-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathencrypt-values.py
executable file
·33 lines (29 loc) · 1.26 KB
/
encrypt-values.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#!/usr/bin/python3
import sys
import ruamel.yaml
import subprocess
import argparse
parser = argparse.ArgumentParser()
parser.add_argument("-f", required=True, type=str, help="Filename")
parser.add_argument("-k", required=True, type=str, help="Public key")
args = parser.parse_args()
filename = args.f
publickey = args.k
yaml = ruamel.yaml.YAML()
yaml.preserve_quotes = True
with open(filename) as fp:
data = yaml.load(fp)
for key in data:
val = data.get(key)
if isinstance(val, str):
if val.startswith('DEC(') & val.endswith(')'):
val = val.replace("DEC(", "", 1) # remove first instance of prefix
val = val[:val.rfind(")")] # remove suffix
# https://stackoverflow.com/questions/58161224/how-to-use-kubeseal-to-seal-a-helm-templated-secret
# https://stackoverflow.com/questions/9393425/python-how-to-execute-shell-commands-with-pipe
# echo -n <secret-password> | kubeseal --raw --scope namespace-wide --from-file=/dev/stdin
cmd = 'echo -n {} | kubeseal --cert {} --raw --scope cluster-wide --from-file=/dev/stdin'.format(val, publickey)
# print(cmd)
encryptedValue=subprocess.getoutput(cmd)
data[key] = encryptedValue # replace value
yaml.dump(data, sys.stdout)