Bulk encryption solution for .netmiko.yml

netmiko/cli_tools/bulk_encrypt.py → netmiko/cli_tools/netmiko_bulk_encrypt.py

@@ -1,19 +1,23 @@
 #!/usr/bin/env python3
 import argparse
-import yaml
 import sys
 from pathlib import Path
+from ruamel.yaml import YAML
 
 from netmiko.encryption_handling import encrypt_value, get_encryption_key
 
+yaml = YAML()
+yaml.preserve_quotes = True
+yaml.indent(mapping=2, sequence=4, offset=2)
+
 
 def encrypt_netmiko_yml(
     input_file: str, output_file: str | None, encryption_type: str
 ) -> None:
     # Read the input YAML file
     input_path = Path(input_file).expanduser()
     with input_path.open("r") as f:
-        config = yaml.safe_load(f)
+        config = yaml.load(f)
 
     # Get the encryption key
     key = get_encryption_key()
@@ -27,7 +31,7 @@ def encrypt_netmiko_yml(
                 )
                 params["password"] = encrypted_value
             if "secret" in params:
-                # Use the same encrypted value for secret if it's identical to password
+                encrypted_value = encrypt_value(params["secret"], key, encryption_type)
                 params["secret"] = encrypted_value
 
     # Write the updated config to the output file or stdout
@@ -39,6 +43,10 @@ def encrypt_netmiko_yml(
         yaml.dump(config, sys.stdout)
 
 
+def main_ep():
+    sys.exit(main())
+
+
 def main():
     parser = argparse.ArgumentParser(
         description="Encrypt passwords in .netmiko.yml file"
@@ -69,6 +77,8 @@ def main():
             file=sys.stderr,
         )
 
+    return 0
+
 
 if __name__ == "__main__":
-    main()
+    sys.exit(main())

netmiko/cli_tools/netmiko_encrypt.py

@@ -1,12 +1,17 @@
 #!/usr/bin/env python3
 import os
+import sys
 import argparse
 from getpass import getpass
 
 from netmiko.utilities import load_netmiko_yml
 from netmiko.encryption_handling import encrypt_value
 
 
+def main_ep():
+    sys.exit(main())
+
+
 def main():
     parser = argparse.ArgumentParser(
         description="Encrypt data using Netmiko's encryption."
@@ -56,6 +61,8 @@ def main():
     encrypted_data = encrypt_value(data, key, encryption_type)
     print(f"\nEncrypted data: {encrypted_data}\n")
 
+    return 0
+
 
 if __name__ == "__main__":
-    main()
+    sys.exit(main())

pyproject.toml

@@ -24,18 +24,18 @@ python = ">=3.9,<4.0"
 setuptools = ">=65.0.0"
 paramiko = ">=2.9.5"
 scp = ">=0.13.6"
-pyyaml = ">=5.3"
+pyyaml = ">=6.0.2"
 textfsm = ">=1.1.3"
 ntc-templates = ">=3.1.0"
 pyserial = ">=3.3"
 cffi = ">=1.17.0rc1"
 rich = ">=13.8"
+ruamel.yaml = ">=0.17"
 
 [tool.poetry.group.dev.dependencies]
 black = "24.8.0"
 mypy = "1.11.2"
 mypy-extensions = "1.0.0"
-PyYAML = "6.0.2"
 pytest = "8.3.3"
 pyflakes = "3.2.0"
 pylama = "8.4.1"
@@ -58,6 +58,8 @@ ttp = ">=0.9.5"
 "netmiko-grep" = "netmiko.cli_tools.netmiko_grep:main_ep"
 "netmiko-show" = "netmiko.cli_tools.netmiko_show:main_ep"
 "netmiko-cfg" = "netmiko.cli_tools.netmiko_cfg:main_ep"
+"netmiko-encrypt" = "netmiko.cli_tools.netmiko_encrypt:main_ep"
+"netmiko-bulk-encrypt" = "netmiko.cli_tools.netmiko_bulk_encrypt:main_ep"
 
 [tool.black]
 exclude = '''

setup.cfg

@@ -58,3 +58,6 @@ ignore_errors = True
 
 [mypy-netmiko.cli_tools.netmiko_encrypt]
 ignore_errors = True
+
+[mypy-netmiko.cli_tools.netmiko_bulk_encrypt]
+ignore_errors = True