646b892680
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
29 lines
900 B
Python
Executable File
29 lines
900 B
Python
Executable File
#!/usr/bin/env python
|
|
|
|
import argparse
|
|
from argparse import RawDescriptionHelpFormatter
|
|
|
|
description = """
|
|
Replace a string in one file with a secret from a second file.
|
|
|
|
Since the secret is read from a file, it won't be leaked through
|
|
'/proc/<pid>/cmdline', unlike when 'sed' or 'replace' is used.
|
|
"""
|
|
|
|
parser = argparse.ArgumentParser(
|
|
description=description,
|
|
formatter_class=RawDescriptionHelpFormatter
|
|
)
|
|
parser.add_argument("string_to_replace", help="the string to replace")
|
|
parser.add_argument("secret_file", help="the file containing the secret")
|
|
parser.add_argument("file", help="the file to perform the replacement on")
|
|
args = parser.parse_args()
|
|
|
|
with open(args.secret_file) as sf, open(args.file, 'r+') as f:
|
|
old = f.read()
|
|
secret = sf.read().strip("\n")
|
|
new_content = old.replace(args.string_to_replace, secret)
|
|
f.seek(0)
|
|
f.write(new_content)
|
|
f.truncate()
|