def putSecret(name, secret, version="", kms_key="alias/credstash",
region=None, table="credential-store", context=None,
digest=DEFAULT_DIGEST, **kwargs):
'''
put a secret called `name` into the secret-store,
protected by the key kms_key
'''
if not context:
context = {}
session = get_session(**kwargs)
kms = session.client('kms', region_name=region)
key_service = KeyService(kms, kms_key, context)
sealed = seal_aes_ctr_legacy(
key_service,
secret,
digest_method=digest,
)
dynamodb = session.resource('dynamodb', region_name=region)
secrets = dynamodb.Table(table)
data = {
'name': name,
'version': paddedInt(version),
}
data.update(sealed)
return secrets.put_item(Item=data, ConditionExpression=Attr('name').not_exists())
评论列表
文章目录
