Support encrypted backends for credentials

[cletomartin]

Overview

The ~/.credentials could be improved for supporting different back-end alternatives. This would be very useful for local testing where users will not need to store credentials in plain text on disk

Requirements

• Support, at least, 1password as an alternative back-end for these credentials file.
• Make it easy to extend for other types of back-ends.
• Do not break current default behaviour. Make all this feature optional

Approach

• Extend compliance/utils/credentials.py so that it supports multiple backends. The default behaviour should be the current local file.
• 1password backend: users could use the Auditree configuration to specify the type of the backend they want to use. For example:

"creds": {
  "backend": "1password",
  "domain": "my-domain"
}

In this case, Auditree will wait for an auditree vault in 1password (this vault name can be part of the config too) which will contain the credentials with the following schema:

• Name of sections of the credentials file will match with the name of a secure note.
• Each section key/value of the credentials file will be a field in the secure note.

For example: creds['aws'].username will be searched at op://auditree/aws/username

Test Plan

No configuration provided should keep the same behaviour so far.

[drsm79]

Pulling secrets from e.g. github environment would be cool, too.

[cletomartin]

For the record, there has been documented a way to use 1Password with auditree in #153