fix: add key passphrase support for encrypted OCI private keys
Private keys with passphrase caused EOFError in Docker containers since getpass cannot prompt without a TTY. Added optional "Key Passphrase" field to OCI credentials form. When provided, pass_phrase is written to the OCI config file so both the CLI and SDK can read the key without prompting.
This commit is contained in:
@@ -393,6 +393,7 @@ async def save_oci(
|
||||
tenancy_name: str = Form(...), tenancy_ocid: str = Form(...),
|
||||
user_ocid: str = Form(...), fingerprint: str = Form(...),
|
||||
region: str = Form(...), compartment_id: str = Form(""),
|
||||
key_passphrase: str = Form(""),
|
||||
private_key: UploadFile = File(...), public_key: Optional[UploadFile] = File(None),
|
||||
u = Depends(require("admin","user"))
|
||||
):
|
||||
@@ -401,9 +402,11 @@ async def save_oci(
|
||||
kp.write_bytes(await private_key.read()); kp.chmod(0o600)
|
||||
if public_key: (cdir / "oci_api_key_public.pem").write_bytes(await public_key.read())
|
||||
cfg_file = cdir / "config"
|
||||
cfg_file.write_text(
|
||||
f"[DEFAULT]\nuser={user_ocid}\nfingerprint={fingerprint}\n"
|
||||
f"tenancy={tenancy_ocid}\nregion={region}\nkey_file={kp}\n")
|
||||
cfg_content = (f"[DEFAULT]\nuser={user_ocid}\nfingerprint={fingerprint}\n"
|
||||
f"tenancy={tenancy_ocid}\nregion={region}\nkey_file={kp}\n")
|
||||
if key_passphrase:
|
||||
cfg_content += f"pass_phrase={key_passphrase}\n"
|
||||
cfg_file.write_text(cfg_content)
|
||||
cfg_file.chmod(0o600)
|
||||
with db() as c:
|
||||
c.execute("INSERT INTO oci_configs (id,user_id,tenancy_name,tenancy_ocid,user_ocid,fingerprint,region,key_file_path,compartment_id) VALUES (?,?,?,?,?,?,?,?,?)",
|
||||
|
||||
Reference in New Issue
Block a user