Metadata-Version: 2.4
Name: hea-scripts
Version: 1.0.0b2
Summary: A collection of scripts for the HEA project.
Author-email: "Comprehensive Oncology Data and Engineering Shared Resource (CODE), Huntsman Cancer Institute, Salt Lake City, UT" <Andrew.Post@hci.utah.edu>
License-Expression: Apache-2.0
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: System Administrators
Classifier: Natural Language :: English
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: System :: Systems Administration
Classifier: Topic :: Scientific/Engineering
Classifier: Topic :: Scientific/Engineering :: Bio-Informatics
Classifier: Topic :: Scientific/Engineering :: Information Analysis
Classifier: Topic :: Scientific/Engineering :: Medical Science Apps.
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: cryptography~=44.0.0
Provides-Extra: dev
Requires-Dist: pytest~=8.0; extra == "dev"
Requires-Dist: mypy~=2.1; extra == "dev"
Requires-Dist: build~=1.5; extra == "dev"
Requires-Dist: coverage~=7.14.1; extra == "dev"
Requires-Dist: twine~=6.2.0; extra == "dev"
Requires-Dist: tox~=4.55.0; extra == "dev"
Dynamic: license-file

# HEA Scripts

Contains scripts for configuring a Health Enterprise Analytics (HEA) deployment. The primary scripts handle Fernet symmetric encryption of secrets stored in `.env` files.

## Setup

Install the package in editable mode (the dev container does this automatically):

```sh
pip install --user -e .
```

Requires Python 3.10 - 3.12.

## Usage

### Generate an encryption key

```sh
hea-gen-encryption-key
```

Save the printed key in your `.env` file as `HEA_ENCRYPTION_KEY`, or in a dedicated file (recommended) referenced by `HEA_ENCRYPTION_KEY_FILE`. If using a file, restrict its permissions:

```sh
chmod 600 hea_encryption_key.txt
```

### Encrypt / decrypt a value

```sh
# Encrypt a literal value
hea-encryption --encrypt <value>

# Encrypt a property already in .env (result is written to stdout with {crypt} prefix)
hea-encryption --encrypt -p <PROPERTY_NAME>

# Decrypt a token
hea-encryption --decrypt <token>

# Read input from a file
hea-encryption --encrypt -f <file>
hea-encryption --decrypt -f <file>

# Write output to a file instead of stdout
hea-encryption --encrypt <value> -o <output_file>
```

## Configuration

Scripts expect a `.env` file in the working directory. The encryption key is resolved in this order:

1. `HEA_ENCRYPTION_KEY_FILE` environment variable (path to key file)
2. `HEA_ENCRYPTION_KEY_FILE` in `.env` (path to key file)
3. `HEA_ENCRYPTION_KEY` environment variable (inline key)
4. `HEA_ENCRYPTION_KEY` in `.env` (inline key)

Encrypted values stored in `.env` use the format:

```
PROPERTY={crypt}<fernet-token>
```

## Contributing

Install the package with the `dev` optional dependencies to get pytest:

```sh
pip install --user -e ".[dev]"
```

Run the tests:

```sh
python -m pytest tests/
```

Deploying:
Run `pyproject-build` to build a source package and weel.

To deploy, the twine command is configured with a custom .pypirc file located at .devcontainer/pyproject-pypirc. Add your repositories and credentials to that file, and `twine upload -r` should work.
