryptSecret.Plaintext} +``` +# Licence +[Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0) + +%package -n python3-nitor-vault +Summary: Vault for storing locally encypted data in S3 using KMS keys +Provides: python-nitor-vault +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-nitor-vault +Command line tools and libraries for encrypting keys and values using client-side encryption with AWS KMS keys. +# Installation +The easiest install is the python package from pypi: +``` +pip install nitor-vault +``` +Javascript and java versions are available from npm and maven central respectively and installation will depend on your needs. +# Example usage +Initialize vault bucket and other infrastructure: `vault --init`. Will create a CloudFormation stack. +Encrypt a file and store in vault bucket: `vault -s my-key -f ` +Decrypt a file: `vault -l ` +Encrypt a single value and store in vault bucket `vault -s my-key -v my-value` +Decrypt a single value `vault -l my-key` +## Using encrypted CloudFormation stack parameters +Encrypt a value like this: `$ vault -e 'My secret value'` +The command above will print the base64 encoded value encrypted with your vault KMS key. Use that value in a CF parameter. The value is then also safe to commit into version control and you can use it in scripts for example like this: +``` +#!/bin/bash +MY_ENCRYPTED_SECRET="AQICAHhu3HREZVp0YXWZLoAceH1Nr2ZTXoNZZKTriJY71pQOjAHKtG5uYCdJOKYy9dhMEX03AAAAbTBrBgkqhkiG9w0BBwagXjBcAgEAMFcGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMYy/tKGJFDQP6f9m1AgEQgCq1E1q8I+btMUdwRK8wYFNyE/5ntICNM96VPDnYbeTgcHzLoCx+HM1cGvc" +UNENCRYPTED_SECRET="$(vault -y $MY_ENCRYPTED_SECRET)" +``` +Obviously you need to make sure that in the context of running vault there is some sort of way for providing kms permissions by for example adding the decryptPolicy managed policy from the vault cloudformation stack to the ec2 instance or whatever runs the code. +To decrypt the parameter value at stack creation or update time, use a custom resource: +``` +Parameters: + MySecret: + Type: String + Description: Param value encrypted with KMS +Resources: + DecryptSecret: + Type: "Custom::VaultDecrypt" + Properties: + ServiceToken: "arn:aws:lambda:::function:vault-decrypter" + Ciphertext: { "Ref": "MySecret" } + DatabaseWithSecretAsPassword: + Type: "AWS::RDS::DBInstance" + Properties: + MasterUserPassword: + Fn::Sub: ${DecryptSecret.Plaintext} +``` +# Licence +[Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0) + +%package help +Summary: Development documents and examples for nitor-vault +Provides: python3-nitor-vault-doc +%description help +Command line tools and libraries for encrypting keys and values using client-side encryption with AWS KMS keys. +# Installation +The easiest install is the python package from pypi: +``` +pip install nitor-vault +``` +Javascript and java versions are available from npm and maven central respectively and installation will depend on your needs. +# Example usage +Initialize vault bucket and other infrastructure: `vault --init`. Will create a CloudFormation stack. +Encrypt a file and store in vault bucket: `vault -s my-key -f ` +Decrypt a file: `vault -l ` +Encrypt a single value and store in vault bucket `vault -s my-key -v my-value` +Decrypt a single value `vault -l my-key` +## Using encrypted CloudFormation stack parameters +Encrypt a value like this: `$ vault -e 'My secret value'` +The command above will print the base64 encoded value encrypted with your vault KMS key. Use that value in a CF parameter. The value is then also safe to commit into version control and you can use it in scripts for example like this: +``` +#!/bin/bash +MY_ENCRYPTED_SECRET="AQICAHhu3HREZVp0YXWZLoAceH1Nr2ZTXoNZZKTriJY71pQOjAHKtG5uYCdJOKYy9dhMEX03AAAAbTBrBgkqhkiG9w0BBwagXjBcAgEAMFcGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMYy/tKGJFDQP6f9m1AgEQgCq1E1q8I+btMUdwRK8wYFNyE/5ntICNM96VPDnYbeTgcHzLoCx+HM1cGvc" +UNENCRYPTED_SECRET="$(vault -y $MY_ENCRYPTED_SECRET)" +``` +Obviously you need to make sure that in the context of running vault there is some sort of way for providing kms permissions by for example adding the decryptPolicy managed policy from the vault cloudformation stack to the ec2 instance or whatever runs the code. +To decrypt the parameter value at stack creation or update time, use a custom resource: +``` +Parameters: + MySecret: + Type: String + Description: Param value encrypted with KMS +Resources: + DecryptSecret: + Type: "Custom::VaultDecrypt" + Properties: + ServiceToken: "arn:aws:lambda:::function:vault-decrypter" + Ciphertext: { "Ref": "MySecret" } + DatabaseWithSecretAsPassword: + Type: "AWS::RDS::DBInstance" + Properties: + MasterUserPassword: + Fn::Sub: ${DecryptSecret.Plaintext} +``` +# Licence +[Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0) + +%prep +%autosetup -n nitor-vault-0.54 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-nitor-vault -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Wed May 31 2023 Python_Bot - 0.54-1 +- Package Spec generated diff --git a/sources b/sources new file mode 100644 index 0000000..2322bbd --- /dev/null +++ b/sources @@ -0,0 +1 @@ +1157f44fc7d2f74e1ec4159eed3871c2 nitor-vault-0.54.tar.gz -- cgit v1.2.3