forked from p15670423/monkey
Refactor data store encryptor to IEncryptor interface, move data store encryptor creation related code to data_store_encryptor.py, move the reponsibility to initialize data store encryptor to AuthenticationService
This commit is contained in:
parent
34d065ce69
commit
3ec26bcef8
|
@ -13,10 +13,7 @@ from monkey_island.cc.resources.auth.credential_utils import (
|
||||||
get_username_password_from_request,
|
get_username_password_from_request,
|
||||||
password_matches_hash,
|
password_matches_hash,
|
||||||
)
|
)
|
||||||
from monkey_island.cc.server_utils.encryption import (
|
from monkey_island.cc.services.authentication import AuthenticationService
|
||||||
get_datastore_encryptor,
|
|
||||||
initialize_datastore_encryptor,
|
|
||||||
)
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
@ -47,8 +44,7 @@ class Authenticate(flask_restful.Resource):
|
||||||
username, password = get_username_password_from_request(request)
|
username, password = get_username_password_from_request(request)
|
||||||
|
|
||||||
if _credentials_match_registered_user(username, password):
|
if _credentials_match_registered_user(username, password):
|
||||||
if not get_datastore_encryptor():
|
AuthenticationService.ensure_datastore_encryptor(username, password)
|
||||||
initialize_datastore_encryptor(username, password)
|
|
||||||
access_token = _create_access_token(username)
|
access_token = _create_access_token(username)
|
||||||
return make_response({"access_token": access_token, "error": ""}, 200)
|
return make_response({"access_token": access_token, "error": ""}, 200)
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -9,10 +9,7 @@ from monkey_island.cc.resources.auth.credential_utils import (
|
||||||
get_user_credentials_from_request,
|
get_user_credentials_from_request,
|
||||||
get_username_password_from_request,
|
get_username_password_from_request,
|
||||||
)
|
)
|
||||||
from monkey_island.cc.server_utils.encryption import (
|
from monkey_island.cc.services.authentication import AuthenticationService
|
||||||
initialize_datastore_encryptor,
|
|
||||||
remove_old_datastore_key,
|
|
||||||
)
|
|
||||||
from monkey_island.cc.setup.mongo.database_initializer import reset_database
|
from monkey_island.cc.setup.mongo.database_initializer import reset_database
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
@ -28,9 +25,8 @@ class Registration(flask_restful.Resource):
|
||||||
|
|
||||||
try:
|
try:
|
||||||
env_singleton.env.try_add_user(credentials)
|
env_singleton.env.try_add_user(credentials)
|
||||||
remove_old_datastore_key()
|
|
||||||
username, password = get_username_password_from_request(request)
|
username, password = get_username_password_from_request(request)
|
||||||
initialize_datastore_encryptor(username, password)
|
AuthenticationService.reset_datastore_encryptor(username, password)
|
||||||
reset_database()
|
reset_database()
|
||||||
return make_response({"error": ""}, 200)
|
return make_response({"error": ""}, 200)
|
||||||
except (InvalidRegistrationCredentialsError, RegistrationNotNeededError) as e:
|
except (InvalidRegistrationCredentialsError, RegistrationNotNeededError) as e:
|
||||||
|
|
|
@ -11,8 +11,6 @@ from gevent.pywsgi import WSGIServer
|
||||||
|
|
||||||
# Add the monkey_island directory to the path, to make sure imports that don't start with
|
# Add the monkey_island directory to the path, to make sure imports that don't start with
|
||||||
# "monkey_island." work.
|
# "monkey_island." work.
|
||||||
from monkey_island.cc.server_utils.encryption import initialize_encryptor_factory
|
|
||||||
|
|
||||||
MONKEY_ISLAND_DIR_BASE_PATH = str(Path(__file__).parent.parent)
|
MONKEY_ISLAND_DIR_BASE_PATH = str(Path(__file__).parent.parent)
|
||||||
if str(MONKEY_ISLAND_DIR_BASE_PATH) not in sys.path:
|
if str(MONKEY_ISLAND_DIR_BASE_PATH) not in sys.path:
|
||||||
sys.path.insert(0, MONKEY_ISLAND_DIR_BASE_PATH)
|
sys.path.insert(0, MONKEY_ISLAND_DIR_BASE_PATH)
|
||||||
|
@ -88,7 +86,6 @@ def _configure_logging(config_options):
|
||||||
def _initialize_globals(config_options: IslandConfigOptions, server_config_path: str):
|
def _initialize_globals(config_options: IslandConfigOptions, server_config_path: str):
|
||||||
env_singleton.initialize_from_file(server_config_path)
|
env_singleton.initialize_from_file(server_config_path)
|
||||||
|
|
||||||
initialize_encryptor_factory(config_options.data_dir)
|
|
||||||
initialize_services(config_options.data_dir)
|
initialize_services(config_options.data_dir)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,29 +1,57 @@
|
||||||
from __future__ import annotations
|
import os
|
||||||
|
|
||||||
# PyCrypto is deprecated, but we use pycryptodome, which uses the exact same imports but
|
|
||||||
# is maintained.
|
|
||||||
from typing import Union
|
from typing import Union
|
||||||
|
|
||||||
from monkey_island.cc.server_utils.encryption import KeyBasedEncryptor
|
from Crypto import Random # noqa: DUO133 # nosec: B413
|
||||||
|
|
||||||
_encryptor: Union[None, DataStoreEncryptor] = None
|
from monkey_island.cc.server_utils.encryption import IEncryptor, KeyBasedEncryptor
|
||||||
|
from monkey_island.cc.server_utils.encryption.encryptors.password_based_bytes_encryption import (
|
||||||
|
PasswordBasedBytesEncryptor,
|
||||||
|
)
|
||||||
|
from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
|
||||||
|
|
||||||
|
_KEY_FILENAME = "mongo_key.bin"
|
||||||
|
_BLOCK_SIZE = 32
|
||||||
|
|
||||||
|
_encryptor: Union[None, IEncryptor] = None
|
||||||
|
|
||||||
|
|
||||||
class DataStoreEncryptor:
|
def _load_existing_key(key_file_path: str, secret: str):
|
||||||
def __init__(self, key_based_encryptor: KeyBasedEncryptor):
|
with open(key_file_path, "rb") as f:
|
||||||
self._key_based_encryptor = key_based_encryptor
|
encrypted_key = f.read()
|
||||||
|
cipher_key = PasswordBasedBytesEncryptor(secret).decrypt(encrypted_key)
|
||||||
def enc(self, message: str):
|
return KeyBasedEncryptor(cipher_key)
|
||||||
return self._key_based_encryptor.encrypt(message)
|
|
||||||
|
|
||||||
def dec(self, enc_message: str):
|
|
||||||
return self._key_based_encryptor.decrypt(enc_message)
|
|
||||||
|
|
||||||
|
|
||||||
def initialize_datastore_encryptor(key_based_encryptor: KeyBasedEncryptor):
|
def _create_new_key(key_file_path: str, secret: str):
|
||||||
|
cipher_key = _get_random_bytes()
|
||||||
|
encrypted_key = PasswordBasedBytesEncryptor(secret).encrypt(cipher_key)
|
||||||
|
with open_new_securely_permissioned_file(key_file_path, "wb") as f:
|
||||||
|
f.write(encrypted_key)
|
||||||
|
return KeyBasedEncryptor(cipher_key)
|
||||||
|
|
||||||
|
|
||||||
|
def _get_random_bytes() -> bytes:
|
||||||
|
return Random.new().read(_BLOCK_SIZE)
|
||||||
|
|
||||||
|
|
||||||
|
def remove_old_datastore_key(key_file_dir: str):
|
||||||
|
key_file_path = _get_key_file_path(key_file_dir)
|
||||||
|
if os.path.isfile(key_file_path):
|
||||||
|
os.remove(key_file_path)
|
||||||
|
|
||||||
|
|
||||||
|
def initialize_datastore_encryptor(key_file_dir: str, secret: str):
|
||||||
global _encryptor
|
global _encryptor
|
||||||
|
|
||||||
_encryptor = DataStoreEncryptor(key_based_encryptor)
|
key_file_path = _get_key_file_path(key_file_dir)
|
||||||
|
if os.path.exists(key_file_path):
|
||||||
|
_encryptor = _load_existing_key(key_file_path, secret)
|
||||||
|
else:
|
||||||
|
_encryptor = _create_new_key(key_file_path, secret)
|
||||||
|
|
||||||
|
|
||||||
|
def _get_key_file_path(key_file_dir: str):
|
||||||
|
return os.path.join(key_file_dir, _KEY_FILENAME)
|
||||||
|
|
||||||
|
|
||||||
def get_datastore_encryptor():
|
def get_datastore_encryptor():
|
||||||
|
|
|
@ -17,7 +17,7 @@ class MimikatzResultsEncryptor(IFieldEncryptor):
|
||||||
for _, credentials in results.items():
|
for _, credentials in results.items():
|
||||||
for secret_type in MimikatzResultsEncryptor.secret_types:
|
for secret_type in MimikatzResultsEncryptor.secret_types:
|
||||||
try:
|
try:
|
||||||
credentials[secret_type] = get_datastore_encryptor().enc(
|
credentials[secret_type] = get_datastore_encryptor().encrypt(
|
||||||
credentials[secret_type]
|
credentials[secret_type]
|
||||||
)
|
)
|
||||||
except ValueError as e:
|
except ValueError as e:
|
||||||
|
@ -25,12 +25,14 @@ class MimikatzResultsEncryptor(IFieldEncryptor):
|
||||||
f"Failed encrypting sensitive field for "
|
f"Failed encrypting sensitive field for "
|
||||||
f"user {credentials['username']}! Error: {e}"
|
f"user {credentials['username']}! Error: {e}"
|
||||||
)
|
)
|
||||||
credentials[secret_type] = get_datastore_encryptor().enc("")
|
credentials[secret_type] = get_datastore_encryptor().encrypt("")
|
||||||
return results
|
return results
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def decrypt(results: dict) -> dict:
|
def decrypt(results: dict) -> dict:
|
||||||
for _, credentials in results.items():
|
for _, credentials in results.items():
|
||||||
for secret_type in MimikatzResultsEncryptor.secret_types:
|
for secret_type in MimikatzResultsEncryptor.secret_types:
|
||||||
credentials[secret_type] = get_datastore_encryptor().dec(credentials[secret_type])
|
credentials[secret_type] = get_datastore_encryptor().decrypt(
|
||||||
|
credentials[secret_type]
|
||||||
|
)
|
||||||
return results
|
return results
|
||||||
|
|
|
@ -9,8 +9,8 @@ from monkey_island.cc.server_utils.encryption.dict_encryption.field_encryptors i
|
||||||
class StringListEncryptor(IFieldEncryptor):
|
class StringListEncryptor(IFieldEncryptor):
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def encrypt(value: List[str]):
|
def encrypt(value: List[str]):
|
||||||
return [get_datastore_encryptor().enc(string) for string in value]
|
return [get_datastore_encryptor().encrypt(string) for string in value]
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def decrypt(value: List[str]):
|
def decrypt(value: List[str]):
|
||||||
return [get_datastore_encryptor().dec(string) for string in value]
|
return [get_datastore_encryptor().decrypt(string) for string in value]
|
||||||
|
|
|
@ -1,75 +0,0 @@
|
||||||
import os
|
|
||||||
|
|
||||||
from Crypto import Random
|
|
||||||
|
|
||||||
from monkey_island.cc.server_utils.encryption import (
|
|
||||||
KeyBasedEncryptor,
|
|
||||||
initialize_datastore_encryptor,
|
|
||||||
)
|
|
||||||
from monkey_island.cc.server_utils.encryption.password_based_bytes_encryption import (
|
|
||||||
PasswordBasedBytesEncryptor,
|
|
||||||
)
|
|
||||||
from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
|
|
||||||
|
|
||||||
_KEY_FILENAME = "mongo_key.bin"
|
|
||||||
_BLOCK_SIZE = 32
|
|
||||||
|
|
||||||
|
|
||||||
class EncryptorFactory:
|
|
||||||
def __init__(self):
|
|
||||||
self.key_file_path = None
|
|
||||||
self.secret = None
|
|
||||||
|
|
||||||
def set_key_file_path(self, key_file_path: str):
|
|
||||||
self.key_file_path = key_file_path
|
|
||||||
|
|
||||||
def set_secret(self, username: str, password: str):
|
|
||||||
self.secret = _get_secret_from_credentials(username, password)
|
|
||||||
|
|
||||||
def initialize_encryptor(self):
|
|
||||||
if os.path.exists(self.key_file_path):
|
|
||||||
key_based_encryptor = _load_existing_key(self.key_file_path, self.secret)
|
|
||||||
else:
|
|
||||||
key_based_encryptor = _create_new_key(self.key_file_path, self.secret)
|
|
||||||
initialize_datastore_encryptor(key_based_encryptor)
|
|
||||||
|
|
||||||
|
|
||||||
class KeyPathNotSpecifiedError(Exception):
|
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
def _load_existing_key(key_file_path: str, secret: str):
|
|
||||||
with open(key_file_path, "rb") as f:
|
|
||||||
encrypted_key = f.read()
|
|
||||||
cipher_key = PasswordBasedBytesEncryptor(secret).decrypt(encrypted_key)
|
|
||||||
return KeyBasedEncryptor(cipher_key)
|
|
||||||
|
|
||||||
|
|
||||||
def _create_new_key(key_file_path: str, secret: str):
|
|
||||||
cipher_key = _get_random_bytes()
|
|
||||||
encrypted_key = PasswordBasedBytesEncryptor(secret).encrypt(cipher_key)
|
|
||||||
with open_new_securely_permissioned_file(key_file_path, "wb") as f:
|
|
||||||
f.write(encrypted_key)
|
|
||||||
return KeyBasedEncryptor(cipher_key)
|
|
||||||
|
|
||||||
|
|
||||||
def _get_random_bytes() -> bytes:
|
|
||||||
return Random.new().read(_BLOCK_SIZE)
|
|
||||||
|
|
||||||
|
|
||||||
def _get_secret_from_credentials(username: str, password: str) -> str:
|
|
||||||
return f"{username}:{password}"
|
|
||||||
|
|
||||||
|
|
||||||
def remove_old_datastore_key():
|
|
||||||
if not _factory.key_file_path:
|
|
||||||
raise KeyPathNotSpecifiedError
|
|
||||||
if os.path.isfile(_factory.key_file_path):
|
|
||||||
os.remove(_factory.key_file_path)
|
|
||||||
|
|
||||||
|
|
||||||
def get_encryptor_factory():
|
|
||||||
return _factory
|
|
||||||
|
|
||||||
|
|
||||||
_factory = EncryptorFactory()
|
|
|
@ -29,7 +29,7 @@ def censor_password(password, plain_chars=3, secret_chars=5):
|
||||||
"""
|
"""
|
||||||
if not password:
|
if not password:
|
||||||
return ""
|
return ""
|
||||||
password = get_datastore_encryptor().dec(password)
|
password = get_datastore_encryptor().decrypt(password)
|
||||||
return password[0:plain_chars] + "*" * secret_chars
|
return password[0:plain_chars] + "*" * secret_chars
|
||||||
|
|
||||||
|
|
||||||
|
@ -42,5 +42,5 @@ def censor_hash(hash_, plain_chars=5):
|
||||||
"""
|
"""
|
||||||
if not hash_:
|
if not hash_:
|
||||||
return ""
|
return ""
|
||||||
hash_ = get_datastore_encryptor().dec(hash_)
|
hash_ = get_datastore_encryptor().decrypt(hash_)
|
||||||
return hash_[0:plain_chars] + " ..."
|
return hash_[0:plain_chars] + " ..."
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
from monkey_island.cc.server_utils.encryption import (
|
||||||
|
get_datastore_encryptor,
|
||||||
|
initialize_datastore_encryptor,
|
||||||
|
)
|
||||||
|
from monkey_island.cc.server_utils.encryption.data_store_encryptor import remove_old_datastore_key
|
||||||
|
|
||||||
|
|
||||||
|
class AuthenticationService:
|
||||||
|
KEY_FILE_DIRECTORY = None
|
||||||
|
|
||||||
|
# TODO: A number of these services should be instance objects instead of
|
||||||
|
# static/singleton hybrids. At the moment, this requires invasive refactoring that's
|
||||||
|
# not a priority.
|
||||||
|
@classmethod
|
||||||
|
def initialize(cls, key_file_directory):
|
||||||
|
cls.KEY_FILE_DIRECTORY = key_file_directory
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def ensure_datastore_encryptor(username: str, password: str):
|
||||||
|
if not get_datastore_encryptor():
|
||||||
|
AuthenticationService._init_encryptor_from_credentials(username, password)
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def reset_datastore_encryptor(username: str, password: str):
|
||||||
|
remove_old_datastore_key(AuthenticationService.KEY_FILE_DIRECTORY)
|
||||||
|
AuthenticationService._init_encryptor_from_credentials(username, password)
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def _init_encryptor_from_credentials(username: str, password: str):
|
||||||
|
secret = AuthenticationService._get_secret_from_credentials(username, password)
|
||||||
|
initialize_datastore_encryptor(AuthenticationService.KEY_FILE_DIRECTORY, secret)
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def _get_secret_from_credentials(username: str, password: str) -> str:
|
||||||
|
return f"{username}:{password}"
|
|
@ -90,9 +90,9 @@ class ConfigService:
|
||||||
if should_decrypt:
|
if should_decrypt:
|
||||||
if config_key_as_arr in ENCRYPTED_CONFIG_VALUES:
|
if config_key_as_arr in ENCRYPTED_CONFIG_VALUES:
|
||||||
if isinstance(config, str):
|
if isinstance(config, str):
|
||||||
config = get_datastore_encryptor().dec(config)
|
config = get_datastore_encryptor().decrypt(config)
|
||||||
elif isinstance(config, list):
|
elif isinstance(config, list):
|
||||||
config = [get_datastore_encryptor().dec(x) for x in config]
|
config = [get_datastore_encryptor().decrypt(x) for x in config]
|
||||||
return config
|
return config
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@ -130,7 +130,7 @@ class ConfigService:
|
||||||
if item_value in items_from_config:
|
if item_value in items_from_config:
|
||||||
return
|
return
|
||||||
if should_encrypt:
|
if should_encrypt:
|
||||||
item_value = get_datastore_encryptor().enc(item_value)
|
item_value = get_datastore_encryptor().encrypt(item_value)
|
||||||
mongo.db.config.update(
|
mongo.db.config.update(
|
||||||
{"name": "newconfig"}, {"$addToSet": {item_key: item_value}}, upsert=False
|
{"name": "newconfig"}, {"$addToSet": {item_key: item_value}}, upsert=False
|
||||||
)
|
)
|
||||||
|
@ -350,10 +350,10 @@ class ConfigService:
|
||||||
]
|
]
|
||||||
else:
|
else:
|
||||||
flat_config[key] = [
|
flat_config[key] = [
|
||||||
get_datastore_encryptor().dec(item) for item in flat_config[key]
|
get_datastore_encryptor().decrypt(item) for item in flat_config[key]
|
||||||
]
|
]
|
||||||
else:
|
else:
|
||||||
flat_config[key] = get_datastore_encryptor().dec(flat_config[key])
|
flat_config[key] = get_datastore_encryptor().decrypt(flat_config[key])
|
||||||
return flat_config
|
return flat_config
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@ -379,25 +379,25 @@ class ConfigService:
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
config_arr[i] = (
|
config_arr[i] = (
|
||||||
get_datastore_encryptor().dec(config_arr[i])
|
get_datastore_encryptor().decrypt(config_arr[i])
|
||||||
if is_decrypt
|
if is_decrypt
|
||||||
else get_datastore_encryptor().enc(config_arr[i])
|
else get_datastore_encryptor().encrypt(config_arr[i])
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
parent_config_arr[config_arr_as_array[-1]] = (
|
parent_config_arr[config_arr_as_array[-1]] = (
|
||||||
get_datastore_encryptor().dec(config_arr)
|
get_datastore_encryptor().decrypt(config_arr)
|
||||||
if is_decrypt
|
if is_decrypt
|
||||||
else get_datastore_encryptor().enc(config_arr)
|
else get_datastore_encryptor().encrypt(config_arr)
|
||||||
)
|
)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def decrypt_ssh_key_pair(pair, encrypt=False):
|
def decrypt_ssh_key_pair(pair, encrypt=False):
|
||||||
if encrypt:
|
if encrypt:
|
||||||
pair["public_key"] = get_datastore_encryptor().enc(pair["public_key"])
|
pair["public_key"] = get_datastore_encryptor().encrypt(pair["public_key"])
|
||||||
pair["private_key"] = get_datastore_encryptor().enc(pair["private_key"])
|
pair["private_key"] = get_datastore_encryptor().encrypt(pair["private_key"])
|
||||||
else:
|
else:
|
||||||
pair["public_key"] = get_datastore_encryptor().dec(pair["public_key"])
|
pair["public_key"] = get_datastore_encryptor().decrypt(pair["public_key"])
|
||||||
pair["private_key"] = get_datastore_encryptor().dec(pair["private_key"])
|
pair["private_key"] = get_datastore_encryptor().decrypt(pair["private_key"])
|
||||||
return pair
|
return pair
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
from monkey_island.cc.services.authentication import AuthenticationService
|
||||||
from monkey_island.cc.services.post_breach_files import PostBreachFilesService
|
from monkey_island.cc.services.post_breach_files import PostBreachFilesService
|
||||||
from monkey_island.cc.services.run_local_monkey import LocalMonkeyRunService
|
from monkey_island.cc.services.run_local_monkey import LocalMonkeyRunService
|
||||||
|
|
||||||
|
@ -5,3 +6,4 @@ from monkey_island.cc.services.run_local_monkey import LocalMonkeyRunService
|
||||||
def initialize_services(data_dir):
|
def initialize_services(data_dir):
|
||||||
PostBreachFilesService.initialize(data_dir)
|
PostBreachFilesService.initialize(data_dir)
|
||||||
LocalMonkeyRunService.initialize(data_dir)
|
LocalMonkeyRunService.initialize(data_dir)
|
||||||
|
AuthenticationService.initialize(key_file_directory=data_dir)
|
||||||
|
|
|
@ -76,4 +76,4 @@ def encrypt_exploit_creds(telemetry_json):
|
||||||
credential = attempts[i][field]
|
credential = attempts[i][field]
|
||||||
if credential: # PowerShell exploiter's telem may have `None` here
|
if credential: # PowerShell exploiter's telem may have `None` here
|
||||||
if len(credential) > 0:
|
if len(credential) > 0:
|
||||||
attempts[i][field] = get_datastore_encryptor().enc(credential)
|
attempts[i][field] = get_datastore_encryptor().encrypt(credential)
|
||||||
|
|
|
@ -70,7 +70,7 @@ def encrypt_system_info_ssh_keys(ssh_info):
|
||||||
for idx, user in enumerate(ssh_info):
|
for idx, user in enumerate(ssh_info):
|
||||||
for field in ["public_key", "private_key", "known_hosts"]:
|
for field in ["public_key", "private_key", "known_hosts"]:
|
||||||
if ssh_info[idx][field]:
|
if ssh_info[idx][field]:
|
||||||
ssh_info[idx][field] = get_datastore_encryptor().enc(ssh_info[idx][field])
|
ssh_info[idx][field] = get_datastore_encryptor().encrypt(ssh_info[idx][field])
|
||||||
|
|
||||||
|
|
||||||
def process_credential_info(telemetry_json):
|
def process_credential_info(telemetry_json):
|
||||||
|
|
|
@ -41,7 +41,7 @@ def set_aws_keys(access_key_id: str, secret_access_key: str, session_token: str)
|
||||||
|
|
||||||
def _set_aws_key(key_type: str, key_value: str):
|
def _set_aws_key(key_type: str, key_value: str):
|
||||||
path_to_keys = AWS_KEYS_PATH
|
path_to_keys = AWS_KEYS_PATH
|
||||||
encrypted_key = get_datastore_encryptor().enc(key_value)
|
encrypted_key = get_datastore_encryptor().encrypt(key_value)
|
||||||
ConfigService.set_config_value(path_to_keys + [key_type], encrypted_key)
|
ConfigService.set_config_value(path_to_keys + [key_type], encrypted_key)
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue