Ansible ssh키 암복호화기능추가

users/models.py

@@ -1,9 +1,9 @@
 from django.db import models
 from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin, BaseUserManager
-import base64
-from cryptography.fernet import Fernet
 from django.utils import timezone
-import base64, hashlib
+from django.conf import settings  # ✅ 추가
+from cryptography.fernet import Fernet
+import base64, hashlib  # ✅ SECRET_KEY 암호화 키 생성용
 
 class CustomUserManager(BaseUserManager):
     def create_user(self, email, password=None, **extra_fields):
@@ -57,12 +57,25 @@ class CustomUser(AbstractBaseUser, PermissionsMixin):
     def __str__(self):
         return self.email
 
-    # 🔐 SSH Private Key 암복호화 관련 메서드
+    # ✅ 2025-05-20 SECRET_KEY 기반 암복호화 메서드들
+    def get_encryption_key(self) -> bytes:
+        """
+        SECRET_KEY 기반으로 Fernet 키 생성 (SHA-256 -> base64)
+        """
+        hashed = hashlib.sha256(settings.SECRET_KEY.encode()).digest()
+        return base64.urlsafe_b64encode(hashed[:32])
+
     def encrypt_private_key(self, private_key: str) -> bytes:
+        """
+        개인 키를 암호화하여 바이트 문자열로 반환
+        """
         cipher = Fernet(self.get_encryption_key())
         return cipher.encrypt(private_key.encode())
 
     def decrypt_private_key(self) -> str:
+        """
+        암호화된 SSH 키를 복호화하여 문자열로 반환
+        """
         if self.encrypted_private_key:
             cipher = Fernet(self.get_encryption_key())
             decrypted = cipher.decrypt(self.encrypted_private_key).decode()
@@ -72,10 +85,8 @@ class CustomUser(AbstractBaseUser, PermissionsMixin):
         return ""
 
     def save_private_key(self, private_key: str):
+        """
+        암호화된 SSH 키를 저장
+        """
         self.encrypted_private_key = self.encrypt_private_key(private_key)
         self.save()
-
-    def get_encryption_key(self) -> bytes:
-        email_encoded = self.email.encode()
-        base64_key = base64.urlsafe_b64encode(email_encoded.ljust(32)[:32])
-        return base64_key