secrets

Serves as an access point to the secrets table in the cloud database so that secrets don’t have to be hardcoded into the apps. Various actions require access and tokens beyond what most staff is allowed to have, so secrets ensure that only people who should be able to access a certain resource are able to access it. Restricted to admins.

Code Documentation

secrets.main.validate_master_secret(master_secret)

Validates a master secret.

Parameters

master_secret (str) – secret to be validated

Returns

a tuple of the app and a bool for if that app is a staging app

secrets.main.validates_master_secret(func)

Wraps a function to call a local version of validate_master_secret instead of the RPC wrapper.

Parameters

func (function) – function to be wrapped

Returns

wrapped function that will call validate_master_secret

secrets.main.get_secret(app, is_staging, secret_name)

Gets a secret from secrets.

Parameters

• app (str) – app to get secret for

• is_staging (bool) – whether app is a staging app

• secret_name (str) – name of secret

Returns

string of either the staging value or public value depending on if the app was a staging app.

secrets.main.load_all_secrets(app, is_staging, created_app_name)

Loads all secrets for a particular app.

Parameters

• app (string) – app loading the secrets

• is_staging (bool) – whether app is a staging app

• created_app_name (str) – name of the app to get secrets for

Returns

dict of name and public value for all secrets of created_app_name

secrets.main.create_master_secret(app, is_staging, created_app_name)

Creates a master secret.

Parameters

• app (str) – app creating the secret

• is_staging (bool) – whether app is a staging app

• created_app_name (str) – app to create master secret for

Returns

tuple of two randomly generated 64-character secrets.

secrets.main.display_hash(secret: str)

Displays the first 8 characters of the md5 hash of a secret.

Parameters

secret (str) – secret to display