jankatins
commented
5 years ago This is how to get data from the local secret store on a mac so that passwords are not written in local_setup.py:
def getpassword(service, account):
import re
import os
def decode_hex(s):
s = eval('"' + re.sub(r"(..)", r"\x\1", s) + '"')
if "" in s: s = s[:s.index("")]
return s
cmd = ' '.join([
"/usr/bin/security",
" find-generic-password",
"-g -s '%s' -a '%s'" % (service, account),
"2>&1 >/dev/null"
])
p = os.popen(cmd)
s = p.read()
p.close()
m = re.match(r"password: (?:0x([0-9A-F]+)\s*)?\"(.*)\"$", s)
if m:
hexform, stringform = m.groups()
if hexform:
return decode_hex(hexform)
else:
return stringform
def setpassword(service, account):
import os
import getpass
password = getpass.getpass()
cmd = 'security add-generic-password -U -a %s -s %s -p \'%s\'' % (account, service, password)
p = os.popen(cmd)
s = p.read()
p.close()
# set with setpassword("mara","whatever")
whatever_password = getpassword("mara", "whatever")
We don't want passwords saved to any disk/DB or shown in any UI so we need the ability to mask them. This masks passwords in the log (before it's actually shown/written) and in the node pages. I'm not sure if there are more places.