Genesis Bundle Encryption Key source
Previously the site PEGLEG_PASSPHRASE variable was used to encrypt the genesis bundle. This is not always desired. This patch: 1. Separates the Pegleg and Promenade encryption credentials 2. Simplifies the bundle code to avoid circular setting of environment variables unnecessarily. Change-Id: I2195cf8df81d3775402299d9a2b0aad4ba483b2c
This commit is contained in:
parent
a925c0ddd8
commit
820df6d625
|
@ -545,7 +545,7 @@ def wrap_secret_cli(*, site_name, author, file_name, output_path, schema,
|
|||
def genesis_bundle(*, build_dir, validators, site_name):
|
||||
passphrase = os.environ.get("PEGLEG_PASSPHRASE")
|
||||
salt = os.environ.get("PEGLEG_SALT")
|
||||
encryption_key = passphrase
|
||||
encryption_key = os.environ.get("PROMENADE_ENCRYPTION_KEY")
|
||||
if passphrase:
|
||||
passphrase = passphrase.encode()
|
||||
if salt:
|
||||
|
@ -558,7 +558,8 @@ def genesis_bundle(*, build_dir, validators, site_name):
|
|||
encryption_key,
|
||||
validators,
|
||||
logging.DEBUG == LOG.getEffectiveLevel(),
|
||||
site_name)
|
||||
site_name
|
||||
)
|
||||
|
||||
|
||||
@secrets.command(
|
||||
|
|
|
@ -78,8 +78,6 @@ def build_genesis(build_path, encryption_key, validators, debug, site_name):
|
|||
allow_missing_substitutions=False,
|
||||
leave_kubectl=False)
|
||||
if c.get_path('EncryptionPolicy:scripts.genesis') and encryption_key:
|
||||
os.environ['PROMENADE_ENCRYPTION_KEY'] = encryption_key
|
||||
os.environ['PEGLEG_PASSPHRASE'] = encryption_key
|
||||
Builder(c, validators=validators).build_all(output_dir=build_path)
|
||||
else:
|
||||
raise GenesisBundleEncryptionException()
|
||||
|
|
Loading…
Reference in New Issue