| 75 | |
| 76 | @staticmethod |
| 77 | def _setup_crypto(): |
| 78 | if KeyValuePairAPI.crypto_setup: |
| 79 | # Crypto already set up |
| 80 | return |
| 81 | |
| 82 | LOG.info("Checking if encryption is enabled for key-value store.") |
| 83 | KeyValuePairAPI.is_encryption_enabled = cfg.CONF.keyvalue.enable_encryption |
| 84 | LOG.debug("Encryption enabled? : %s", KeyValuePairAPI.is_encryption_enabled) |
| 85 | if KeyValuePairAPI.is_encryption_enabled: |
| 86 | KeyValuePairAPI.crypto_key_path = cfg.CONF.keyvalue.encryption_key_path |
| 87 | LOG.info( |
| 88 | "Encryption enabled. Looking for key in path %s", |
| 89 | KeyValuePairAPI.crypto_key_path, |
| 90 | ) |
| 91 | if not os.path.exists(KeyValuePairAPI.crypto_key_path): |
| 92 | msg = ( |
| 93 | "Encryption key file does not exist in path %s." |
| 94 | % KeyValuePairAPI.crypto_key_path |
| 95 | ) |
| 96 | LOG.exception(msg) |
| 97 | LOG.info( |
| 98 | "All API requests will now send out BAD_REQUEST " |
| 99 | + "if you ask to store secrets in key value store." |
| 100 | ) |
| 101 | KeyValuePairAPI.crypto_key = None |
| 102 | else: |
| 103 | KeyValuePairAPI.crypto_key = read_crypto_key( |
| 104 | key_path=KeyValuePairAPI.crypto_key_path |
| 105 | ) |
| 106 | KeyValuePairAPI.crypto_setup = True |
| 107 | |
| 108 | @classmethod |
| 109 | def from_model(cls, model, mask_secrets=True): |