commit c10f00b7dab10af3786d2dd51dd3d9a3e45e3483
author Piotr Dobrowolski <admin@tastycode.pl> Tue Apr 09 13:29:21 2019 +0200
committer Piotr Dobrowolski <admin@tastycode.pl> Tue Apr 09 13:29:33 2019 +0200
tree a86264b20af691c7808597f6807748b7fe475ca4
parent 598a079f5768c03b1947d2ed18a18b74ada6fc3f

tools/secretstore: decrypt secrets when requesting plaintext path

tools/secretstore.py

diff --git a/tools/secretstore.py b/tools/secretstore.py
index fc5b3a2..f775d4a 100644
--- a/tools/secretstore.py
+++ b/tools/secretstore.py
@@ -46,13 +46,20 @@
         return os.path.exists(c) or os.path.exists(p)
 
     def plaintext(self, suffix):
-        return os.path.join(self.proot, suffix)
+        p = os.path.join(self.proot, suffix)
+        c = os.path.join(self.croot, suffix)
+
+        if not os.path.exists(p) or os.path.getctime(p) < os.path.getctime(c):
+            logger.info("Decrypting {} ({})...".format(suffix, c))
+            decrypt(c, p)
+
+        return p
 
     def open(self, suffix, mode, *a, **kw):
         p = os.path.join(self.proot, suffix)
         c = os.path.join(self.croot, suffix)
         if 'w' in mode:
-            return open(p, mode, *a, *kw)
+            return open(p, mode, *a, **kw)
 
         if not self.exists(suffix):
             raise SecretStoreMissing("Secret {} does not exist".format(suffix))