tools/secretstore: decrypt secrets when requesting plaintext path
diff --git a/tools/secretstore.py b/tools/secretstore.py
index fc5b3a2..f775d4a 100644
--- a/tools/secretstore.py
+++ b/tools/secretstore.py
@@ -46,13 +46,20 @@
return os.path.exists(c) or os.path.exists(p)
def plaintext(self, suffix):
- return os.path.join(self.proot, suffix)
+ p = os.path.join(self.proot, suffix)
+ c = os.path.join(self.croot, suffix)
+
+ if not os.path.exists(p) or os.path.getctime(p) < os.path.getctime(c):
+ logger.info("Decrypting {} ({})...".format(suffix, c))
+ decrypt(c, p)
+
+ return p
def open(self, suffix, mode, *a, **kw):
p = os.path.join(self.proot, suffix)
c = os.path.join(self.croot, suffix)
if 'w' in mode:
- return open(p, mode, *a, *kw)
+ return open(p, mode, *a, **kw)
if not self.exists(suffix):
raise SecretStoreMissing("Secret {} does not exist".format(suffix))