How to use the taskcluster.Secrets function in taskcluster
To help you get started, we’ve selected a few taskcluster examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
MozillaReality / FirefoxReality / tools / taskcluster / fetch_secret.py View on Github 
sys.exit(2)
for opt, arg in opts:
if opt == '-h':
print name + '-s -o -n <data name=""> -d (decode base64)'
sys.exit()
elif opt in ("-s"):
secret_path = arg
elif opt in ("-o"):
output_file = arg
elif opt in ("-n"):
data_name = arg
elif opt in ("-d"):
decode = True
if data_name == '':
data_name = os.path.basename(secret_path)
secrets = taskcluster.Secrets({'rootUrl': os.environ['TASKCLUSTER_PROXY_URL']})
data = secrets.get(secret_path)
data = data['secret'][data_name]
if decode:
data = base64.b64decode(data)
with open(output_file, 'w') as output:
output.write(data)
</data># This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
"""
This script talks to the taskcluster secrets service to obtain the
Google Firebase service account token and write it to the .firebase_token
file in the root directory.
"""
import os
import taskcluster
import json
# Get JSON data from taskcluster secrets service
secrets = taskcluster.Secrets({'rootUrl': os.environ['TASKCLUSTER_PROXY_URL']})
data = secrets.get('project/mobile/firefox-tv/tokens')
with open(os.path.join(os.path.dirname(__file__), '../../.firebase_token.json'), 'w') as file:
json.dump(data['secret']['firebaseToken'], file)
print("Imported google firebase token from secrets service.")# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
"""
This script talks to the taskcluster secrets service to obtain the
Pocket token and write it to the .pocket_key_release file in the root
directory.
"""
import os
import taskcluster
# Get JSON data from taskcluster secrets service
secrets = taskcluster.Secrets({'rootUrl': os.environ['TASKCLUSTER_PROXY_URL']})
data = secrets.get('project/mobile/firefox-tv/tokens')
token_file_path = os.path.join(os.path.dirname(__file__), '../../.pocket_key_release')
with open(token_file_path, 'w') as token_file:
token_file.write(data['secret']['pocketToken'])
print("Imported pocket token from secrets service")def get_secret(secret_id):
""" Return the secret value
"""
env_variable_name = f"BUGBUG_{secret_id}"
# Try in the environment first
secret_from_env = os.environ.get(env_variable_name)
if secret_from_env:
return secret_from_env
# If not in env, try with TC if we have the secret id
tc_secret_id = os.environ.get("TC_SECRET_ID")
if tc_secret_id:
secrets = taskcluster.Secrets(get_taskcluster_options())
secret_bucket = secrets.get(tc_secret_id)
return secret_bucket["secret"][secret_id]
else:
raise ValueError("Failed to find secret {}".format(secret_id))def fetch_secret_from_taskcluster(name):
try:
secrets = taskcluster.Secrets({
# BaseUrl is still needed for tasks that haven't migrated to taskgraph yet.
'baseUrl': 'http://taskcluster/secrets/v1',
})
except taskcluster.exceptions.TaskclusterFailure:
# taskcluster library >=5 errors out when `baseUrl` is used
secrets = taskcluster.Secrets({
'rootUrl': os.environ.get('TASKCLUSTER_PROXY_URL', 'https://taskcluster.net'),
})
return secrets.get(name)# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
"""
This script talks to the taskcluster secrets service to obtain the
Sentry token and write it to the .sentry_dsn_release file in the root
directory.
"""
import os
import taskcluster
# Get JSON data from taskcluster secrets service
secrets = taskcluster.Secrets({'rootUrl': os.environ['TASKCLUSTER_PROXY_URL']})
data = secrets.get('project/mobile/firefox-tv/tokens')
token_file_path = os.path.join(os.path.dirname(__file__), '../../.sentry_dsn_release')
with open(token_file_path, 'w') as token_file:
token_file.write(data['secret']['sentryToken'])
print("Imported sentry token from secrets service")# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
"""
This script talks to the taskcluster secrets service to obtain the
Bitbar token and write it to the .bitbar_token file in the root
directory.
"""
import os
import taskcluster
import json
# Get JSON data from taskcluster secrets service
secrets = taskcluster.Secrets({'rootUrl': os.environ['TASKCLUSTER_PROXY_URL']})
data = secrets.get('project/mobile/firefox-tv/tokens')
with open(os.path.join(os.path.dirname(__file__), '../../.bitbar_token.json'), 'w') as file:
json.dump(data['secret']['bitbarToken'], file)
print("Imported Bitbar token from secrets service")
Popular taskcluster functions
- taskcluster.exceptions
- taskcluster.exceptions.TaskclusterAuthFailure
- taskcluster.exceptions.TaskclusterFailure
- taskcluster.exceptions.TaskclusterRestFailure
- taskcluster.fromNow
- taskcluster.fromNowJSON
- taskcluster.Index
- taskcluster.optionsFromEnvironment
- taskcluster.Queue
- taskcluster.Scheduler
- taskcluster.Secrets
- taskcluster.slugId
- taskcluster.stringDate
- taskcluster.utils
- taskcluster.utils.dumpJson
- taskcluster.utils.encodeStringForB64Header
- taskcluster.utils.makeB64UrlSafe
- taskcluster.utils.slugId
- taskcluster.utils.stringDate
- taskcluster.utils.toStr