tjh.dev
1{ stdenv, buildPythonPackage, fetchPypi, cryptography, boto3, pyyaml, docutils, nose }:
2
3buildPythonPackage rec {
4 pname = "credstash";
5 version = "1.15.0";
6
7 src = fetchPypi {
8 inherit pname version;
9 sha256 = "814560f99ae2409e2c6d906d878f9dadada5d1d0a950aafb6b2c0d535291bdfb";
10 };
11
12 # The install phase puts an executable and a copy of the library it imports in
13 # bin/credstash and bin/credstash.py, despite the fact that the library is also
14 # installed to lib/python<version>/site-packages/credstash.py.
15 # If we apply wrapPythonPrograms to bin/credstash.py then the executable will try
16 # to import the credstash module from the resulting shell script. Removing this
17 # file ensures that Python imports the module from site-packages library.
18 postInstall = "rm $out/bin/credstash.py";
19
20 nativeBuildInputs = [ nose ];
21
22 propagatedBuildInputs = [ cryptography boto3 pyyaml docutils ];
23
24 # No tests in archive
25 doCheck = false;
26
27 meta = with stdenv.lib; {
28 description = "A utility for managing secrets in the cloud using AWS KMS and DynamoDB";
29 homepage = https://github.com/LuminalOSS/credstash;
30 license = licenses.asl20;
31 };
32}