khaganat-web/pwdb/management/commands/pwdb_rotate_secret_key.py

27 lines
937 B
Python
Raw Permalink Normal View History

from django.core.management.base import BaseCommand, CommandError
from pwdb.models import SharedPassword, IV_LENGTH
import secrets
class Command(BaseCommand):
help = "Re-encrypts all the shared passwords after a secret key rollover"
def add_arguments(self, parser):
parser.add_argument("old_key", type=str)
def handle(self, *args, **options):
self.stdout.write("Re-encrypting passwords with the new secret key.")
self.old_key = options["old_key"]
try:
for p in SharedPassword.objects.all():
self.update_password(p)
self.stdout.write("Done.")
except ValueError:
self.stderr.write("Invalid key.")
def update_password(self, password):
clear_password = password.decrypt_password(key=self.old_key)
password.iv = secrets.token_bytes(IV_LENGTH)
password.set_password(clear_password)
password.save()