swh.alter.recovery_bundle module#
- class swh.alter.recovery_bundle.Manifest(version: int, removal_identifier: str, created: datetime, swhids: List[str], decryption_key_shares: Dict[str, str], reason: Optional[str] = None, expire: Optional[datetime] = None)[source]#
Bases:
object
Method generated by attrs for class Manifest.
- swh.alter.recovery_bundle.age_encrypt(public_key: str, cleartext: bytes, armored_output=False) bytes [source]#
- swh.alter.recovery_bundle.age_decrypt(secret_key: str, ciphertext: Union[bytes, str]) bytes [source]#
- swh.alter.recovery_bundle.age_decrypt_from_identity(identity_file: str, ciphertext: Union[bytes, str]) bytes [source]#
- class swh.alter.recovery_bundle.SecretSharing(minimum_required_groups: int, groups: Dict[str, _SecretSharingGroup])[source]#
Bases:
object
Method generated by attrs for class SecretSharing.
- class swh.alter.recovery_bundle.RecoveryBundle(path: str, object_decryption_key_provider: Optional[Callable[[Manifest], str]] = None)[source]#
Bases:
object
- write_content_data(swhid: ExtendedSWHID, dest: BinaryIO)[source]#
- skipped_contents() Iterator[SkippedContent] [source]#
- origin_visits(origin: Origin) Iterator[OriginVisit] [source]#
- origin_visit_statuses(origin: Origin) Iterator[OriginVisitStatus] [source]#
- rollover(secret_sharing: SecretSharing)[source]#
Update the recovery bundle encrypted shared secrets using the given configuration.
It is useful when a secret holder needs to be added or removed, or to switch to an entirely new scheme.
This method splits the decryption key into new encrypted shares. The decryption key stays the same. The mnemonics will be new.
A new recovery bundle file is created with an updated manifest which then atomically replaces the existing file.