test_psmp: derivation Fernet exacte identique a secrets_service

tools/test_psmp.py

@@ -21,15 +21,19 @@ DATABASE_URL = os.getenv("DATABASE_URL_DEMO") or os.getenv("DATABASE_URL") \
 
 
 def get_secret(conn, key):
-    """Lit + dechiffre via le service officiel (Fernet)."""
-    from app.services.secrets_service import decrypt
+    """Lit + dechiffre Fernet (meme derivation que app/services/secrets_service.py)."""
+    import base64
+    from cryptography.fernet import Fernet
+    secret_key = os.getenv("SECRET_KEY",
+                           "slpm-patchcenter-secret-key-2026-change-in-production")
+    raw = secret_key.encode()[:32].ljust(32, b'\0')
+    fernet = Fernet(base64.urlsafe_b64encode(raw))
     row = conn.execute(text("SELECT value FROM app_secrets WHERE key=:k"), {"k": key}).fetchone()
     if not row or not row.value:
         return None
     try:
-        return decrypt(row.value)
+        return fernet.decrypt(row.value.encode()).decode()
     except Exception:
-        # Fallback si stocke en clair
         return row.value