vuls: init at 0.27.0 (#348530)
[NixPkgs.git] / pkgs / build-support / replace-secret / replace-secret.py
blob30ff41d491baa72526dbd7a08b04b6c6c108663c
1 #!/usr/bin/env python
3 import argparse
4 from argparse import RawDescriptionHelpFormatter
6 description = """
7 Replace a string in one file with a secret from a second file.
9 Since the secret is read from a file, it won't be leaked through
10 '/proc/<pid>/cmdline', unlike when 'sed' or 'replace' is used.
11 """
13 parser = argparse.ArgumentParser(
14 description=description,
15 formatter_class=RawDescriptionHelpFormatter
17 parser.add_argument("string_to_replace", help="the string to replace")
18 parser.add_argument("secret_file", help="the file containing the secret")
19 parser.add_argument("file", help="the file to perform the replacement on")
20 args = parser.parse_args()
22 with open(args.secret_file) as sf, open(args.file, 'r+') as f:
23 old = f.read()
24 secret = sf.read().strip("\n")
25 new_content = old.replace(args.string_to_replace, secret)
26 f.seek(0)
27 f.write(new_content)
28 f.truncate()