make it possible to load password inventory from external file

unverbuggt · unverbuggt · commit 54bd8d9b3b47 · 2023-04-30T10:43:41.000+02:00
diff --git a/README.md b/README.md
@@ -32,7 +32,7 @@ The content is encrypted with AES-256 in Python using PyCryptodome, and decrypte
 * Sign generated generated and javascript files used in encrypted pages to make it more tamper proof
 * ~~Add check for latin1 encoding in passwords, as it pycryptodome's implementation of PBKDF2 requires it~~
 * ~~find an equivalent way to define multiple passwords in the password inventory as global password~~
-* make it possible to define passwords in external yaml file(s)
+* ~~make it possible to define passwords in external yaml file(s)~~
 * ...to be defined
 
 # Table of Contents
@@ -143,6 +143,28 @@ The plugin will generate one secret key for each level which is used to encrypt
 
 It is good practice to assign the same level to all pages within a navigation branch (INSERT EXAMPLE HERE).
 
+#### Password inventory in external file
+
+You can define password levels in an external yaml file and use it with `password_file`.
+
+```yaml
+plugins:
+    - encryptcontent:
+        password_file: 'passwords.yml'
+```
+
+passwords.yml:
+```yaml
+classified: 'password1'
+confidential:
+    - 'password2'
+    - 'password3'
+secret:
+    user4: 'password4'
+    user5: 'password5'
+```
+
+
 #### Global password(s) in inventory
 
 You can add the special level `_global`, which will be applied globally on all sites like this:
diff --git a/encryptcontent/plugin.py b/encryptcontent/plugin.py
@@ -5,6 +5,7 @@
 import logging
 import json
 import math
+import yaml
 from pathlib import Path
 from os.path import exists
 from jinja2 import Template
@@ -376,8 +377,16 @@ def on_config(self, config, **kwargs):
         self.setup['password_keystore'] = {}
         self.setup['obfuscate_keystore'] = {}
         self.setup['level_keystore'] = {}
-        
-        if 'password_inventory' in self.config:
+
+        if self.config['password_file']:
+            if self.config['password_inventory']:
+                print(self.config['password_inventory'])
+                logger.error("Please define either 'password_file' or 'password_inventory' in mkdocs.yml and not both.")
+                os._exit(1)
+            with open(self.config['password_file'], 'r') as stream:
+                self.config['password_inventory'] = yaml.safe_load(stream)
+
+        if self.config['password_inventory']:
             for level in self.config['password_inventory'].keys():
                 new_entry = {}
                 new_entry['key'] = get_random_bytes(32)
