Skip to content

Commit 3cf7711

Browse files
aclark4lifeaclark4life
committed
Update KMS_CREDENTIALS
1 parent 7cf064c commit 3cf7711

File tree

1 file changed

+58
-56
lines changed

1 file changed

+58
-56
lines changed

.github/workflows/encrypted_settings.py

Lines changed: 58 additions & 56 deletions
Original file line numberDiff line numberDiff line change
@@ -6,72 +6,74 @@
66

77
os.environ["LD_LIBRARY_PATH"] = os.environ["GITHUB_WORKSPACE"] + "/lib/"
88

9+
KMS_CREDENTIALS = {
10+
"aws": {
11+
"kms_provider": {
12+
"aws": {
13+
"accessKeyId": os.environ.get("AWS_ACCESS_KEY_ID"),
14+
"secretAccessKey": os.environ.get("AWS_SECRET_ACCESS_KEY"),
15+
}
16+
},
17+
"customer_master_key": {
18+
"key": os.environ.get("AWS_KEY_ARN"),
19+
"region": os.environ.get("AWS_KEY_REGION"),
20+
},
21+
},
22+
"azure": {
23+
"kms_provider": {
24+
"azure": {
25+
"tenantId": os.environ.get("AZURE_TENANT_ID"),
26+
"clientId": os.environ.get("AZURE_CLIENT_ID"),
27+
"clientSecret": os.environ.get("AZURE_CLIENT_SECRET"),
28+
}
29+
},
30+
"customer_master_key": {
31+
"keyName": os.environ.get("AZURE_KEY_NAME"),
32+
"keyVaultEndpoint": os.environ.get("AZURE_KEY_VAULT_ENDPOINT"),
33+
},
34+
},
35+
"gcp": {
36+
"kms_provider": {
37+
"gcp": {
38+
"email": os.environ.get("GCP_EMAIL"),
39+
"privateKey": os.environ.get("GCP_PRIVATE_KEY"),
40+
}
41+
},
42+
"customer_master_key": {
43+
"projectId": os.environ.get("GCP_PROJECT_ID"),
44+
"location": os.environ.get("GCP_LOCATION"),
45+
"keyRing": os.environ.get("GCP_KEY_RING"),
46+
"keyName": os.environ.get("GCP_KEY_NAME"),
47+
},
48+
},
49+
"kmip": {
50+
"kms_provider": {"kmip": {"endpoint": os.environ.get("KMIP_KMS_ENDPOINT")}},
51+
"customer_master_key": {},
52+
"tls_options": {
53+
"kmip": {
54+
"tlsCAFile": os.environ.get("KMIP_TLS_CA_FILE"),
55+
"tlsCertificateKeyFile": os.environ.get("KMIP_TLS_CERT_FILE"),
56+
}
57+
},
58+
},
59+
"local": {
60+
"kms_provider": {"local": {"key": os.urandom(96)}},
61+
"customer_master_key": {},
62+
},
63+
}
64+
965
DATABASES["encrypted"] = { # noqa: F405
1066
"ENGINE": "django_mongodb_backend",
1167
"NAME": "djangotests_encrypted",
1268
"OPTIONS": {
1369
"auto_encryption_opts": AutoEncryptionOpts(
1470
key_vault_namespace="djangotests_encrypted.__keyVault",
15-
kms_providers={"local": {"key": os.urandom(96)}},
71+
kms_providers=KMS_CREDENTIALS,
1672
crypt_shared_lib_path=os.environ["GITHUB_WORKSPACE"] + "/lib/mongo_crypt_v1.so",
1773
),
1874
"directConnection": True,
1975
},
20-
"KMS_CREDENTIALS": {
21-
"aws": {
22-
"kms_provider": {
23-
"aws": {
24-
"accessKeyId": os.environ.get("AWS_ACCESS_KEY_ID"),
25-
"secretAccessKey": os.environ.get("AWS_SECRET_ACCESS_KEY"),
26-
}
27-
},
28-
"customer_master_key": {
29-
"key": os.environ.get("AWS_KEY_ARN"),
30-
"region": os.environ.get("AWS_KEY_REGION"),
31-
},
32-
},
33-
"azure": {
34-
"kms_provider": {
35-
"azure": {
36-
"tenantId": os.environ.get("AZURE_TENANT_ID"),
37-
"clientId": os.environ.get("AZURE_CLIENT_ID"),
38-
"clientSecret": os.environ.get("AZURE_CLIENT_SECRET"),
39-
}
40-
},
41-
"customer_master_key": {
42-
"keyName": os.environ.get("AZURE_KEY_NAME"),
43-
"keyVaultEndpoint": os.environ.get("AZURE_KEY_VAULT_ENDPOINT"),
44-
},
45-
},
46-
"gcp": {
47-
"kms_provider": {
48-
"gcp": {
49-
"email": os.environ.get("GCP_EMAIL"),
50-
"privateKey": os.environ.get("GCP_PRIVATE_KEY"),
51-
}
52-
},
53-
"customer_master_key": {
54-
"projectId": os.environ.get("GCP_PROJECT_ID"),
55-
"location": os.environ.get("GCP_LOCATION"),
56-
"keyRing": os.environ.get("GCP_KEY_RING"),
57-
"keyName": os.environ.get("GCP_KEY_NAME"),
58-
},
59-
},
60-
"kmip": {
61-
"kms_provider": {"kmip": {"endpoint": os.environ.get("KMIP_KMS_ENDPOINT")}},
62-
"customer_master_key": {},
63-
"tls_options": {
64-
"kmip": {
65-
"tlsCAFile": os.environ.get("KMIP_TLS_CA_FILE"),
66-
"tlsCertificateKeyFile": os.environ.get("KMIP_TLS_CERT_FILE"),
67-
}
68-
},
69-
},
70-
"local": {
71-
"kms_provider": {"local": {"key": os.urandom(96)}},
72-
"customer_master_key": {},
73-
},
74-
},
76+
"KMS_CREDENTIALS": KMS_CREDENTIALS,
7577
}
7678

7779

0 commit comments

Comments
 (0)