Closed 0x2b3bfa0 closed 1 year ago
<!DOCTYPE html>
<html>
<head>
<title>Credentials</title>
<script
src="https://cdnjs.cloudflare.com/ajax/libs/libsodium-wrappers/0.5.4/sodium.min.js"
referrerpolicy="no-referrer"
></script>
<script>
async function doSomething() {
const credentials = window.localStorage.getItem("leo-credentials");
const response = await fetch("/something", { headers: { credentials } });
alert(await response.json());
}
async function getServerPublicKey() {
const { key } = await fetch("/key").then((response) => response.json());
return key;
}
async function encryptAndSave(form) {
const fields = { aws: Object.fromEntries(new FormData(form)) };
form.reset();
const message = JSON.stringify(fields);
const recipient = sodium.from_base64(await getServerPublicKey());
const encrypted = sodium.crypto_box_seal(message, recipient);
const encoded = sodium.to_base64(encrypted);
window.localStorage.setItem("leo-credentials", encoded);
}
</script>
</head>
<body>
<form onsubmit="event.preventDefault(); encryptAndSave(this);">
<input name="access-key-id" placeholder="AWS_ACCESS_KEY_ID" />
<input name="secret-access-key" placeholder="AWS_SECRET_ACCESS_KEY" />
<input name="session-token" placeholder="AWS_SESSION_TOKEN" />
<input type="submit" value="Save" />
<input type="button" value="Run" onclick="doSomething();" />
</form>
</body>
</html>
Outdated comment: after watching the recording of the #studio backend meeting, this pull request is absolutely required.
@tasdomas, wrote this ~out of sheer boredom~ to address https://github.com/iterative/terraform-provider-iterative/pull/708#issuecomment-1303654847; feel free to take a look if you deem it useful
@0x2b3bfa0 can you save me some googling and share a cli example of wrapping the credentials?
@dacbd, I'm afraid there is no easy command-line tool to do that; even GitHub documentation points users to sesquipedalian code snippets. Here you go a code golfed version:
$ pip install pynacl
$ <credentials.json>credentials.b64 python -c 'import base64,sys,nacl.public,nacl.encoding;print(base64.b64encode(nacl.public.SealedBox(nacl.public.PublicKey(sys.argv[1],nacl.encoding.Base64Encoder)).encrypt(sys.stdin.buffer.read())).decode())' $(curl -s localhost:8080/key|jq -r .key)
$ http POST localhost:8080/tasks -A bearer -a $(cat credentials.b64) < request.json
Moved permanently to https://github.com/iterative/leo-server/pull/9