Last active
October 5, 2016 20:01
-
-
Save dmendiza/8ab25d0d2509a528989a6fcd204d7650 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from barbicanclient import client | |
| import base64 | |
| from keystoneauth1.identity import v2 | |
| from keystoneauth1 import session | |
| import os | |
| _AES_256_SIZE = 32 # bytes | |
| AES_256_KEY = os.urandom(_AES_256_SIZE) | |
| auth = v2.Password(username=os.environ['OS_USERNAME'], | |
| password=os.environ['OS_PASSWORD'], | |
| auth_url=os.environ['OS_AUTH_URL']) | |
| sess = session.Session(auth=auth) | |
| barbican = client.Client(session=sess) | |
| key = barbican.secrets.create(secret_type='symmetric', | |
| payload=base64.b64encode(AES_256_KEY).decode('UTF-8'), | |
| payload_content_type='application/octet-stream', | |
| payload_content_encoding='base64') | |
| key.store() | |
| # At this point you should persist KEY_REF somewhere so you can retrieve the key later. | |
| KEY_REF = key.secret_ref | |
| # Later, when you wan to retrieve the key for usage do this | |
| retrieved_key = barbican.secrets.get(KEY_REF) | |
| key_bytes = retrieved_key.payload | |
| # You should get the same original key that was stored | |
| assert AES_256_KEY == key_bytes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment