search

StackStorm-Exchange / stackstorm-email

E-Mail Actions/Sensors for StackStorm
https://exchange.stackstorm.org/
Apache License 2.0
9 stars 45 forks source link

can we encrypt the password parameter? #12

Closed longfei-zhang closed 6 years ago

longfei-zhang commented 6 years ago

I don't want other user see the password directly. so maybe we can add the value like:

---
smtp_accounts:
  - name: me
    password: "I'm encrypted"

If so then st2 need to decrypt it first and then use it.

nmaludy commented 6 years ago

@longfei-zhang i'm guessing this is for the email pack? The password property is set to secret https://github.com/StackStorm-Exchange/stackstorm-email/blob/master/config.schema.yaml#L27

You could store your password in the datastore, and then retrieve it in the config using Jinja.

Since the password property in the config is set to secret, we need to encrypt the data in the datastore (the -e flag does this)

# save your password into the datastore
$ st2 key set -e smtp_account.me.password "I'm Encrypted"

Modify your email pack config /opt/stackstorm/configs/email.yaml

---
smtp_accounts:
  - name: name
    password: "{{ st2kv.system.smtp_account.me.password }}"
longfei-zhang commented 6 years ago

@nmaludy I followed your guide but failed.

Traceback (most recent call last):
  File "/opt/stackstorm/st2/lib/python2.7/site-packages/st2common/runners/python_action_wrapper.py", line 278, in <module>
    obj.run()
  File "/opt/stackstorm/st2/lib/python2.7/site-packages/st2common/runners/python_action_wrapper.py", line 171, in run
    output = action.run(**self._parameters)
  File "/opt/stackstorm/packs/email/actions/send_email.py", line 49, in run
    s.login(account_data['username'], account_data['password'])
  File "/usr/lib64/python2.7/smtplib.py", line 621, in login
    raise SMTPAuthenticationError(code, resp)
smtplib.SMTPAuthenticationError: (460, 'ERR.LOGIN.PASSERR')

I added some log to see the password value
It seems that we get {{ st2kv.system.smtp_account.me.password }} as the password.

do i missed something?

longfei-zhang commented 6 years ago

If I run the send email action and put the {{ st2kv.system.smtp_account.me.password }} as the message I can see the message's value is correct.

longfei-zhang commented 6 years ago

It seems that this is a bug. I debuged this py /opt/stackstorm/packs/email/actions/send_email.py the message value can use the {{ st2kv.system.smtp_account.me.password }} to get the correct value but the s.login(account_data['username'], account_data['password']) (line48) can not get the correct value.