#!/usr/bin/env python3

from ruamel.yaml import YAML
from ruamel.yaml.comments import CommentedMap
import os
import sys
from typing import Tuple
import hashlib

# Return a YAML list of all environment variables, with sensitive ones hashed.

yaml = YAML()


def filter_sensitive_vars(env_var: Tuple[str, str]):
    """
    If env var name contains a sensitive pattern like 'SECRET' or 'KEY',
    then just return the hash of the value.
    Input is a env var tuple, e.g. ('SHELL','/bin/bash')
    """
    sensitive_pattern_list = ['KEY', 'SECRET']
    (key, value) = env_var
    if any(pattern.upper() in key.upper() for pattern in sensitive_pattern_list):
        return (key + '(HASHED)', hashlib.md5(str(value).encode("utf-8")).hexdigest() + '(HASH)')
    else:
        return env_var


env_vars = os.environ.items()
filtered_env_vars = list(map(filter_sensitive_vars, env_vars))
yaml.dump(CommentedMap(sorted(filtered_env_vars)), sys.stdout)
