chamber 2.13.1 → 2.14.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (49) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data.tar.gz.sig +0 -0
  4. data/README.md +101 -26
  5. data/lib/chamber.rb +72 -10
  6. data/lib/chamber/adapters/cloud/circle_ci.rb +16 -13
  7. data/lib/chamber/adapters/cloud/heroku.rb +40 -13
  8. data/lib/chamber/binary/circle_ci.rb +25 -12
  9. data/lib/chamber/binary/heroku.rb +31 -12
  10. data/lib/chamber/binary/runner.rb +37 -27
  11. data/lib/chamber/binary/travis.rb +5 -3
  12. data/lib/chamber/commands/base.rb +10 -16
  13. data/lib/chamber/commands/cloud/base.rb +3 -3
  14. data/lib/chamber/commands/cloud/pull.rb +2 -2
  15. data/lib/chamber/commands/cloud/push.rb +7 -7
  16. data/lib/chamber/commands/comparable.rb +2 -2
  17. data/lib/chamber/commands/compare.rb +6 -9
  18. data/lib/chamber/commands/initialize.rb +26 -22
  19. data/lib/chamber/commands/securable.rb +9 -9
  20. data/lib/chamber/commands/secure.rb +2 -2
  21. data/lib/chamber/commands/show.rb +8 -8
  22. data/lib/chamber/commands/sign.rb +2 -2
  23. data/lib/chamber/commands/verify.rb +2 -2
  24. data/lib/chamber/configuration.rb +6 -3
  25. data/lib/chamber/context_resolver.rb +8 -7
  26. data/lib/chamber/encryption_methods/ssl.rb +12 -12
  27. data/lib/chamber/file.rb +16 -14
  28. data/lib/chamber/file_set.rb +18 -8
  29. data/lib/chamber/files/signature.rb +16 -14
  30. data/lib/chamber/filters/decryption_filter.rb +12 -10
  31. data/lib/chamber/filters/encryption_filter.rb +8 -8
  32. data/lib/chamber/filters/environment_filter.rb +12 -14
  33. data/lib/chamber/filters/failed_decryption_filter.rb +6 -6
  34. data/lib/chamber/filters/insecure_filter.rb +3 -3
  35. data/lib/chamber/filters/namespace_filter.rb +5 -5
  36. data/lib/chamber/filters/secure_filter.rb +5 -5
  37. data/lib/chamber/filters/translate_secure_keys_filter.rb +5 -5
  38. data/lib/chamber/instance.rb +37 -21
  39. data/lib/chamber/key_pair.rb +7 -7
  40. data/lib/chamber/keys/base.rb +13 -13
  41. data/lib/chamber/keys/decryption.rb +3 -3
  42. data/lib/chamber/keys/encryption.rb +3 -3
  43. data/lib/chamber/namespace_set.rb +2 -4
  44. data/lib/chamber/settings.rb +45 -43
  45. data/lib/chamber/types/secured.rb +8 -10
  46. data/lib/chamber/version.rb +1 -1
  47. data/templates/settings.yml +2 -0
  48. metadata +24 -26
  49. metadata.gz.sig +0 -0
data/lib/chamber/filters/encryption_filter.rb CHANGED
@@ -10,8 +10,8 @@ require 'chamber/encryption_methods/none'
10
10
  module Chamber
11
11
  module Filters
12
12
  class EncryptionFilter
13
- BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9\+\/]{342}==\z}.freeze
14
- BASE64_SUBSTRING_PATTERN = %r{[A-Za-z0-9\+\/#]*\={0,2}}.freeze
13
+ BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
14
+ BASE64_SUBSTRING_PATTERN = %r{[A-Za-z0-9+/#]*={0,2}}.freeze
15
15
  LARGE_DATA_STRING_PATTERN = /
16
16
  \A
17
17
  (#{BASE64_SUBSTRING_PATTERN})
@@ -26,14 +26,14 @@ class EncryptionFilter
26
26
  :secure_key_token
27
27
  attr_reader :encryption_keys
28
28
 
29
- def initialize(options = {})
30
- self.encryption_keys = options.fetch(:encryption_keys, {}) || {}
31
- self.data = options.fetch(:data).dup
32
- self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
29
+ def initialize(data:, secure_key_prefix:, encryption_keys: {}, **_args)
30
+ self.encryption_keys = encryption_keys || {}
31
+ self.data = data.dup
32
+ self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
33
33
  end
34
34
 
35
- def self.execute(options = {})
36
- new(options).__send__(:execute)
35
+ def self.execute(**args)
36
+ new(**args).__send__(:execute)
37
37
  end
38
38
 
39
39
  protected
data/lib/chamber/filters/environment_filter.rb CHANGED
@@ -88,16 +88,16 @@ class EnvironmentFilter
88
88
  # }
89
89
  #
90
90
  #
91
- def self.execute(options = {})
92
- new(options).__send__(:execute)
91
+ def self.execute(**args)
92
+ new(**args).__send__(:execute)
93
93
  end
94
94
 
95
95
  attr_accessor :data,
96
96
  :secure_key_token
97
97
 
98
- def initialize(options = {})
99
- self.data = options.fetch(:data)
100
- self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
98
+ def initialize(data:, secure_key_prefix:, **_args)
99
+ self.data = data
100
+ self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
101
101
  end
102
102
 
103
103
  protected
@@ -138,8 +138,7 @@ class EnvironmentFilter
138
138
  environment_hash
139
139
  end
140
140
 
141
- # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
142
- def convert_environment_value(environment_key, environment_value, settings_value)
141
+ def convert_environment_value(environment_key, environment_value, settings_value) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/AbcSize
143
142
  return settings_value unless environment_value
144
143
  return if %w{___nil___ ___null___}.include?(environment_value)
145
144
 
@@ -163,22 +162,21 @@ class EnvironmentFilter
163
162
  fail ArgumentError, "Invalid value for Array: #{environment_value}"
164
163
  end
165
164
  end
166
- when 'Integer'
165
+ when 'Fixnum', 'Integer'
167
166
  Integer(environment_value)
168
167
  else
169
168
  environment_value
170
169
  end
171
170
  rescue ArgumentError
172
- raise Chamber::Errors::EnvironmentConversion, <<~HEREDOC
173
- We attempted to convert '#{environment_key}' from '#{environment_value}' to a '#{settings_value.class.name}'.
171
+ raise Chamber::Errors::EnvironmentConversion, <<-HEREDOC
172
+ We attempted to convert '#{environment_key}' from '#{environment_value}' to a '#{settings_value.class.name}'.
174
173
 
175
- Unfortunately, this did not go as planned. Please either verify that your value is convertable
176
- or change the original YAML value to be something more generic (like a String).
174
+ Unfortunately, this did not go as planned. Please either verify that your value is convertable
175
+ or change the original YAML value to be something more generic (like a String).
177
176
 
178
- For more information, see https://github.com/thekompanee/chamber/wiki/Environment-Variable-Coercions
177
+ For more information, see https://github.com/thekompanee/chamber/wiki/Environment-Variable-Coercions
179
178
  HEREDOC
180
179
  end
181
- # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
182
180
  end
183
181
  end
184
182
  end
data/lib/chamber/filters/failed_decryption_filter.rb CHANGED
@@ -5,18 +5,18 @@ require 'chamber/errors/decryption_failure'
5
5
  module Chamber
6
6
  module Filters
7
7
  class FailedDecryptionFilter
8
- BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9\+/]{342}==\z}.freeze
8
+ BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
9
9
 
10
- def self.execute(options = {})
11
- new(options).__send__(:execute)
10
+ def self.execute(**args)
11
+ new(**args).__send__(:execute)
12
12
  end
13
13
 
14
14
  attr_accessor :data,
15
15
  :secure_key_token
16
16
 
17
- def initialize(options = {})
18
- self.data = options.fetch(:data).dup
19
- self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
17
+ def initialize(data:, secure_key_prefix:, **_args)
18
+ self.data = data.dup
19
+ self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
20
20
  end
21
21
 
22
22
  protected
data/lib/chamber/filters/insecure_filter.rb CHANGED
@@ -6,8 +6,8 @@ require 'chamber/filters/secure_filter'
6
6
  module Chamber
7
7
  module Filters
8
8
  class InsecureFilter < SecureFilter
9
- BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9\+\/]{342}==\z}.freeze
10
- BASE64_SUBSTRING_PATTERN = %r{[A-Za-z0-9\+\/#]*\={0,2}}.freeze
9
+ BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
10
+ BASE64_SUBSTRING_PATTERN = %r{[A-Za-z0-9+/#]*={0,2}}.freeze
11
11
  LARGE_DATA_STRING_PATTERN = /
12
12
  \A
13
13
  (#{BASE64_SUBSTRING_PATTERN})
@@ -20,7 +20,7 @@ class InsecureFilter < SecureFilter
20
20
 
21
21
  protected
22
22
 
23
- def execute(raw_data = data)
23
+ def execute(raw_data = data) # rubocop:disable Metrics/CyclomaticComplexity
24
24
  securable_settings = super
25
25
  settings = Hashie::Mash.new
26
26
 
data/lib/chamber/filters/namespace_filter.rb CHANGED
@@ -5,16 +5,16 @@ require 'hashie/mash'
5
5
  module Chamber
6
6
  module Filters
7
7
  class NamespaceFilter
8
- def self.execute(options = {})
9
- new(options).__send__(:execute)
8
+ def self.execute(**args)
9
+ new(**args).__send__(:execute)
10
10
  end
11
11
 
12
12
  attr_accessor :data,
13
13
  :namespaces
14
14
 
15
- def initialize(options = {})
16
- self.data = Hashie::Mash.new(options.fetch(:data))
17
- self.namespaces = options.fetch(:namespaces)
15
+ def initialize(data:, namespaces:, **_args)
16
+ self.data = Hashie::Mash.new(data)
17
+ self.namespaces = namespaces
18
18
  end
19
19
 
20
20
  protected
data/lib/chamber/filters/secure_filter.rb CHANGED
@@ -5,16 +5,16 @@ require 'hashie/mash'
5
5
  module Chamber
6
6
  module Filters
7
7
  class SecureFilter
8
- def self.execute(options = {})
9
- new(options).__send__(:execute)
8
+ def self.execute(**args)
9
+ new(**args).__send__(:execute)
10
10
  end
11
11
 
12
12
  attr_accessor :data,
13
13
  :secure_key_token
14
14
 
15
- def initialize(options = {})
16
- self.data = Hashie::Mash.new(options.fetch(:data))
17
- self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
15
+ def initialize(data:, secure_key_prefix:, **_args)
16
+ self.data = Hashie::Mash.new(data)
17
+ self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
18
18
  end
19
19
 
20
20
  protected
data/lib/chamber/filters/translate_secure_keys_filter.rb CHANGED
@@ -5,16 +5,16 @@ require 'hashie/mash'
5
5
  module Chamber
6
6
  module Filters
7
7
  class TranslateSecureKeysFilter
8
- def self.execute(options = {})
9
- new(options).__send__(:execute)
8
+ def self.execute(**args)
9
+ new(**args).__send__(:execute)
10
10
  end
11
11
 
12
12
  attr_accessor :data,
13
13
  :secure_key_token
14
14
 
15
- def initialize(options = {})
16
- self.data = options.fetch(:data).dup
17
- self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
15
+ def initialize(data:, secure_key_prefix:, **_args)
16
+ self.data = data.dup
17
+ self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
18
18
  end
19
19
 
20
20
  protected
data/lib/chamber/instance.rb CHANGED
@@ -9,15 +9,19 @@ class Instance
9
9
  attr_accessor :configuration,
10
10
  :files
11
11
 
12
- def initialize(options = {})
13
- self.configuration = Configuration.new options
14
- self.files = FileSet.new configuration.to_hash
12
+ def initialize(**args)
13
+ self.configuration = Configuration.new(**args)
14
+ self.files = FileSet.new(**configuration.to_hash)
15
15
  end
16
16
 
17
17
  def settings
18
18
  @settings ||= files.to_settings { |settings| @settings = settings }
19
19
  end
20
20
 
21
+ def [](key)
22
+ settings.[](key)
23
+ end
24
+
21
25
  def filenames
22
26
  files.filenames
23
27
  end
@@ -34,26 +38,42 @@ class Instance
34
38
  files.verify
35
39
  end
36
40
 
37
- def encrypt(data, options = {})
38
- config = configuration.to_hash.merge(options)
41
+ def to_environment
42
+ settings.to_environment
43
+ end
44
+
45
+ def to_s(**args)
46
+ settings.to_s(**args)
47
+ end
48
+
49
+ def to_hash
50
+ settings.to_hash
51
+ end
52
+
53
+ def namespaces
54
+ settings.namespaces
55
+ end
39
56
 
40
- Settings.
41
- new(
42
- config.merge(
57
+ def encrypt(data, **args)
58
+ config = configuration.to_hash.merge(**args)
59
+
60
+ Settings
61
+ .new(
62
+ **config.merge(
43
63
  settings: data,
44
64
  pre_filters: [Filters::EncryptionFilter],
45
65
  post_filters: [],
46
66
  ),
47
- ).
48
- to_hash
67
+ )
68
+ .to_hash
49
69
  end
50
70
 
51
- def decrypt(data, options = {})
52
- config = configuration.to_hash.merge(options)
71
+ def decrypt(data, **args)
72
+ config = configuration.to_hash.merge(**args)
53
73
 
54
- Settings.
55
- new(
56
- config.merge(
74
+ Settings
75
+ .new(
76
+ **config.merge(
57
77
  settings: data,
58
78
  pre_filters: [Filters::NamespaceFilter],
59
79
  post_filters: [
@@ -61,12 +81,8 @@ class Instance
61
81
  Filters::FailedDecryptionFilter,
62
82
  ],
63
83
  ),
64
- ).
65
- to_hash
66
- end
67
-
68
- def to_s(options = {})
69
- settings.to_s(options)
84
+ )
85
+ .to_hash
70
86
  end
71
87
 
72
88
  def method_missing(name, *args)
data/lib/chamber/key_pair.rb CHANGED
@@ -9,10 +9,10 @@ class KeyPair
9
9
  :namespace,
10
10
  :passphrase
11
11
 
12
- def initialize(options = {})
13
- self.namespace = options[:namespace]
14
- self.passphrase = options.fetch(:passphrase, SecureRandom.uuid)
15
- self.key_file_path = Pathname.new(options.fetch(:key_file_path))
12
+ def initialize(key_file_path:, namespace: nil, passphrase: ::SecureRandom.uuid)
13
+ self.namespace = namespace
14
+ self.passphrase = passphrase
15
+ self.key_file_path = Pathname.new(key_file_path)
16
16
  end
17
17
 
18
18
  def encrypted_private_key_passphrase_filepath
@@ -78,9 +78,9 @@ class KeyPair
78
78
  @base_key_filename ||= [
79
79
  '.chamber',
80
80
  namespace ? namespace.tr('-.', '') : nil,
81
- ].
82
- compact.
83
- join('.')
81
+ ]
82
+ .compact
83
+ .join('.')
84
84
  end
85
85
  end
86
86
  end
data/lib/chamber/keys/base.rb CHANGED
@@ -3,18 +3,18 @@
3
3
  module Chamber
4
4
  module Keys
5
5
  class Base
6
- def self.resolve(*args)
7
- new(*args).resolve
6
+ def self.resolve(**args)
7
+ new(**args).resolve
8
8
  end
9
9
 
10
10
  attr_accessor :rootpath
11
11
  attr_reader :filenames,
12
12
  :namespaces
13
13
 
14
- def initialize(options = {})
15
- self.rootpath = Pathname.new(options.fetch(:rootpath))
16
- self.namespaces = options.fetch(:namespaces)
17
- self.filenames = options[:filenames]
14
+ def initialize(rootpath:, namespaces:, filenames: nil)
15
+ self.rootpath = Pathname.new(rootpath)
16
+ self.namespaces = namespaces
17
+ self.filenames = filenames
18
18
  end
19
19
 
20
20
  def resolve
@@ -41,9 +41,9 @@ class Base
41
41
 
42
42
  # rubocop:disable Performance/ChainArrayAllocation
43
43
  def filenames=(other)
44
- @filenames = Array(other).
45
- map { |o| Pathname.new(o) }.
46
- compact
44
+ @filenames = Array(other)
45
+ .map { |o| Pathname.new(o) }
46
+ .compact
47
47
  end
48
48
  # rubocop:enable Performance/ChainArrayAllocation
49
49
 
@@ -52,10 +52,10 @@ class Base
52
52
  end
53
53
 
54
54
  def namespace_from_path(path)
55
- path.
56
- basename.
57
- to_s.
58
- match(self.class::NAMESPACE_PATTERN) { |m| m[1].upcase }
55
+ path
56
+ .basename
57
+ .to_s
58
+ .match(self.class::NAMESPACE_PATTERN) { |m| m[1].upcase }
59
59
  end
60
60
 
61
61
  def namespace_to_key_path(namespace)
data/lib/chamber/keys/decryption.rb CHANGED
@@ -22,9 +22,9 @@ class Decryption < Chamber::Keys::Base
22
22
  'CHAMBER',
23
23
  namespace_from_path(path),
24
24
  'KEY',
25
- ].
26
- compact.
27
- join('_')
25
+ ]
26
+ .compact
27
+ .join('_')
28
28
  end
29
29
 
30
30
  def key_filename_extension
data/lib/chamber/keys/encryption.rb CHANGED
@@ -22,9 +22,9 @@ class Encryption < Chamber::Keys::Base
22
22
  'CHAMBER',
23
23
  namespace_from_path(path),
24
24
  'PUBLIC_KEY',
25
- ].
26
- compact.
27
- join('_')
25
+ ]
26
+ .compact
27
+ .join('_')
28
28
  end
29
29
 
30
30
  def key_filename_extension
data/lib/chamber/namespace_set.rb CHANGED
@@ -71,10 +71,8 @@ class NamespaceSet
71
71
  # Internal: Iterates over each namespace value and allows it to be used in
72
72
  # a block.
73
73
  #
74
- def each
75
- namespaces.each do |namespace|
76
- yield namespace
77
- end
74
+ def each(&block)
75
+ namespaces.each(&block)
78
76
  end
79
77
 
80
78
  ###
data/lib/chamber/settings.rb CHANGED
@@ -16,29 +16,40 @@ require 'chamber/filters/failed_decryption_filter'
16
16
  #
17
17
  module Chamber
18
18
  class Settings
19
- attr_accessor :pre_filters,
20
- :post_filters,
19
+ attr_accessor :decryption_keys,
21
20
  :encryption_keys,
22
- :decryption_keys
21
+ :post_filters,
22
+ :pre_filters,
23
+ :secure_key_prefix
23
24
  attr_reader :namespaces
24
25
 
25
- # rubocop:disable Metrics/CyclomaticComplexity, Metrics/LineLength
26
- def initialize(options = {})
27
- self.namespaces = options[:namespaces] || []
28
- self.raw_data = options[:settings] || {}
29
- self.decryption_keys = options[:decryption_keys] || {}
30
- self.encryption_keys = options[:encryption_keys] || {}
31
- self.pre_filters = options[:pre_filters] || [
32
- Filters::NamespaceFilter,
33
- ]
34
- self.post_filters = options[:post_filters] || [
35
- Filters::DecryptionFilter,
36
- Filters::EnvironmentFilter,
37
- Filters::FailedDecryptionFilter,
38
- Filters::TranslateSecureKeysFilter,
39
- ]
26
+ # rubocop:disable Metrics/ParameterLists
27
+ def initialize(
28
+ decryption_keys: {},
29
+ encryption_keys: {},
30
+ namespaces: [],
31
+ pre_filters: [
32
+ Filters::NamespaceFilter,
33
+ ],
34
+ post_filters: [
35
+ Filters::DecryptionFilter,
36
+ Filters::EnvironmentFilter,
37
+ Filters::FailedDecryptionFilter,
38
+ Filters::TranslateSecureKeysFilter,
39
+ ],
40
+ secure_key_prefix: '_secure_',
41
+ settings: {},
42
+ **_args
43
+ )
44
+ self.decryption_keys = decryption_keys
45
+ self.encryption_keys = encryption_keys
46
+ self.namespaces = namespaces
47
+ self.post_filters = post_filters
48
+ self.pre_filters = pre_filters
49
+ self.raw_data = settings
50
+ self.secure_key_prefix = secure_key_prefix
40
51
  end
41
- # rubocop:enable Metrics/CyclomaticComplexity, Metrics/LineLength
52
+ # rubocop:enable Metrics/ParameterLists
42
53
 
43
54
  ###
44
55
  # Internal: Converts a Settings object into a hash that is compatible as an
@@ -79,15 +90,11 @@ class Settings
79
90
  # } ).to_s
80
91
  # # => 'MY_KEY="my value" MY_OTHER_KEY="my other value"'
81
92
  #
82
- def to_s(options = {})
83
- hierarchical_separator = options[:hierarchical_separator] || '_'
84
- pair_separator = options[:pair_separator] || ' '
85
- value_surrounder = options[:value_surrounder] || '"'
86
- name_value_separator = options[:name_value_separator] || '='
87
-
88
- concatenated_name_hash = to_concatenated_name_hash(hierarchical_separator)
89
-
90
- pairs = concatenated_name_hash.to_a.map do |key, value|
93
+ def to_s(hierarchical_separator: '_',
94
+ pair_separator: ' ',
95
+ value_surrounder: '"',
96
+ name_value_separator: '=')
97
+ pairs = to_concatenated_name_hash(hierarchical_separator).to_a.map do |key, value|
91
98
  "#{key.upcase}#{name_value_separator}#{value_surrounder}#{value}#{value_surrounder}"
92
99
  end
93
100
 
@@ -182,20 +189,21 @@ class Settings
182
189
  # Returns a new Settings object
183
190
  #
184
191
  def merge(other)
185
- other_settings = if other.is_a? Settings
192
+ other_settings = case other
193
+ when Settings
186
194
  other
187
- elsif other.is_a? Hash
195
+ when Hash
188
196
  Settings.new(settings: other)
189
197
  end
190
198
 
191
- # rubocop:disable Metrics/LineLength
199
+ # rubocop:disable Layout/LineLength
192
200
  Settings.new(
193
201
  encryption_keys: encryption_keys.any? ? encryption_keys : other_settings.encryption_keys,
194
202
  decryption_keys: decryption_keys.any? ? decryption_keys : other_settings.decryption_keys,
195
203
  namespaces: (namespaces + other_settings.namespaces),
196
204
  settings: raw_data.merge(other_settings.raw_data),
197
205
  )
198
- # rubocop:enable Metrics/LineLength
206
+ # rubocop:enable Layout/LineLength
199
207
  end
200
208
 
201
209
  ###
@@ -220,14 +228,14 @@ class Settings
220
228
  end
221
229
 
222
230
  def securable
223
- Settings.new(metadata.merge(
231
+ Settings.new(**metadata.merge(
224
232
  settings: raw_data,
225
233
  pre_filters: [Filters::SecureFilter],
226
234
  ))
227
235
  end
228
236
 
229
237
  def secure
230
- Settings.new(metadata.merge(
238
+ Settings.new(**metadata.merge(
231
239
  settings: raw_data,
232
240
  pre_filters: [Filters::EncryptionFilter],
233
241
  post_filters: [Filters::TranslateSecureKeysFilter],
@@ -235,7 +243,7 @@ class Settings
235
243
  end
236
244
 
237
245
  def insecure
238
- Settings.new(metadata.merge(
246
+ Settings.new(**metadata.merge(
239
247
  settings: raw_data,
240
248
  pre_filters: [Filters::InsecureFilter],
241
249
  post_filters: [Filters::TranslateSecureKeysFilter],
@@ -265,23 +273,17 @@ class Settings
265
273
  # rubocop:disable Naming/MemoizedInstanceVariableName
266
274
  def raw_data
267
275
  @filtered_raw_data ||= pre_filters.inject(@raw_data) do |filtered_data, filter|
268
- filter.execute({ data: filtered_data }.
269
- merge(metadata))
276
+ filter.execute(**{ data: filtered_data }.merge(metadata))
270
277
  end
271
278
  end
272
279
  # rubocop:enable Naming/MemoizedInstanceVariableName
273
280
 
274
281
  def data
275
282
  @data ||= post_filters.inject(raw_data) do |filtered_data, filter|
276
- filter.execute({ data: filtered_data }.
277
- merge(metadata))
283
+ filter.execute(**{ data: filtered_data }.merge(metadata))
278
284
  end
279
285
  end
280
286
 
281
- def secure_key_prefix
282
- '_secure_'
283
- end
284
-
285
287
  def metadata
286
288
  {
287
289
  decryption_keys: decryption_keys,