root/pssecret-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Secrets encryption #4

Merged
root merged 5 commits from secret-encryption into main 2025-01-03 15:06:09 +00:00
Conversation 0 Commits 5 Files changed 10 +18 -10
5 changed files with 18 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit f0be12394c - Show all commits

6
pssecret_server/fernet.py
View file

@ -1,8 +1,10 @@
from cryptography.fernet import Fernet
from pssecret_server.settings import Settings, get_settings
from typing import Annotated from typing import Annotated
from cryptography.fernet import Fernet
from fastapi import Depends from fastapi import Depends
from pssecret_server.settings import Settings, get_settings
def get_fernet(settings: Annotated[Settings, Depends(get_settings)]) -> Fernet: def get_fernet(settings: Annotated[Settings, Depends(get_settings)]) -> Fernet:
return Fernet(settings.secrets_encryption_key) return Fernet(settings.secrets_encryption_key)

8
pssecret_server/main.py
View file

@ -26,7 +26,9 @@ FernetDep = Annotated[Fernet, Depends(get_fernet)]
), ),
response_model=SecretSaveResult, response_model=SecretSaveResult,
) )
async def set_secret(data: Secret, redis: RedisDep, fernet: FernetDep) -> dict[str, str]: async def set_secret(
data: Secret, redis: RedisDep, fernet: FernetDep
) -> dict[str, str]:
data = encrypt_secret(data, fernet) data = encrypt_secret(data, fernet)
return { return {
"key": await save_secret(data, redis), "key": await save_secret(data, redis),
@ -44,7 +46,9 @@ async def set_secret(data: Secret, redis: RedisDep, fernet: FernetDep) -> dict[s
response_model=Secret, response_model=Secret,
responses={404: {"description": "The item was not found"}}, responses={404: {"description": "The item was not found"}},
) )
async def get_secret(secret_key: str, redis: RedisDep, fernet: FernetDep) -> dict[str, bytes]: async def get_secret(
secret_key: str, redis: RedisDep, fernet: FernetDep
) -> dict[str, bytes]:
data: bytes | None = await redis.getdel(secret_key) data: bytes | None = await redis.getdel(secret_key)
if data is None: if data is None:

2
pssecret_server/utils.py
View file

@ -1,7 +1,7 @@
from uuid import uuid4 from uuid import uuid4
from redis.asyncio import Redis
from cryptography.fernet import Fernet from cryptography.fernet import Fernet
from redis.asyncio import Redis
from pssecret_server.models import Secret from pssecret_server.models import Secret

4
tests/conftest.py
View file

@ -1,7 +1,7 @@
from collections.abc import AsyncGenerator from collections.abc import AsyncGenerator
from cryptography.fernet import Fernet
import pytest import pytest
from cryptography.fernet import Fernet
from fastapi.testclient import TestClient from fastapi.testclient import TestClient
from pydantic_settings import SettingsConfigDict from pydantic_settings import SettingsConfigDict
from redis import asyncio as aioredis from redis import asyncio as aioredis
@ -31,7 +31,7 @@ def get_test_settings() -> Settings:
return TestSettings() return TestSettings()
@pytest.fixture @pytest.fixture
def fernet(settings: Settings) -> Fernet: def fernet(settings: Settings) -> Fernet:
return get_fernet(settings) return get_fernet(settings)

8
tests/unit/test_utils.py
View file

@ -1,13 +1,15 @@
from cryptography.fernet import Fernet, InvalidToken
import pytest import pytest
from pssecret_server.utils import encrypt_secret, decrypt_secret from cryptography.fernet import Fernet, InvalidToken
from pssecret_server.utils import decrypt_secret, encrypt_secret
from ..factories import SecretFactory from ..factories import SecretFactory
def test_encrypte_secret_ok(fernet: Fernet): def test_encrypte_secret_ok(fernet: Fernet):
secret = SecretFactory().build() secret = SecretFactory().build()
encrypted_secret = encrypt_secret(secret, fernet) encrypted_secret = encrypt_secret(secret, fernet)
assert secret.data != encrypted_secret.data assert secret.data != encrypted_secret.data