bridgetown_credentials 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c194e19c7c65a4fa6619ad6fb82bf0b51549ac4f3c4c0540b5bd264ceae12940
+  data.tar.gz: cec0d7a2abbf0bf0c1b3b0e01f1762df1c0b9ece09e05e6aa786c0b714121bb9
+SHA512:
+  metadata.gz: f8c198d161e1f41b46788f4aafa6a1f0a2339023b6f5b285b001e221c0ec0812a238c901572f230326e67efbab8480b2c97f8c417572c898fd8cc07d78fc333b
+  data.tar.gz: b812f1fa40bc71ea144219730cdec378f07d3f21457d5b65e7af41d14ea6be63d1710f9893bbe4e5adbc5c0430aefa40787547f07b6b252a3dff4cf541ddf01b

data/CHANGELOG.md

@@ -0,0 +1,10 @@
+## Main
+
+Nothing so far
+
+## 0.1.0
+
+### Initial implementation
+
+* Commands `bridgetown credentials edit` and `show`
+* `Bridgetown.credentials` accessor

data/LICENSE.txt

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2020-present
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,153 @@
+[![Version](https://img.shields.io/gem/v/bridgetown_credentials.svg?style=flat)](https://rubygems.org/gems/bridgetown_credentials)
+[![Tests](https://img.shields.io/github/actions/workflow/status/svoop/bridgetown_credentials/test.yml?style=flat&label=tests)](https://github.com/svoop/bridgetown_credentials/actions?workflow=Test)
+[![Code Climate](https://img.shields.io/codeclimate/maintainability/svoop/bridgetown_credentials.svg?style=flat)](https://codeclimate.com/github/svoop/bridgetown_credentials/)
+[![Donorbox](https://img.shields.io/badge/donate-on_donorbox-yellow.svg)](https://donorbox.org/bitcetera)
+
+# Credentials for Bridgetown
+
+This plugin adds Rails-like encrypted credentials to Bridgetown.
+
+Credentials like passwords, access tokens and other secrets are often passed to sites each by it's own ENV variable. This is both uncool, non-atomic and therefore unreliable. Use this plugin to store your credentials in encrypted YAML files which you can safely commit to your source code repository. In order to use all of them in Bridgetown, you have to set or pass exactly one ENV variable holding the key to decrypt.
+
+* [Homepage](https://github.com/svoop/bridgetown_credentials)
+* [API](https://www.rubydoc.info/gems/bridgetown_credentials)
+* Author: [Sven Schwyn - Bitcetera](https://bitcetera.com)
+
+## Installation
+
+First add this gem to your bundle:
+
+```shell
+$ bundle add bridgetown_credentials
+```
+
+Then enable it in `config/initializers.rb`:
+
+```ruby
+init :bridgetown_credentials
+```
+
+For the time being, it's necessary to [require this gem early in the boot process](https://www.bridgetownrb.com/docs/plugins/commands) for the commands to be picked up. Add `config/boot.rb` to your site reading:
+
+```ruby
+Bundler.setup(:default, Bridgetown.env)
+require "bridgetown_credentials"
+```
+
+For safety, you should exclude key files from the source code repository:
+
+```shell
+bin/bridgetown apply "$(bundle info --path bridgetown_credentials)/bridgetown.automation.rb"
+```
+
+### Secure Installation
+
+This gem is [cryptographically signed](https://guides.rubygems.org/security/#using-gems) in order to assure it hasn't been tampered with.
+
+To install it securely, add the author's public key as a trusted certificate and then install the bundle with the trust policy of your choice:
+
+```shell
+gem cert --add <(curl -Ls https://raw.github.com/svoop/bridgetown_credentials/main/certs/svoop.pem)
+bundle install --trust-policy MediumSecurity
+```
+
+## Usage
+
+### First Time
+
+Make sure you have set the `EDITOR` variable to your favourite editor and then create a new credentials file:
+
+```shell
+echo $EDITOR
+bin/bridgetown credentials edit
+```
+
+You might want to add something along the lines of:
+
+```yml
+foo: bar
+aws:
+  access_key_id: awsXid
+  secret_access_key: awsXsecret
+google:
+  maps:
+    api_key: goomXkey
+  places:
+    api_key: goopXkey
+```
+
+After saving the file, the following new files have been created:
+
+```
+config/
+ └─ credentials/
+     ├─ development.key
+     └─ development.yml.enc
+```
+
+⚠️ Move the `*.key` files to a safe place such as a password manager now! Never check them into the source code repository!
+
+The credentials you've edited above have been written to `development.yml.enc` and will be available when Bridgetown is in `development` mode.
+
+To edit the credentials for `production` mode:
+
+```shell
+bin/bridgetown credentials edit -e production
+```
+
+To edit or use a credentials file from now on, you have to set the corresponding key as an ENV variable. The actual key is the content of the `*.key` file you should have tucked away above.
+
+```shell
+export BRIDGETOWN_DEVELOPMENT_KEY="10aabbccddeeff00112233445566778899"
+export BRIDGETOWN_PRODUCTION_KEY="20aabbccddeeff00112233445566778899"
+```
+
+#### Unified Environments
+
+If you prefer not to separate credentials between different environments:
+
+```shell
+rm config/credentials/production.*
+mv config/credentials/development.yml config/credentials.yml
+rmdir config/credentials
+```
+
+This simplifies the files to:
+
+```
+config/
+ └─ credentials.yml.enc
+```
+
+To edit or use this from now on, you have to set:
+
+
+```shell
+export BRIDGETOWN_CREDENTIALS_KEY="30aabbccddeeff00112233445566778899"
+```
+
+⚠️ If `config/credentials.yml` is present, any other credentials files are ignored.
+
+### Read
+
+Throughout the Bridgetown stack, you can now use the credentials as follows:
+
+```ruby
+Bridgetown.credentials.foo                            # => "bar"
+Bridgetown.credentials.aws[:access_key_id]            # => "awsXid"
+Bridgetown.credentials.google.dig((:maps, :api_key)   # => "goomXkey"
+```
+
+### Commands
+
+* `bin/bridgetown credentials edit` – edit the credentials
+* `bin/bridgetown credentials show` – dump the decrypted credentials to STDOUT
+
+## Tests
+
+* `bundle exec rake test` to run the test suite
+* `script/cibuild` to validate with Rubocop and Minitest together
+
+## Development
+
+You're welcome to [submit issues](https://github.com/svoop/bridgetown_credentials/issues) and contribute code by [forking the project and submitting pull requests](https://docs.github.com/en/get-started/quickstart/fork-a-repo).

data/bridgetown.automation.rb

@@ -0,0 +1,7 @@
+# Make sure key files are not committed to the source code repository
+append_to_file ".gitignore" do
+  <<~END
+    config/credentials.key
+    config/credentials/*.key
+  END
+end

data/lib/bridgetown_credentials/bridgetown.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module BridgetownCredentials
+  module Bridgetown
+
+    def credentials
+      BridgetownCredentials::Credentials.new(
+        root_dir: ::Bridgetown.configuration.root_dir,
+        env: ::Bridgetown.env
+      ).credentials
+    end
+
+  end
+end

data/lib/bridgetown_credentials/commands/credentials.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require_all "bridgetown-core/commands/concerns"
+
+module BridgetownCredentials
+  class Commands
+    class Credentials < Thor
+      Bridgetown::Commands::Registrations.register do
+        desc "credentials <command>", "Work with Rails-like encrypted credentials"
+        subcommand "credentials", Credentials
+      end
+
+      desc "edit", "Edit the credentials"
+      option :environment, aliases: '-e'
+      def edit
+        ENV['BRIDGETOWN_ENV'] = options['environment'] if options['environment']
+        BridgetownCredentials::Commands.new.edit
+      end
+
+      desc "show", "Dump the decrypted credentials to STDOUT"
+      option :environment, aliases: '-e'
+      def show
+        ENV['BRIDGETOWN_ENV'] = options['environment'] if options['environment']
+        BridgetownCredentials::Commands.new.show
+      end
+    end
+  end
+end

data/lib/bridgetown_credentials/commands.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module BridgetownCredentials
+  class Commands
+
+    def initialize(root_dir: ::Bridgetown.configuration.root_dir, env: ::Bridgetown.env)
+      @credentials = BridgetownCredentials::Credentials.new(root_dir: root_dir, env: env)
+    end
+
+    def edit
+      tempfile = Tempfile.new('btcs')
+      tempfile.write @credentials.credentials.read
+      tempfile.close
+      system "#{ENV['EDITOR']} #{tempfile.path}"
+      @credentials.credentials.write File.read(tempfile.path)
+    ensure
+      tempfile.unlink
+    end
+
+    def show
+      puts @credentials.credentials.read
+    end
+  end
+end

data/lib/bridgetown_credentials/credentials.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module BridgetownCredentials
+  class Credentials
+
+    attr_reader :credentials
+
+    def initialize(root_dir:, env:)
+      @config_path = Pathname(root_dir).join('config')   # NOTE: config dir is hardcoded as of bridgetown-1.2
+      @env = env
+      @credentials = credentials_path ? load : create
+    end
+
+    private
+
+    def credentials_path
+      [
+        @config_path.join("credentials.yml.enc"),
+        default_credentials_path
+      ].find do |path|
+        path.file?
+      end
+    end
+
+    def credentials_env
+      ['BRIDGETOWN', credentials_path.basename('.yml.enc'), 'KEY']
+        .join('_')
+        .upcase
+    end
+
+    def default_credentials_path
+      @config_path.join('credentials', "#{@env}.yml.enc")
+    end
+
+    def default_key_path
+      @config_path.join('credentials', "#{@env}.key")
+    end
+
+    def load
+      ActiveSupport::EncryptedConfiguration.new(
+        config_path: credentials_path,
+        env_key: credentials_env,
+        key_path: '---',
+        raise_if_missing_key: true
+      )
+    end
+
+    def create
+      default_key_path.dirname.mkpath
+      default_key_path.write(ActiveSupport::EncryptedConfiguration.generate_key)
+      ActiveSupport::EncryptedConfiguration.new(
+        config_path: default_credentials_path,
+        env_key: '---',
+        key_path: default_key_path,
+        raise_if_missing_key: false
+      )
+    end
+
+  end
+end

data/lib/bridgetown_credentials/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module BridgetownCredentials
+  VERSION = "0.1.0"
+end

data/lib/bridgetown_credentials.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require "bridgetown"
+
+require 'tempfile'
+require 'yaml'
+require "active_support/encrypted_configuration"
+
+require_relative "bridgetown_credentials/version"
+require_relative "bridgetown_credentials/credentials"
+require_relative "bridgetown_credentials/commands"
+require_relative "bridgetown_credentials/commands/credentials"
+require_relative "bridgetown_credentials/bridgetown"
+
+Bridgetown.initializer :bridgetown_credentials do
+  Bridgetown.extend BridgetownCredentials::Bridgetown
+end

data/spec/fixtures/separated/config/credentials/development.yml.enc

@@ -0,0 +1 @@
+9i/EtUJt1efCi00JI8zjhF0NLObmkgZYdz1AybNHLKc4Hr8=--TpvEzWdBo9BDIehP--58KgR6zZPV7ji2Ej4LKwtg==

data/spec/fixtures/separated/config/credentials/production.yml.enc

@@ -0,0 +1 @@
+S5RzJRMyPJ+0/yqQnDxSZ3ZZ6TVM21Uzt5rtj+77Tnkd--vny3NxIG5530Q2Cc--vqccEZ/3Jga3Jbc9G1knSA==

data/spec/fixtures/unified/config/credentials/development.yml.enc

@@ -0,0 +1 @@
+9i/EtUJt1efCi00JI8zjhF0NLObmkgZYdz1AybNHLKc4Hr8=--TpvEzWdBo9BDIehP--58KgR6zZPV7ji2Ej4LKwtg==

data/spec/fixtures/unified/config/credentials/production.yml.enc

@@ -0,0 +1 @@
+S5RzJRMyPJ+0/yqQnDxSZ3ZZ6TVM21Uzt5rtj+77Tnkd--vny3NxIG5530Q2Cc--vqccEZ/3Jga3Jbc9G1knSA==

data/spec/fixtures/unified/config/credentials.yml.enc

@@ -0,0 +1 @@
+iEiDBqdV97GT29DWsyuuiHSdPDOZjwwat5mn--Kw4OaG2ueY51rkD7--hwUIAa4Llvp2GoUaz+NPww==

data/spec/lib/bridgetown_credentials/commands_spec.rb

@@ -0,0 +1,34 @@
+require_relative '../../spec_helper'
+
+describe BridgetownCredentials::Commands do
+
+  describe :edit do
+    it "generates the necessary files and writes the credentials via EDITOR" do
+      ENV['EDITOR'] = 'echo "foo: bar" >'
+      Dir.mktmpdir do |root_dir|
+        root_dir = Pathname(root_dir)
+        subject = BridgetownCredentials::Commands.new(root_dir: root_dir, env: 'staging')
+        subject.edit
+        ENV['BRIDGETOWN_STAGING_KEY'] = File.read(root_dir.join('config', 'credentials', 'staging.key'))
+        subject = BridgetownCredentials::Commands.new(root_dir: root_dir, env: 'staging')
+        _{ subject.show }.must_output "foo: bar\n"
+      end
+    end
+  end
+
+  describe :show do
+    let :root_dir do
+      fixtures_path.join('separated')
+    end
+
+    subject do
+      ENV['BRIDGETOWN_PRODUCTION_KEY'] = KEYS[:production]
+      BridgetownCredentials::Commands.new(root_dir: root_dir, env: 'production')
+    end
+
+    it "prints the decrypted credentials without leading three dashes line" do
+      _{ subject.show }.must_output "production: PRODUCTION\n"
+    end
+  end
+
+end

data/spec/lib/bridgetown_credentials/credentials_spec.rb

@@ -0,0 +1,83 @@
+require_relative '../../spec_helper'
+
+describe BridgetownCredentials::Credentials do
+  context "unified credentials" do
+    let :root_dir do
+      fixtures_path.join('unified')
+    end
+
+    subject do
+      BridgetownCredentials::Credentials.new(root_dir: root_dir, env: 'development')
+    end
+
+    describe :credentials_path do
+      it "always discovers credentials.yml.enc" do
+        _(subject.send(:credentials_path)).must_equal root_dir.join('config', 'credentials.yml.enc')
+      end
+    end
+
+    describe :credentials_env do
+      it "always returns BRIDGETOWN_CREDENTIALS_KEY" do
+        _(subject.send(:credentials_env)).must_equal 'BRIDGETOWN_CREDENTIALS_KEY'
+      end
+    end
+
+    describe :credentials do
+      it "always decodes credentials.yml.enc" do
+        ENV['BRIDGETOWN_CREDENTIALS_KEY'] = KEYS[:unified]
+        _(subject.credentials).must_be_instance_of ActiveSupport::EncryptedConfiguration
+      end
+
+      it "fails if no key env var is set" do
+        ENV['BRIDGETOWN_CREDENTIALS_KEY'] = nil
+        _{ subject.credentials.config }.must_raise RuntimeError
+      end
+    end
+  end
+
+  context "separated credentials" do
+    let :root_dir do
+      fixtures_path.join('separated')
+    end
+
+    subject do
+      BridgetownCredentials::Credentials.new(root_dir: root_dir, env: 'production')
+    end
+
+    describe :credentials_path do
+      it "discovers .yml.enc for the current environment" do
+        _(subject.send(:credentials_path)).must_equal root_dir.join('config', 'credentials', 'production.yml.enc')
+      end
+    end
+
+    describe :credentials_env do
+      it "returns the env var key for the current environment" do
+        _(subject.send(:credentials_env)).must_equal 'BRIDGETOWN_PRODUCTION_KEY'
+      end
+    end
+
+    describe :credentials do
+      it "decodes .yml.enc for the current environment" do
+        ENV['BRIDGETOWN_PRODUCTION_KEY'] = KEYS[:production]
+        _(subject.credentials).must_be_instance_of ActiveSupport::EncryptedConfiguration
+      end
+
+      it "fails if no key env var is set" do
+        ENV['BRIDGETOWN_PRODUCTION_KEY'] = nil
+        _{ subject.credentials.config }.must_raise RuntimeError
+      end
+    end
+  end
+
+  context "new credentials" do
+    describe :initializer do
+      it "generate a key" do
+        Dir.mktmpdir do |root_dir|
+          root_dir = Pathname(root_dir)
+          BridgetownCredentials::Credentials.new(root_dir: root_dir, env: 'foobar')
+          _(root_dir.join('config', 'credentials', 'foobar.key')).path_must_exist
+        end
+      end
+    end
+  end
+end

data/spec/lib/bridgetown_credentials/version_spec.rb

@@ -0,0 +1,7 @@
+require_relative '../../spec_helper'
+
+describe BridgetownCredentials do
+  it "must be defined" do
+    _(BridgetownCredentials::VERSION).wont_be_nil
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+gem 'minitest'
+
+require 'bridgetown'
+Bridgetown::Site.new(Bridgetown.configuration())
+
+require 'debug'
+require 'pathname'
+
+require 'minitest/autorun'
+require Pathname(__dir__).join('..', 'lib', 'bridgetown_credentials')
+
+require 'minitest/sound'
+Minitest::Sound.success = Pathname(__dir__).join('sounds', 'success.mp3').to_s
+Minitest::Sound.failure = Pathname(__dir__).join('sounds', 'failure.mp3').to_s
+
+require 'minitest/focus'
+class MiniTest::Spec
+  class << self
+    alias_method :context, :describe
+  end
+end
+
+def fixtures_path
+  Pathname(__dir__).join('fixtures')
+end
+
+KEYS = {
+  unified: '4f9ab3ef4bddd3ad6d01886b6ffff49c',
+  development: 'e4af0afc87c885a430afa3c9691d8bf4',
+  production: '5f1380543df0a4c839324619e0acf0bf'
+}

metadata

@@ -0,0 +1,263 @@
+--- !ruby/object:Gem::Specification
+name: bridgetown_credentials
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Sven Schwyn
+autorequire:
+bindir: bin
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDODCCAiCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDDBhydWJ5
+  L0RDPWJpdGNldGVyYS9EQz1jb20wHhcNMjIxMTA2MTIzNjUwWhcNMjMxMTA2MTIz
+  NjUwWjAjMSEwHwYDVQQDDBhydWJ5L0RDPWJpdGNldGVyYS9EQz1jb20wggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcLg+IHjXYaUlTSU7R235lQKD8ZhEe
+  KMhoGlSUonZ/zo1OT3KXcqTCP1iMX743xYs6upEGALCWWwq+nxvlDdnWRjF3AAv7
+  ikC+Z2BEowjyeCCT/0gvn4ohKcR0JOzzRaIlFUVInlGSAHx2QHZ2N8ntf54lu7nd
+  L8CiDK8rClsY4JBNGOgH9UC81f+m61UUQuTLxyM2CXfAYkj/sGNTvFRJcNX+nfdC
+  hM9r2kH1+7wsa8yG7wJ2IkrzNACD8v84oE6qVusN8OLEMUI/NaEPVPbw2LUM149H
+  PVa0i729A4IhroNnFNmw4wOC93ARNbM1+LW36PLMmKjKudf5Exg8VmDVAgMBAAGj
+  dzB1MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBSfK8MtR62mQ6oN
+  yoX/VKJzFjLSVDAdBgNVHREEFjAUgRJydWJ5QGJpdGNldGVyYS5jb20wHQYDVR0S
+  BBYwFIEScnVieUBiaXRjZXRlcmEuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAYG2na
+  ye8OE2DANQIFM/xDos/E4DaPWCJjX5xvFKNKHMCeQYPeZvLICCwyw2paE7Otwk6p
+  uvbg2Ks5ykXsbk5i6vxDoeeOLvmxCqI6m+tHb8v7VZtmwRJm8so0eSX0WvTaKnIf
+  CAn1bVUggczVdNoBXw9WAILKyw9bvh3Ft740XZrR74sd+m2pGwjCaM8hzLvrVbGP
+  DyYhlBeRWyQKQ0WDIsiTSRhzK8HwSTUWjvPwx7SEdIU/HZgyrk0ETObKPakVu6bH
+  kAyiRqgxF4dJviwtqI7mZIomWL63+kXLgjOjMe1SHxfIPo/0ji6+r1p4KYa7o41v
+  fwIwU1MKlFBdsjkd
+  -----END CERTIFICATE-----
+date: 2022-12-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bridgetown
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.2.0.beta4
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.2.0.beta4
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7'
+- !ruby/object:Gem::Dependency
+  name: debug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest-sound
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest-focus
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: |
+  Credentials like passwords, access tokens and other secrets are often passed
+  to sites each by it's own ENV variable. This is both uncool, non-atomic and
+  therefore unreliable. Use this plugin to store your credentials in encrypted
+  YAML files which you can safely commit to your source code repository. In
+  order to use all of them in Bridgetown, you have to set or pass exactly one
+  ENV variable holding the key to decrypt.
+email:
+- ruby@bitcetera.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- README.md
+- CHANGELOG.md
+- LICENSE.txt
+files:
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- bridgetown.automation.rb
+- lib/bridgetown_credentials.rb
+- lib/bridgetown_credentials/bridgetown.rb
+- lib/bridgetown_credentials/commands.rb
+- lib/bridgetown_credentials/commands/credentials.rb
+- lib/bridgetown_credentials/credentials.rb
+- lib/bridgetown_credentials/version.rb
+- spec/fixtures/separated/config/credentials/development.yml.enc
+- spec/fixtures/separated/config/credentials/production.yml.enc
+- spec/fixtures/unified/config/credentials.yml.enc
+- spec/fixtures/unified/config/credentials/development.yml.enc
+- spec/fixtures/unified/config/credentials/production.yml.enc
+- spec/lib/bridgetown_credentials/commands_spec.rb
+- spec/lib/bridgetown_credentials/credentials_spec.rb
+- spec/lib/bridgetown_credentials/version_spec.rb
+- spec/sounds/failure.mp3
+- spec/sounds/success.mp3
+- spec/spec_helper.rb
+homepage: https://github.com/svoop/bridgetown_credentials
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/svoop/bridgetown_credentials
+  changelog_uri: https://github.com/svoop/bridgetown_credentials/blob/main/CHANGELOG.md
+  source_code_uri: https://github.com/svoop/bridgetown_credentials
+  documentation_uri: https://www.rubydoc.info/gems/bridgetown_credentials
+  bug_tracker_uri: https://github.com/svoop/bridgetown_credentials/issues
+post_install_message:
+rdoc_options:
+- "--title"
+- Credentials for Bridgetown
+- "--main"
+- README.md
+- "--line-numbers"
+- "--inline-source"
+- "--quiet"
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.1
+signing_key:
+specification_version: 4
+summary: Rails-like encrypted credentials for Bridgetown
+test_files:
+- spec/fixtures/separated/config/credentials/development.yml.enc
+- spec/fixtures/separated/config/credentials/production.yml.enc
+- spec/fixtures/unified/config/credentials/development.yml.enc
+- spec/fixtures/unified/config/credentials/production.yml.enc
+- spec/fixtures/unified/config/credentials.yml.enc
+- spec/lib/bridgetown_credentials/commands_spec.rb
+- spec/lib/bridgetown_credentials/credentials_spec.rb
+- spec/lib/bridgetown_credentials/version_spec.rb
+- spec/sounds/failure.mp3
+- spec/sounds/success.mp3
+- spec/spec_helper.rb