pyrox.dev
1{ lib, buildPythonPackage, fetchPypi, cryptography, boto3, pyyaml, docutils, pytest, fetchpatch }:
2
3buildPythonPackage rec {
4 pname = "credstash";
5 version = "1.17.1";
6
7 src = fetchPypi {
8 inherit pname version;
9 sha256 = "6c04e8734ef556ab459018da142dd0b244093ef176b3be5583e582e9a797a120";
10 };
11
12 patches = [
13 (fetchpatch {
14 url = "https://github.com/fugue/credstash/commit/9c02ee43ed6e37596cafbca2fe80c532ec19d2d8.patch";
15 sha256 = "dlybrpfLK+PqwWWhH9iXgXHYysZGmcZAFGWNOwsG0xA=";
16 })
17 ];
18 # The install phase puts an executable and a copy of the library it imports in
19 # bin/credstash and bin/credstash.py, despite the fact that the library is also
20 # installed to lib/python<version>/site-packages/credstash.py.
21 # If we apply wrapPythonPrograms to bin/credstash.py then the executable will try
22 # to import the credstash module from the resulting shell script. Removing this
23 # file ensures that Python imports the module from site-packages library.
24 postInstall = "rm $out/bin/credstash.py";
25
26 nativeBuildInputs = [ pytest ];
27
28 propagatedBuildInputs = [ cryptography boto3 pyyaml docutils ];
29
30 # No tests in archive
31 doCheck = false;
32
33 meta = with lib; {
34 description = "A utility for managing secrets in the cloud using AWS KMS and DynamoDB";
35 homepage = "https://github.com/LuminalOSS/credstash";
36 license = licenses.asl20;
37 };
38}