tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

get-secret.py (2999B)

      1 #!/usr/bin/env python3
      2 
      3 # This Source Code Form is subject to the terms of the Mozilla Public
      4 # License, v. 2.0. If a copy of the MPL was not distributed with this
      5 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
      6 
      7 
      8 import argparse
      9 import base64
     10 import errno
     11 import json
     12 import os
     13 
     14 import taskcluster
     15 
     16 
     17 def write_secret_to_file(
     18    path, data, key, base64decode=False, json_secret=False, append=False, prefix=""
     19 ):
     20    path = os.path.abspath(os.path.join(os.getcwd(), path))
     21    try:
     22        os.makedirs(os.path.dirname(path))
     23    except OSError as error:
     24        if error.errno != errno.EEXIST:
     25            raise
     26    print(f"Outputting secret to: {path}")
     27 
     28    with open(path, "a" if append else "w") as f:
     29        value = data["secret"][key]
     30        if base64decode:
     31            value = base64.b64decode(value)
     32        if json_secret:
     33            value = json.dumps(value)
     34 
     35        if isinstance(value, bytes):
     36            value = value.decode("utf-8")
     37        f.write(prefix + value)
     38 
     39 
     40 def fetch_secret_from_taskcluster(name):
     41    try:
     42        secrets = taskcluster.Secrets({
     43            # BaseUrl is still needed for tasks that haven't migrated to taskgraph yet.
     44            "baseUrl": "http://taskcluster/secrets/v1",
     45        })
     46    except taskcluster.exceptions.TaskclusterFailure:
     47        # taskcluster library >=5 errors out when `baseUrl` is used
     48        secrets = taskcluster.Secrets({
     49            "rootUrl": os.environ.get(
     50                "TASKCLUSTER_PROXY_URL", "https://taskcluster.net"
     51            ),
     52        })
     53 
     54    return secrets.get(name)
     55 
     56 
     57 def main():
     58    parser = argparse.ArgumentParser(
     59        description="Fetch a taskcluster secret value and save it to a file."
     60    )
     61 
     62    parser.add_argument("-s", dest="secret", action="store", help="name of the secret")
     63    parser.add_argument("-k", dest="key", action="store", help="key of the secret")
     64    parser.add_argument(
     65        "-f", dest="path", action="store", help="file to save secret to"
     66    )
     67    parser.add_argument(
     68        "--decode",
     69        dest="decode",
     70        action="store_true",
     71        default=False,
     72        help="base64 decode secret before saving to file",
     73    )
     74    parser.add_argument(
     75        "--json",
     76        dest="json",
     77        action="store_true",
     78        default=False,
     79        help="serializes the secret to JSON format",
     80    )
     81    parser.add_argument(
     82        "--append",
     83        dest="append",
     84        action="store_true",
     85        default=False,
     86        help="append secret to existing file",
     87    )
     88    parser.add_argument(
     89        "--prefix",
     90        dest="prefix",
     91        action="store",
     92        default="",
     93        help="add prefix when writing secret to file",
     94    )
     95 
     96    result = parser.parse_args()
     97 
     98    secret = fetch_secret_from_taskcluster(result.secret)
     99    write_secret_to_file(
    100        result.path,
    101        secret,
    102        result.key,
    103        result.decode,
    104        result.json,
    105        result.append,
    106        result.prefix,
    107    )
    108 
    109 
    110 if __name__ == "__main__":
    111    main()