ansible-vault 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c64c35022f30a4f3c587291beec7db13bbde45c8
+  data.tar.gz: a67022fa1b3d67df377f9eb1fdf926f428d67235
+SHA512:
+  metadata.gz: d143eb2573573c5f83adf5e373f440c2d5207d2cc4933c13f1d58bcdd8a1a4f2cd60aa6f0babbafe60fc9487bde28207007a600cc25c686353f0ffcfb2b9b2b5
+  data.tar.gz: 696b412c876e520bba00d1884db687c5ad63f118cd23adfd624681e06095534c988ebdc422a07b6f503156b7298a4efb9fb183e2c8b2cefc62d6d203c424c8a2

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,9 @@
+language: ruby
+sudo: required
+rvm:
+  - 2.1.1
+  - 2.2.2
+  - 2.3.0
+before_install:
+  - gem install bundler -v 1.11.2
+  - sudo pip install ansible

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,49 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, and in the interest of
+fostering an open and welcoming community, we pledge to respect all people who
+contribute through reporting issues, posting feature requests, updating
+documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free
+experience for everyone, regardless of level of experience, gender, gender
+identity and expression, sexual orientation, disability, personal appearance,
+body size, race, ethnicity, age, religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information, such as physical or electronic
+  addresses, without explicit permission
+* Other unethical or unprofessional conduct
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+By adopting this Code of Conduct, project maintainers commit themselves to
+fairly and consistently applying these principles to every aspect of managing
+this project. Project maintainers who do not follow or enforce the Code of
+Conduct may be permanently removed from the project team.
+
+This code of conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting a project maintainer at t.pickett66@gmail.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. Maintainers are
+obligated to maintain confidentiality with regard to the reporter of an
+incident.
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 1.3.0, available at
+[http://contributor-covenant.org/version/1/3/0/][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/3/0/

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in ansible-vault.gemspec
+gemspec

data/Guardfile

@@ -0,0 +1,40 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+## Uncomment and set this to only include directories you want to watch
+# directories %w(app lib config test spec features) \
+#  .select{|d| Dir.exists?(d) ? d : UI.warning("Directory #{d} does not exist")}
+
+## Note: if you are using the `directories` clause above and you are not
+## watching the project directory ('.'), then you will want to move
+## the Guardfile to a watched dir and symlink it back, e.g.
+#
+#  $ mkdir config
+#  $ mv Guardfile config/
+#  $ ln -s config/Guardfile .
+#
+# and, you'll have to watch "config/Guardfile" instead of "Guardfile"
+
+# Note: The cmd option is now required due to the increasing number of ways
+#       rspec may be run, below are examples of the most common uses.
+#  * bundler: 'bundle exec rspec'
+#  * bundler binstubs: 'bin/rspec'
+#  * spring: 'bin/rspec' (This will use spring if running and you have
+#                          installed the spring binstubs per the docs)
+#  * zeus: 'zeus rspec' (requires the server to be started separately)
+#  * 'just' rspec: 'rspec'
+
+guard :rspec, cmd: "bundle exec rspec" do
+  require "guard/rspec/dsl"
+  dsl = Guard::RSpec::Dsl.new(self)
+
+  # RSpec files
+  rspec = dsl.rspec
+  watch(rspec.spec_helper) { rspec.spec_dir }
+  watch(rspec.spec_support) { rspec.spec_dir }
+  watch(rspec.spec_files)
+
+  # Ruby files
+  ruby = dsl.ruby
+  dsl.watch_spec_files_for(ruby.lib_files)
+end

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Tyler Pickett
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,75 @@
+# Ansible::Vault
+[![Build Status](https://travis-ci.org/tpickett66/ansible-vault-rb.svg?branch=master)](https://travis-ci.org/tpickett66/ansible-vault-rb)
+
+A ruby implementation of the Ansible vault file format for use in tooling that
+needs to work with the vaults but doesn't want to shell out. The goal is to
+provide an IO like API for interacting with the files, basic reading and
+writing will be implemented first with a stream interface coming later if the
+need arises. The API design is inspired by Ruby's IO class for ease of adoption
+and [http://nacl.cr.yp.to/](NaCl's crypto_box) in that it takes care of doing
+the right things for the user.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'ansible-vault'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install ansible-vault
+
+## Usage
+
+### Reading the contents of a vault
+
+```ruby
+require 'ansible/vault'
+
+contents = Ansible::Vault.read(path: '/path/to/file', password: 'foobar')
+  # => 'These are the secrets that I keep.'
+```
+
+Yep, that's it! This call opens the vault file, verifies the included HMAC, and
+(assuming the HMAC checks out) decrypts the contents of the file and returns
+the String representation of the contents.
+
+### Writing new contents to a vault 
+
+```ruby
+require 'ansible/vault'
+
+Ansible::Vault.write({
+  path: '/path/to/file',
+  password: 'foobar',
+  plaintext: 'My secrets.'
+}) # => #<File:(closed)>
+```
+
+This call overwrites anything at the path specified with the cyphertext of the
+supplied contents. The plaintext is expected to have been cast to a string prior
+to being passed to this function.
+
+## Development
+
+After checking out the repo, run `bin/setup` to check for the required
+dependencies. Then, run `rake spec` to run the tests. You can also run
+`bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To
+release a new version, update the version number in `version.rb`, and then run
+`bundle exec rake release`, which will create a git tag for the version, push
+git commits and tags, and push the `.gem` file to
+[rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at
+https://github.com/tpickett66/ansible-vault-rb.
+

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/ansible-vault.gemspec

@@ -0,0 +1,32 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'ansible/vault/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "ansible-vault"
+  spec.version       = Ansible::Vault::VERSION
+  spec.authors       = ["Tyler Pickett"]
+  spec.email         = ["t.pickett66@gmail.com"]
+
+  spec.summary       = %q{A ruby implementation of Ansible's vault utilities}
+  spec.description   = "A ruby implementation of Ansible's vault utilities. " \
+   "Currently supports the AES256 variant, no support for the original AES" \
+   "format is planned."
+  spec.homepage      = "https://github.com/tpickett66/ansible-vault-rb"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+  spec.license        = "MIT"
+
+  spec.add_dependency "oroku_saki", "~> 1.1"
+
+  spec.add_development_dependency "bundler", "~> 1.11"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "guard-rspec", "~> 4.6"
+  spec.add_development_dependency "byebug", "~> 8.2"
+  spec.add_development_dependency "yard", "~> 0.8.7"
+end

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "ansible/vault"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+
+red=$'\e[31m'
+green=$'\e[32m'
+yellow=$'\e[33m'
+blue=$'\e[34m'
+bold=$'\e[1m'
+reset=$'\e[0m'
+
+bundle install
+
+if hash python 2>/dev/null; then
+    PYTHON_MISSING=0
+else
+    echo "${bold}${yellow}Unable to locate python in \$PATH, please install it using your favorite package manager.${reset}"
+    PYTHON_MISSING=1
+fi
+
+if hash ansible-vault 2>/dev/null; then
+    ANSIBLE_MISSING=0
+else
+    echo "${bold}${yellow}Unable to locate ansible-vault in \$PATH, please install using pip or your favorite package manager.${reset}"
+    ANSIBLE_MISSING=1
+fi
+
+if PYTHON_MISSING || ANSIBLE_MISSING; then
+    echo "${bold}${yellow}One or more optional dependencies are missing${reset}"
+fi

data/lib/ansible/vault.rb

@@ -0,0 +1,76 @@
+require 'oroku_saki'
+
+require 'ansible/vault/bin_ascii'
+require 'ansible/vault/encryptor'
+require 'ansible/vault/decryptor'
+require 'ansible/vault/file_reader'
+require 'ansible/vault/file_writer'
+require 'ansible/vault/version'
+
+module Ansible
+  # The top level class for interacting with Vault files.
+  class Vault
+    # Read and decrypt the plaintext contents of a vault
+    #
+    # @param path [String] The path to the file to read
+    # @param password [String] The password for the file
+    # @return [String] The plaintext contents of the vault, this is marked for
+    #   zeroing before the GC reaps the object. Any data extracted/parsed from
+    #   this string should be similarly wiped from memory when no longer used.
+    def self.read(path:, password:)
+      new(path: path, password: password).read
+    end
+
+    # Encrypt plaintext using the supplied and write it to the specified location
+    #
+    # @param path [String] The path to the file to write, truncated before writing
+    # @param password [String] The password for the file
+    # @param plaintext [String] The secrets to be protected
+    # @return [File] The closed file handle the vault was written to
+    def self.write(path:, password:, plaintext:)
+      new(path: path, password: password, plaintext: plaintext).write
+    end
+
+    # Build a new Vault
+    #
+    # @param path [String] The path to the file to read
+    # @param password [String] The password for the file
+    def initialize(path:, password:, plaintext: :none)
+      @path = path
+      @password = password.shred_later
+      @plaintext = plaintext
+      @plaintext.shred_later if String === @plaintext
+    end
+
+    # Inspect this vault
+    #
+    # Overridden from the default implementation to prevent passwords from
+    # being leaked into logs.
+    #
+    # @return [String]
+    def inspect
+      %Q{#<Ansible::Vault:#{"0x00%x" % (object_id << 1)} @path="#{@path}", @password="#{@password[0,4]}...">}
+    end
+
+    # Write the plaintext to the file specified
+    #
+    # @return [File] The closed file handle the vault was written to
+    def write
+      file = FileWriter.new(@path)
+      encryptor = Encryptor.new(password: @password, file: file)
+      encryptor.encrypt(@plaintext)
+      file.write
+    end
+
+    # Extract the plaintext from a previously written vault file
+    #
+    # @return [String] The plaintext contents of the vault, this is marked for
+    #   zeroing before the GC reaps the object. Any data extracted/parsed from
+    #   this string should be similarly wiped from memory when no longer used.
+    def read
+      file = FileReader.new(@path)
+      decryptor = Decryptor.new(password: @password, file: file)
+      decryptor.plaintext
+    end
+  end
+end

data/lib/ansible/vault/bin_ascii.rb

@@ -0,0 +1,22 @@
+module Ansible
+  class Vault
+    # A Ruby implementation of part of Python's binascii module
+    module BinASCII
+      # Convert the supplied binary string to the hex representation
+      #
+      # @param [String] bin_data The binary data to encode
+      # @return [String] The hex encoded binary data.
+      def self.hexlify(bin_data)
+        bin_data.unpack('H*').first
+      end
+
+      # Convert the hexadecimal represenation of data back to binary
+      #
+      # @param [String] hex_data The hex data to convert back to binary
+      # @return [String] The binary representation of the supplied hex data
+      def self.unhexlify(hex_data)
+        [hex_data].pack('H*')
+      end
+    end
+  end
+end

data/lib/ansible/vault/cryptor.rb

@@ -0,0 +1,104 @@
+require 'openssl'
+
+require 'ansible/vault/error'
+
+module Ansible
+  class Vault
+    # The base class for handling the en/decryption process
+    #
+    # This is here mostly to supply a consistent configuration for the various
+    # primitives in use.
+    #
+    # @!attribute [r] file
+    #   @return [FileReader] The object handling manipulating data for the vault
+    #     format.
+    class Cryptor
+      attr_reader :file
+
+      # The number of bytes in each key we need to generate
+      KEY_LENGTH = 32
+      # The number of bytes in the cipher's block
+      BLOCK_SIZE = IV_LENGTH = 16
+      # The number of iterations to use in the key derivation function, this
+      # was pulled from the Ansible source. Do not change.
+      KDF_ITERATIONS = 10_000
+      # The total number of bytes to be output by the key derivation function.
+      KDF_OUTPUT_LENGTH = (2 * KEY_LENGTH + IV_LENGTH)
+      # The hashing algorithm for use in the KDF and HMAC calculations
+      HASH_ALGORITHM = 'SHA256'.freeze
+      # The Cipher spec OpenSSL expects when building our cipher object.
+      CIPHER = 'AES-256-CTR'.freeze
+
+      # Build a new cryptor object
+      #
+      # @param password [String] The password to be fed into the KDF
+      # @param file [FileReader] The object for correctly reading/writing the
+      #   Ansible vault file format.
+      def initialize(password:, file:)
+        @password = password
+        @file = file
+      end
+
+      # Inspect the cryptor object.
+      #
+      # Overridden from the default to prevent key/password leakage.
+      def inspect
+        "#<#{self.class.name}:#{"0x00%x" % (object_id << 1)}>"
+      end
+
+      private
+
+      def calculated_hmac
+        return @calculated_hmac if defined?(@calculated_hmac)
+        digest = OpenSSL::Digest.new(HASH_ALGORITHM)
+        hmac_algorithm = OpenSSL::HMAC.new(hmac_key, digest)
+        hmac_algorithm << file.ciphertext
+        @calculated_hmac = hmac_algorithm.hexdigest
+      end
+
+      def cipher(mode: :decrypt)
+        @cipher ||= OpenSSL::Cipher.new(CIPHER).tap do |cipher|
+          cipher.public_send(mode)
+          cipher.key = cipher_key
+          cipher.iv = iv
+        end
+      end
+
+      def cipher_key
+        return @cipher_key if defined?(@cipher_key)
+        derive_keys
+        @cipher_key
+      end
+
+      def hmac_key
+        return @hmac_key if defined?(@hmac_key)
+        derive_keys
+        @hmac_key
+      end
+
+      def iv
+        return @iv if defined?(@iv)
+        derive_keys
+        @iv
+      end
+
+      def derive_keys
+        if salt.nil? || salt.strip.empty?
+          raise MissingSalt, "Unable to derive keys, no salt available!"
+        end
+        key = OpenSSL::PKCS5.pbkdf2_hmac(
+          @password,
+          salt,
+          KDF_ITERATIONS,
+          KDF_OUTPUT_LENGTH,
+          HASH_ALGORITHM
+        )
+        @cipher_key = key[0,KEY_LENGTH].shred_later
+        @hmac_key = key[KEY_LENGTH, KEY_LENGTH].shred_later
+        @iv = key[KEY_LENGTH*2, IV_LENGTH].shred_later
+        key.shred!
+        nil
+      end
+    end
+  end
+end

data/lib/ansible/vault/decryptor.rb

@@ -0,0 +1,38 @@
+require 'ansible/vault/cryptor'
+
+module Ansible
+  class Vault
+    # The class that handles decrypting an existing vault file
+    class Decryptor < Cryptor
+      # Decrypts the ciphertext from the file and strips any padding found.
+      #
+      # @return [String] The plaintext contents of the file, this is marked for
+      #   zeroing before the GC reaps the object. Any data extracted/parsed
+      #   from this string should be similarly wiped from memory when no longer
+      #   used.
+      def plaintext
+        return @plaintext if defined?(@plaintext)
+        unless hmac_matches?
+          raise HMACMismatch, 'HMAC encoded in the file does not match calculated one!'
+        end
+        @plaintext = cipher(mode: :decrypt).update(file.ciphertext)
+        padding_length = @plaintext[-1].codepoints.first
+        @plaintext.sub!(/#{padding_length.chr}{#{padding_length}}\z/, '')
+        @plaintext.shred_later
+      end
+
+      # Indicates if the HMAC present in the file matches the calculated one
+      #
+      # @return [Boolean]
+      def hmac_matches?
+        OrokuSaki.secure_compare(calculated_hmac, file.hmac)
+      end
+
+      private
+
+      def salt
+        file.salt
+      end
+    end
+  end
+end

data/lib/ansible/vault/encryptor.rb

@@ -0,0 +1,27 @@
+require 'securerandom'
+
+require 'ansible/vault/cryptor'
+
+module Ansible
+  class Vault
+    # The class that handles encrypting data to be written to a file.
+    class Encryptor < Cryptor
+      # Encrypt supplied plaintext, calculate HMAC, and pass to supplied {FileWriter}
+      #
+      # @param [String] plaintext The source data to be encrypted
+      def encrypt(plaintext)
+        padding_length = BLOCK_SIZE - plaintext.bytesize % BLOCK_SIZE
+        padded_plaintext = (plaintext + (padding_length.chr * padding_length)).shred_later
+        file.ciphertext = cipher(mode: :encrypt).update(padded_plaintext) + cipher.final
+        file.salt = salt
+        file.hmac = calculated_hmac
+      end
+
+      private
+
+      def salt
+        @salt ||= SecureRandom.random_bytes(KEY_LENGTH)
+      end
+    end
+  end
+end

data/lib/ansible/vault/error.rb

@@ -0,0 +1,7 @@
+module Ansible
+  class Vault
+    class Error < StandardError; end
+    class MissingSalt < Error; end
+    class HMACMismatch < Error; end
+  end
+end

data/lib/ansible/vault/file_reader.rb

@@ -0,0 +1,58 @@
+module Ansible
+  class Vault
+    # A class for reading the data encoded in an Ansible vault file.
+    #
+    # @!attribute [r] body
+    #   The encoded body of the file.
+    # @!attribute [r] header
+    #   The header of the file, not currently used.
+    # @!attribute [r] path
+    #   The path of the file being read.
+    class FileReader
+      attr_reader :body, :header, :path
+
+      def initialize(path)
+        @path = path
+        ::File.open(path, 'r') { |f|
+          @header = f.gets.chomp
+          @body = f.readlines.map(&:chomp).join
+        }
+      end
+
+      # Extracts and decodes the ciphertext from the file body
+      #
+      # @return [String] The raw binary representation of the ciphertext
+      def ciphertext
+        return @ciphertext if defined?(@ciphertext)
+        decode_body
+        @ciphertext
+      end
+
+      # Extracts the HMAC value from the file body
+      #
+      # @return [String] The hex representation of the HMAC
+      def hmac
+        return @hmac if defined?(@hmac)
+        decode_body
+        @hmac
+      end
+
+      # Extracts and decodes the salt from the file body
+      #
+      # @return [String] The raw binary representation of the salt
+      def salt
+        return @salt if defined?(@salt)
+        decode_body
+        @salt
+      end
+
+      private
+
+      def decode_body
+        salt, @hmac, ciphertext = BinASCII.unhexlify(@body).split("\n")
+        @ciphertext = BinASCII.unhexlify(ciphertext)
+        @salt = BinASCII.unhexlify(salt)
+      end
+    end
+  end
+end

data/lib/ansible/vault/file_writer.rb

@@ -0,0 +1,51 @@
+module Ansible
+  class Vault
+    # A class for writting the encrypted data into an Ansible formatted file
+    #
+    # @!attribute [r] path
+    #   @return [String] The path to write the file to, truncated before writing
+    # @!attribute [rw] ciphertext
+    #   @return [String] The encrypted contents of the file.
+    # @!attribute [rw] hmac
+    #   @return [String] The HMAC value for the ciphertext, calculated by an
+    #     instance of {Encryptor}
+    # @!attribute [rw] salt
+    #   @return [String] The salt value for the ciphertext, generated by an
+    #     instance of {Encryptor}
+    class FileWriter
+      attr_reader :path
+      attr_accessor :ciphertext, :hmac, :salt
+
+      # The standard header for Ansible's current vault format
+      HEADER = "$ANSIBLE_VAULT;1.1;AES256\n".freeze
+
+      # Construct a new FileWriter
+      #
+      # @param [String] path The path to write the file out to.
+      def initialize(path)
+        @path = path
+      end
+
+      # Write out the encrypted contents of the file in the correct format.
+      #
+      # @return [File] The closed file handle used to write the data out.
+      def write
+        File.open(path, 'w') { |file|
+          file.write(HEADER)
+          file.write(encoded_body)
+        }
+      end
+
+      private
+
+      def encoded_body
+        encoded_ciphertext = BinASCII.hexlify(@ciphertext)
+        encoded_salt = BinASCII.hexlify(@salt)
+
+        raw_body = [encoded_salt, @hmac, encoded_ciphertext].join("\n")
+        BinASCII.hexlify(raw_body).scan(/.{,80}/).join("\n")
+      end
+    end
+  end
+end
+

data/lib/ansible/vault/version.rb

@@ -0,0 +1,5 @@
+module Ansible
+  class Vault
+    VERSION = "0.1.0"
+  end
+end

metadata

@@ -0,0 +1,165 @@
+--- !ruby/object:Gem::Specification
+name: ansible-vault
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Tyler Pickett
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2016-04-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: oroku_saki
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.6'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '8.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '8.2'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.7
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.7
+description: A ruby implementation of Ansible's vault utilities. Currently supports
+  the AES256 variant, no support for the original AESformat is planned.
+email:
+- t.pickett66@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- Guardfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- ansible-vault.gemspec
+- bin/console
+- bin/setup
+- lib/ansible/vault.rb
+- lib/ansible/vault/bin_ascii.rb
+- lib/ansible/vault/cryptor.rb
+- lib/ansible/vault/decryptor.rb
+- lib/ansible/vault/encryptor.rb
+- lib/ansible/vault/error.rb
+- lib/ansible/vault/file_reader.rb
+- lib/ansible/vault/file_writer.rb
+- lib/ansible/vault/version.rb
+homepage: https://github.com/tpickett66/ansible-vault-rb
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: A ruby implementation of Ansible's vault utilities
+test_files: []
+has_rdoc: