Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from barbicanclient import client
- import base64
- from keystoneauth1.identity import v2
- from keystoneauth1 import session
- import os
- _AES_256_SIZE=32 # bytes
- AES_256_KEY = os.urandom(_AES_256_SIZE)
- auth = v2.Password(username=os.environ['OS_USERNAME'],
- password=os.environ['OS_PASSWORD'],
- auth_url=os.environ['OS_AUTH_URL'])
- sess = session.Session(auth=auth)
- barbican = client.Client(session=sess)
- key = barbican.secrets.create(secret_type='symmetric',
- payload=base64.b64encode(AES_256_KEY).decode('UTF-8'),
- payload_content_type='application/octet-stream',
- payload_content_encoding='base64')
- key.store()
- # At this point you should persist KEY_REF somewhere so you can retrieve the key later.
- KEY_REF = key.secret_ref
- # Later, when you wan to retrieve the key for usage do this
- retrieved_key = barbican.secrets.get(KEY_REF)
- key_bytes = retrieved_key.payload
- # You should get the same original key that was stored
- assert AES_256_KEY == key_bytes
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement