add docs, remove unnecessary int() cast

pull/14019/head
Eric Feliksik 9 years ago committed by Toshio Kuratomi
parent 08fee9bfc5
commit 4811504a6e

@ -221,7 +221,22 @@ class VaultEditor:
self.vault = VaultLib(password) self.vault = VaultLib(password)
def _shred_file(self, tmp_path): def _shred_file(self, tmp_path):
"""securely destroy a decrypted file.""" """Securely destroy a decrypted file
Inspired by unix `shred', try to destroy the secrets "so that they can be
recovered only with great difficulty with specialised hardware, if at all".
See https://github.com/ansible/ansible/pull/13700 .
Note that:
- For flash: overwriting would have no effect (due to wear leveling). But the
added disk wear is considered insignificant.
- For other storage systems: the filesystem lies to the vfs (kernel), the disk
driver lies to the filesystem and the disk lies to the driver. But it's better
than nothing.
- most tmp dirs are now tmpfs (ramdisks), for which this is a non-issue.
"""
def generate_data(length): def generate_data(length):
import string, random import string, random
chars = string.ascii_lowercase + string.ascii_uppercase + string.digits chars = string.ascii_lowercase + string.ascii_uppercase + string.digits
@ -234,7 +249,7 @@ class VaultEditor:
ld = os.path.getsize(tmp_path) ld = os.path.getsize(tmp_path)
passes = 3 passes = 3
with open(tmp_path, "w") as fh: with open(tmp_path, "w") as fh:
for _ in range(int(passes)): for _ in range(passes):
fh.seek(0, 0) fh.seek(0, 0)
data = generate_data(ld) data = generate_data(ld)
fh.write(data) fh.write(data)

Loading…
Cancel
Save