chamber 2.2.1 → 2.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 94ba60754a727dae0bbfe6519cf3c0610a20b395
-  data.tar.gz: 63fb2ae59e7083ce8ead5e83c6c74c41905b809b
+  metadata.gz: e00049d9950a63a991be3de4cec30e8afd9f3ed9
+  data.tar.gz: ef49dca6ba236376806c878ebe462170e7317259
 SHA512:
-  metadata.gz: 4e05ce98bd1110227bb32dfce42393a82c0b78e7f055ff5245e9491af05e2484841bd49d78af79009ea9d01bc0691edb00c4eaf87e2a339700794a9fe11b95fc
-  data.tar.gz: a9ae301824a743a9669b93f71da831e67ea17bf98a175980c2e4eba708d5805fcac64c15a5e820ae90282cf2bda8db59dd7bbe9032c5775de22610ce92b2c5bc
+  metadata.gz: efcee15432655ae9ac0ccf3ec639b7520506159cb237868abb8a365c56108727ec6e964140584f09b29dc65da3de302a7157d6d56dab23d92d3bd964bacb0a3d
+  data.tar.gz: 34148d8932aad7777144b425999ea93eee32f0615450eb50f207754b5a29b7125b4b22c27898d8b1e5970782bc972e9b99cf2ba6bc606414a72f476e581f2f52

data/lib/chamber/commands/heroku/compare.rb

@@ -17,8 +17,8 @@ class   Compare < Chamber::Commands::Base
       secured_settings.to_s(pair_separator:   "\n",
                             value_surrounder: '')
     else
-      all_settings.to_s(pair_separator:   "\n",
-                        value_surrounder: '')
+      current_settings.to_s(pair_separator:   "\n",
+                            value_surrounder: '')
     end
   end
 

data/lib/chamber/commands/securable.rb

@@ -12,7 +12,7 @@ module  Securable
                                         merge(files: ignored_settings_filepaths).
                                         reject { |k, v| k == 'basepath' }
     self.ignored_settings_instance  = Chamber::Instance.new(ignored_settings_options)
-    self.all_settings_instance      = Chamber::Instance.new(options)
+    self.current_settings_instance  = Chamber::Instance.new(options)
     self.only_sensitive             = options[:only_sensitive]
   end
 
@@ -20,28 +20,36 @@ module  Securable
 
   attr_accessor :only_sensitive,
                 :ignored_settings_instance,
-                :all_settings_instance
+                :current_settings_instance
 
   def securable_environment_variables
     if only_sensitive
-      secured_settings.to_environment
+      securable_settings.to_environment
     else
-      all_settings.to_environment
+      current_settings.to_environment
     end
   end
 
-  def secured_settings
-    ignored_settings_instance.settings.merge(all_settings.secured)
+  def insecure_environment_variables
+    securable_settings.insecure.to_environment
   end
 
-  def all_settings
-    all_settings_instance.settings
+  def securable_settings
+    ignored_settings.merge(current_settings.securable)
+  end
+
+  def current_settings
+    current_settings_instance.settings
+  end
+
+  def ignored_settings
+    ignored_settings_instance.settings
   end
 
   def ignored_settings_filepaths
     shell_escaped_chamber_filenames = chamber.filenames.map { |filename| Shellwords.escape(filename) }
 
-    `git ls-files --other --ignored --exclude-from=.gitignore | sed -e "s|^|#{Shellwords.escape(rootpath)}/|" | grep --colour=never -E '#{shell_escaped_chamber_filenames.join('|')}'`.split("\n")
+    `git ls-files --other --ignored --exclude-from=.gitignore | sed -e "s|^|#{Shellwords.escape(rootpath.to_s)}/|" | grep --colour=never -E '#{shell_escaped_chamber_filenames.join('|')}'`.split("\n")
   end
 end
 end

data/lib/chamber/commands/secure.rb

@@ -11,9 +11,7 @@ class   Secure < Chamber::Commands::Base
 
   def call
     disable_warnings do
-      securable_environment_variables.each do |key, value|
-        next if value.match %r{\A[A-Za-z0-9\+\/]{342}==\z}
-
+      insecure_environment_variables.each do |key, value|
         if dry_run
           shell.say_status 'encrypt', key, :blue
         else

data/lib/chamber/file.rb

@@ -71,9 +71,20 @@ class   File < Pathname
   end
 
   def secure
-    secure_settings = to_settings.secure
+    insecure_settings = to_settings.insecure.to_flattened_name_hash
+    secure_settings   = to_settings.insecure.secure.to_flattened_name_hash
+    file_contents     = self.read
 
-    ::File.open(self, 'w') { |file| file.write YAML.dump(secure_settings.to_hash) }
+    insecure_settings.each_pair do |name_pieces, value|
+      secure_value = secure_settings[name_pieces]
+
+      file_contents.
+        sub!(
+          /^(\s*)_secure_#{name_pieces.last}(\s*):(\s*)['"]?#{value}['"]?$/,
+          "\\1_secure_#{name_pieces.last}\\2:\\3#{secure_value}")
+    end
+
+    self.write(file_contents)
   end
 
   protected

data/lib/chamber/file_set.rb

@@ -229,7 +229,7 @@ class   FileSet
   private
 
   def all_files
-    @all_files ||= Pathname.glob(file_globs).sort
+    @all_files ||= file_globs.map { |fg| Pathname.glob(fg) }.flatten.uniq.sort
   end
 
   def non_namespaced_files

data/lib/chamber/filters/boolean_conversion_filter.rb

@@ -19,8 +19,6 @@ class   BooleanConversionFilter
       if value.respond_to? :each_pair
         execute(value)
       else
-        break if value.nil?
-
         settings[key] = if value.is_a? String
                           case value
                           when 'false', 'f', 'no'

data/lib/chamber/filters/decryption_filter.rb

@@ -29,24 +29,22 @@ class   DecryptionFilter
     raw_data.each_pair do |key, value|
       if value.respond_to? :each_pair
         value = execute(value)
-      elsif value.respond_to? :match
-        if key.match(SECURE_KEY_TOKEN)
-          key   = key.to_s.sub(SECURE_KEY_TOKEN, '')
-          value = if value.match(BASE64_STRING_PATTERN)
-                    if decryption_key.nil?
-                      value
-                    else
-                      decoded_string = Base64.strict_decode64(value)
-                      decryption_key.private_decrypt(decoded_string)
-                    end
-                  else
-                    warn "WARNING: It appears that you would like to keep your information for #{key} secure, however the value for that setting does not appear to be encrypted.  Make sure you run 'chamber settings secure' before committing."
-
+      elsif key.match(SECURE_KEY_TOKEN) && value.respond_to?(:match)
+        value = if value.match(BASE64_STRING_PATTERN)
+                  if decryption_key.nil?
                     value
+                  else
+                    decoded_string = Base64.strict_decode64(value)
+                    decryption_key.private_decrypt(decoded_string)
                   end
-        else
-          key = key.to_s
-        end
+                else
+                  warn 'WARNING: It appears that you would like to keep your ' \
+                      "information for #{key} secure, however the value for that " \
+                      'setting does not appear to be encrypted. Make sure you run ' \
+                      "'chamber secure' before committing."
+
+                  value
+                end
       end
 
       settings[key] = value

data/lib/chamber/filters/insecure_filter.rb

@@ -0,0 +1,29 @@
+require 'hashie/mash'
+require 'chamber/filters/secure_filter'
+
+module  Chamber
+module  Filters
+class   InsecureFilter < SecureFilter
+  BASE64 = %r{\A[A-Za-z0-9\+\/]{342}==\z}
+
+  protected
+
+  def execute(raw_data = data)
+    securable_settings = super
+    settings           = Hashie::Mash.new
+
+    securable_settings.each_pair do |key, value|
+      value = if value.respond_to? :each_pair
+                execute(value)
+              elsif value.respond_to? :match
+                value unless value.match(BASE64)
+              end
+
+      settings[key] = value unless value.nil?
+    end
+
+    settings
+  end
+end
+end
+end

data/lib/chamber/filters/translate_secure_keys_filter.rb

@@ -0,0 +1,54 @@
+require 'hashie/mash'
+require 'chamber/errors/undecryptable_value_error'
+
+module  Chamber
+module  Filters
+class   TranslateSecureKeysFilter
+  SECURE_KEY_TOKEN = %r{\A_secure_}
+
+  def initialize(options = {})
+    self.data = options.fetch(:data).dup
+  end
+
+  def self.execute(options = {})
+    self.new(options).send(:execute)
+  end
+
+  protected
+
+  attr_accessor :data
+
+  def execute(raw_data = data)
+    settings = Hashie::Mash.new
+
+    raw_data.each_pair do |key, value|
+      if value.respond_to? :each_pair
+        value = execute(value)
+      end
+
+      key = key.to_s
+
+      if key.match(SECURE_KEY_TOKEN)
+        key = key.sub(SECURE_KEY_TOKEN, '')
+      end
+
+      settings[key] = value
+    end
+
+    settings
+  end
+
+  def decryption_key=(keyish)
+    return @decryption_key = nil if keyish.nil?
+
+    key_content     = if ::File.readable?(::File.expand_path(keyish))
+                        ::File.read(::File.expand_path(keyish))
+                      else
+                        keyish
+                      end
+
+    @decryption_key = OpenSSL::PKey::RSA.new(key_content)
+  end
+end
+end
+end

data/lib/chamber/settings.rb

@@ -1,5 +1,4 @@
 require 'hashie/mash'
-require 'chamber/system_environment'
 require 'chamber/namespace_set'
 require 'chamber/filters/namespace_filter'
 require 'chamber/filters/encryption_filter'
@@ -7,6 +6,8 @@ require 'chamber/filters/decryption_filter'
 require 'chamber/filters/environment_filter'
 require 'chamber/filters/boolean_conversion_filter'
 require 'chamber/filters/secure_filter'
+require 'chamber/filters/translate_secure_keys_filter'
+require 'chamber/filters/insecure_filter'
 
 ###
 # Internal: Represents the base settings storage needed for Chamber.
@@ -26,6 +27,7 @@ class   Settings
                                                           ]
     self.post_filters     = options[:post_filters]    ||  [
                                                             Filters::DecryptionFilter,
+                                                            Filters::TranslateSecureKeysFilter,
                                                             Filters::EnvironmentFilter,
                                                             Filters::BooleanConversionFilter,
                                                           ]
@@ -53,7 +55,9 @@ class   Settings
   # Returns a Hash sorted alphabetically by the names of the keys
   #
   def to_environment
-    Hash[SystemEnvironment.extract_from(data).sort]
+    to_concatenated_name_hash('_').each_with_object({}) do |pair, env_hash|
+      env_hash[pair[0].upcase] = pair[1].to_s
+    end
   end
 
   ###
@@ -69,17 +73,85 @@ class   Settings
   #   # => 'MY_KEY="my value" MY_OTHER_KEY="my other value"'
   #
   def to_s(options = {})
-    pair_separator       = options[:pair_separator]       || ' '
-    value_surrounder     = options[:value_surrounder]     || '"'
-    name_value_separator = options[:name_value_separator] || '='
+    hierarchical_separator = options[:hierarchical_separator] || '_'
+    pair_separator         = options[:pair_separator]         || ' '
+    value_surrounder       = options[:value_surrounder]       || '"'
+    name_value_separator   = options[:name_value_separator]   || '='
+
+    concatenated_name_hash = to_concatenated_name_hash(hierarchical_separator)
 
-    pairs = to_environment.to_a.map do |pair|
-      %Q{#{pair[0]}#{name_value_separator}#{value_surrounder}#{pair[1]}#{value_surrounder}}
+    pairs = concatenated_name_hash.to_a.map do |key, value|
+      %Q{#{key.upcase}#{name_value_separator}#{value_surrounder}#{value}#{value_surrounder}}
     end
 
     pairs.join(pair_separator)
   end
 
+  ###
+  # Internal: Returns the Settings data as a Hash for easy manipulation.
+  # Changes made to the hash will *not* be reflected in the original Settings
+  # object.
+  #
+  # Returns a Hash
+  #
+  def to_hash
+    data.to_hash
+  end
+
+  ###
+  # Internal: Returns a hash which contains the flattened name hierarchy of the
+  # setting as the keys and the values of each setting as the value.
+  #
+  # Examples:
+  #   Settings.new(settings: {
+  #                  my_setting: 'value',
+  #                  there:      'was not that easy?',
+  #                  level_1:    {
+  #                    level_2:    {
+  #                      some_setting: 'hello',
+  #                      another:      'goodbye',
+  #                    },
+  #                    body:       'gracias',
+  #                  },
+  #                }).to_flattened_name_hash
+  #   # => {
+  #     ['my_setting']                         => 'value',
+  #     ['there']                              => 'was not that easy?',
+  #     ['level_1', 'level_2', 'some_setting'] => 'hello',
+  #     ['level_1', 'level_2', 'another']      => 'goodbye',
+  #     ['level_1', 'body']                    => 'gracias',
+  #   }
+  #
+  # Returns a Hash
+  #
+  def to_flattened_name_hash(hash = data, parent_keys = [])
+    flattened_name_hash = {}
+
+    hash.each_pair do |key, value|
+      flattened_name_components = parent_keys.dup.push(key)
+
+      if value.respond_to?(:each_pair)
+        flattened_name_hash.merge! to_flattened_name_hash(value, flattened_name_components)
+      else
+        flattened_name_hash[flattened_name_components] = value
+      end
+    end
+
+    flattened_name_hash
+  end
+
+  def to_concatenated_name_hash(hierarchical_separator = '_')
+    concatenated_name_hash = {}
+
+    to_flattened_name_hash.each_pair do |flattened_name, value|
+      concatenated_name = flattened_name.join(hierarchical_separator)
+
+      concatenated_name_hash[concatenated_name] = value
+    end
+
+    concatenated_name_hash.sort
+  end
+
   ###
   # Internal: Merges a Settings object with another Settings object or
   # a hash-like object.
@@ -115,17 +187,6 @@ class   Settings
       settings:       raw_data.merge(other_settings.raw_data))
   end
 
-  ###
-  # Internal: Returns the Settings data as a Hash for easy manipulation.
-  # Changes made to the hash will *not* be reflected in the original Settings
-  # object.
-  #
-  # Returns a Hash
-  #
-  def to_hash
-    data.to_hash
-  end
-
   ###
   # Internal: Determines whether a Settings is equal to another hash-like
   # object.
@@ -147,7 +208,7 @@ class   Settings
     self.namespaces  == other.namespaces
   end
 
-  def secured
+  def securable
     Settings.new( metadata.merge(
                     settings:     raw_data,
                     pre_filters:  [Filters::SecureFilter]))
@@ -155,9 +216,16 @@ class   Settings
 
   def secure
     Settings.new( metadata.merge(
-                    settings:     @raw_data,
+                    settings:     raw_data,
                     pre_filters:  [Filters::EncryptionFilter],
-                    post_filters: [] ))
+                    post_filters: [Filters::TranslateSecureKeysFilter] ))
+  end
+
+  def insecure
+    Settings.new( metadata.merge(
+                    settings:     raw_data,
+                    pre_filters:  [Filters::InsecureFilter],
+                    post_filters: [Filters::TranslateSecureKeysFilter] ))
   end
 
   protected

data/lib/chamber/version.rb

@@ -1,3 +1,3 @@
 module Chamber
-  VERSION = '2.2.1'
+  VERSION = '2.3.0'
 end

data/spec/lib/chamber/commands/secure_spec.rb

@@ -5,27 +5,31 @@ require 'fileutils'
 module    Chamber
 module    Commands
 describe  Secure do
-  let(:rootpath)          { Pathname.new(::File.expand_path('./spec/fixtures')) }
-  let(:settings_filename) { rootpath + 'settings' + 'unencrypted.yml' }
-  let(:options)           { {  basepath:       rootpath,
+  let(:rootpath)           { Pathname.new(::File.expand_path('./spec/fixtures')) }
+  let(:settings_directory) { rootpath + 'settings' }
+  let(:settings_filename)  { settings_directory + 'unencrypted.yml' }
+  let(:options)            { { basepath:       rootpath,
                                rootpath:       rootpath,
                                encryption_key: rootpath + '../spec_key',
                                shell:          double.as_null_object } }
 
+  before(:each) do
+    ::FileUtils.mkdir_p settings_directory unless ::File.exist? settings_directory
+  end
+
+  after(:each) do
+    ::FileUtils.rm_rf(settings_directory) if ::File.exist? settings_directory
+  end
+
   it 'can return values formatted as environment variables' do
-    ::FileUtils.mkdir_p rootpath + 'settings' unless ::File.exist? rootpath + 'settings'
-    ::File.open(settings_filename, 'w') do |file|
-      file.write <<-HEREDOC
+    settings_filename.write <<-HEREDOC
 test:
   _secure_my_unencrpyted_setting: hello
 HEREDOC
-    end
 
     Secure.call(options)
 
-    expect(::File.read(settings_filename)).to match %r{_secure_my_unencrpyted_setting: [A-Za-z0-9\+\/]{342}==}
-
-    ::File.delete(settings_filename)
+    expect(settings_filename.read).to match %r{_secure_my_unencrpyted_setting: [A-Za-z0-9\+\/]{342}==}
   end
 end
 end

data/spec/lib/chamber/commands/show_spec.rb

@@ -12,8 +12,8 @@ describe  Show do
   it 'can return values formatted as environment variables' do
     expect(Show.call(options.merge(as_env: true))).to eql(
 <<-HEREDOC.chomp
-ANOTHER_LEVEL_LEVEL_THREE_AN_ARRAY="["item 1", "item 2", "item 3"]"
 ANOTHER_LEVEL_LEVEL_THREE_A_SCALAR="hello"
+ANOTHER_LEVEL_LEVEL_THREE_AN_ARRAY="["item 1", "item 2", "item 3"]"
 ANOTHER_LEVEL_SETTING_ONE="1"
 ANOTHER_LEVEL_SETTING_TWO="2"
 MY_BOOLEAN="false"

data/spec/lib/chamber/file_spec.rb

@@ -103,7 +103,9 @@ describe  File do
   end
 
   it 'can securely encrypt the settings contained in a file' do
-    tempfile      = create_tempfile_with_content %Q({ _secure_setting: hello })
+    tempfile      = create_tempfile_with_content <<-HEREDOC
+_secure_setting: hello
+HEREDOC
     settings_file = File.new  path:           tempfile.path,
                               encryption_key: './spec/spec_key.pub'
 
@@ -113,5 +115,59 @@ describe  File do
 
     expect(settings_file.to_settings.send(:raw_data)['_secure_setting']).to match Filters::EncryptionFilter::BASE64_STRING_PATTERN
   end
+
+  it 'does not encrypt the settings contained in a file which are already secure' do
+    tempfile      = create_tempfile_with_content <<-HEREDOC
+_secure_setting: hello
+_secure_other_setting: g4ryOaWniDPht0x1pW10XWgtC7Bax2yQAM3+p9ZDMmBUKlVXgvCn8MvdvciX0126P7uuLylY7Pdbm8AnpjeaTvPOaDnDjPATkH1xpQG/HKBy+7zd67SMb3tJ3sxJNkYm6RrmydFHkDCghG37lvCnuZs1Jvd/mhpr/+thqKvtI+c/vzY+eFxM52lnoWWOgqwGCtUjb+PMbq+HjId6X8uRbpL1SpINA6WYJwvxTVK9XD/HYn67Fcqdova4dEHoqwzFfE+XVXM8uesE1DG3PFNhAzkT+mWXtBmo17i+K4wrOO06I13uDS3x+7LqoZz/Ez17SPXRJze4M/wyWfm43pnuVw==
+HEREDOC
+
+    settings_file = File.new  path:           tempfile.path,
+                              encryption_key: './spec/spec_key.pub'
+
+    settings_file.secure
+
+    settings_file = File.new  path:           tempfile.path
+
+    expect(settings_file.to_settings.send(:raw_data)['_secure_setting']).to       match Filters::EncryptionFilter::BASE64_STRING_PATTERN
+    expect(settings_file.to_settings.send(:raw_data)['_secure_other_setting']).to eql   "g4ryOaWniDPht0x1pW10XWgtC7Bax2yQAM3+p9ZDMmBUKlVXgvCn8MvdvciX0126P7uuLylY7Pdbm8AnpjeaTvPOaDnDjPATkH1xpQG/HKBy+7zd67SMb3tJ3sxJNkYm6RrmydFHkDCghG37lvCnuZs1Jvd/mhpr/+thqKvtI+c/vzY+eFxM52lnoWWOgqwGCtUjb+PMbq+HjId6X8uRbpL1SpINA6WYJwvxTVK9XD/HYn67Fcqdova4dEHoqwzFfE+XVXM8uesE1DG3PFNhAzkT+mWXtBmo17i+K4wrOO06I13uDS3x+7LqoZz/Ez17SPXRJze4M/wyWfm43pnuVw=="
+  end
+
+  it 'does not rewrite the entire file but only the encrypted settings' do
+    tempfile      = create_tempfile_with_content <<-HEREDOC
+default:
+  stuff: &default
+    _secure_setting:       hello
+    _secure_other_setting: g4ryOaWniDPht0x1pW10XWgtC7Bax2yQAM3+p9ZDMmBUKlVXgvCn8MvdvciX0126P7uuLylY7Pdbm8AnpjeaTvPOaDnDjPATkH1xpQG/HKBy+7zd67SMb3tJ3sxJNkYm6RrmydFHkDCghG37lvCnuZs1Jvd/mhpr/+thqKvtI+c/vzY+eFxM52lnoWWOgqwGCtUjb+PMbq+HjId6X8uRbpL1SpINA6WYJwvxTVK9XD/HYn67Fcqdova4dEHoqwzFfE+XVXM8uesE1DG3PFNhAzkT+mWXtBmo17i+K4wrOO06I13uDS3x+7LqoZz/Ez17SPXRJze4M/wyWfm43pnuVw==
+
+other:
+  stuff:
+    <<: *default
+    _secure_another_setting: "Thanks for all the fish"
+    regular_setting:         <%= 1 + 1 %>
+HEREDOC
+
+    settings_file = File.new  path:           tempfile.path,
+                              encryption_key: './spec/spec_key.pub'
+
+    settings_file.secure
+
+    file_contents                  = ::File.read(tempfile.path)
+    secure_setting_encoded         = file_contents[/    _secure_setting:       ([A-Za-z0-9\+\/]{342}==)$/, 1]
+    secure_another_setting_encoded = file_contents[/    _secure_another_setting: ([A-Za-z0-9\+\/]{342}==)$/, 1]
+
+    expect(::File.read(tempfile.path)).to eql <<-HEREDOC
+default:
+  stuff: &default
+    _secure_setting:       #{secure_setting_encoded}
+    _secure_other_setting: g4ryOaWniDPht0x1pW10XWgtC7Bax2yQAM3+p9ZDMmBUKlVXgvCn8MvdvciX0126P7uuLylY7Pdbm8AnpjeaTvPOaDnDjPATkH1xpQG/HKBy+7zd67SMb3tJ3sxJNkYm6RrmydFHkDCghG37lvCnuZs1Jvd/mhpr/+thqKvtI+c/vzY+eFxM52lnoWWOgqwGCtUjb+PMbq+HjId6X8uRbpL1SpINA6WYJwvxTVK9XD/HYn67Fcqdova4dEHoqwzFfE+XVXM8uesE1DG3PFNhAzkT+mWXtBmo17i+K4wrOO06I13uDS3x+7LqoZz/Ez17SPXRJze4M/wyWfm43pnuVw==
+
+other:
+  stuff:
+    <<: *default
+    _secure_another_setting: #{secure_another_setting_encoded}
+    regular_setting:         <%= 1 + 1 %>
+HEREDOC
+  end
 end
 end

data/spec/lib/chamber/filters/boolean_conversion_filter_spec.rb

@@ -21,6 +21,7 @@ describe  BooleanConversionFilter do
                                                   non_boolean:        Time.utc(2012, 8, 1),
                                                   nilly:              nil, },
                                                 false_boolean:        'false',
+                                                nilly:                nil,
                                                 non_boolean:          [1, 2, 3] })
 
     expect(filtered_data).to eql( true_boolean:       true,
@@ -37,6 +38,7 @@ describe  BooleanConversionFilter do
                                     non_boolean:        Time.utc(2012, 8, 1),
                                     nilly:              nil, },
                                   false_boolean:        false,
+                                  nilly:                nil,
                                   non_boolean:          [1, 2, 3] )
   end
 end

data/spec/lib/chamber/filters/decryption_filter_spec.rb

@@ -9,7 +9,7 @@ describe  DecryptionFilter do
                                                     _secure_my_secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==' },
                                                   decryption_key: './spec/spec_key' )
 
-    expect(filtered_settings.my_secure_setting).to eql 'hello'
+    expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
   end
 
   it 'will not attempt to decrypt values which are not marked as "secure"' do
@@ -33,7 +33,7 @@ describe  DecryptionFilter do
                                                     _secure_my_secure_setting: 'cJbFe0NI5\wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==' },
                                                   decryption_key: './spec/spec_key' )
 
-    expect(filtered_settings.my_secure_setting).to eql 'cJbFe0NI5\wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
+    expect(filtered_settings._secure_my_secure_setting).to eql 'cJbFe0NI5\wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
   end
 
   it 'will not attempt to decrypt values if it guesses that they are not encrpyted' do
@@ -41,14 +41,14 @@ describe  DecryptionFilter do
                                                     _secure_my_secure_setting: 'hello' },
                                                   decryption_key: './spec/spec_key' )
 
-    expect(filtered_settings.my_secure_setting).to eql 'hello'
+    expect(filtered_settings._secure_my_secure_setting).to eql 'hello'
   end
 
   it 'simply returns the encrypted string if there is no decryption key' do
     filtered_settings = DecryptionFilter.execute( data: {
                                                     _secure_my_secure_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==' })
 
-    expect(filtered_settings.my_secure_setting).to eql 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
+    expect(filtered_settings._secure_my_secure_setting).to eql 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ=='
   end
 end
 end

data/spec/lib/chamber/filters/insecure_filter_spec.rb

@@ -0,0 +1,54 @@
+require 'rspectacular'
+require 'chamber/filters/insecure_filter'
+
+module    Chamber
+module    Filters
+describe  InsecureFilter do
+  it 'will return values which are marked as "secure" if they are unencrypted' do
+    filtered_settings = InsecureFilter.execute( data: {
+                                                  _secure_my_secure_setting: 'hello' })
+
+    expect(filtered_settings._secure_my_secure_setting).to match 'hello'
+  end
+
+  it 'will not return values which are not marked as "secure"' do
+    filtered_settings = InsecureFilter.execute( data: {
+                                                  my_secure_setting: 'hello' })
+
+    expect(filtered_settings.my_secure_setting).to be_nil
+  end
+
+  it 'will properly return values even if they are mixed and deeply nested' do
+    filtered_settings = InsecureFilter.execute( data: {
+                                                  _secure_setting: 'hello',
+                                                  secure_setting:  'goodbye',
+                                                  secure_group: {
+                                                    _secure_nested_setting:  'movie',
+                                                    insecure_nested_setting: 'dinner' }})
+
+    expect(filtered_settings._secure_setting).to                      eql 'hello'
+    expect(filtered_settings.secure_setting).to                       be_nil
+    expect(filtered_settings.secure_group._secure_nested_setting).to  eql 'movie'
+    expect(filtered_settings.secure_group.insecure_nested_setting).to be_nil
+  end
+
+  it 'will not return values which are encrypted' do
+    filtered_settings = InsecureFilter.execute( data: {
+                                                  _secure_setting:       'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
+                                                  secure_setting:        'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
+                                                  _secure_other_setting: 'hello',
+                                                  secure_group: {
+                                                    _secure_nested_setting:       'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
+                                                    _secure_other_nested_setting: 'goodbye',
+                                                    insecure_nested_setting:      'dinner' }})
+
+    expect(filtered_settings._secure_setting?).to                          eql false
+    expect(filtered_settings.secure_setting?).to                           eql false
+    expect(filtered_settings._secure_other_setting).to                     eql 'hello'
+    expect(filtered_settings.secure_group._secure_nested_setting?).to      eql false
+    expect(filtered_settings.secure_group._secure_other_nested_setting).to eql 'goodbye'
+    expect(filtered_settings.secure_group.insecure_nested_setting?).to     eql false
+  end
+end
+end
+end

data/spec/lib/chamber/filters/translate_secure_keys_filter_spec.rb

@@ -0,0 +1,29 @@
+require 'rspectacular'
+require 'chamber/filters/translate_secure_keys_filter'
+
+module    Chamber
+module    Filters
+describe  TranslateSecureKeysFilter do
+  it 'will translate keys if they start with "_secure_"' do
+    filtered_settings = TranslateSecureKeysFilter.execute( data: {
+                                                    _secure_my_secure_setting: 'hello' })
+
+    expect(filtered_settings.my_secure_setting).to eql 'hello'
+  end
+
+  it 'will not translate keys if they do not start with "_secure_"' do
+    filtered_settings = TranslateSecureKeysFilter.execute( data: {
+                                                    my_secure_setting: 'hello' })
+
+    expect(filtered_settings.my_secure_setting).to eql 'hello'
+  end
+
+  it 'will not translate the key if it starts with "secure"' do
+    filtered_settings = TranslateSecureKeysFilter.execute( data: {
+                                                    secure_setting: 'hello' })
+
+    expect(filtered_settings.secure_setting).to eql 'hello'
+  end
+end
+end
+end

data/spec/lib/chamber/settings_spec.rb

@@ -31,25 +31,33 @@ describe  Settings do
   end
 
   it 'knows how to convert itself into an environment hash' do
-    allow(SystemEnvironment).to receive(:extract_from).
-                                and_return(:environment => :development)
-
-    settings = Settings.new(settings: {setting: 'value'})
-
-    expect(settings.to_environment).to  eql(:environment => :development)
-    expect(SystemEnvironment).to        have_received(:extract_from).
-                                        with(Hashie::Mash.new setting: 'value')
+    settings = Settings.new(settings: {
+                              my_setting: 'value',
+                              level_1:    {
+                                level_2:    {
+                                  some_setting: 'hello',
+                                  another:      'goodbye',
+                                },
+                                body:       'gracias',
+                              },
+                              there:      'was not that easy?',
+                            })
+
+    expect(settings.to_environment).to  eql(
+      'MY_SETTING'                   => 'value',
+      'LEVEL_1_LEVEL_2_SOME_SETTING' => 'hello',
+      'LEVEL_1_LEVEL_2_ANOTHER'      => 'goodbye',
+      'LEVEL_1_BODY'                 => 'gracias',
+      'THERE'                        => 'was not that easy?',
+    )
   end
 
   it 'sorts environment variables by name when converted to an environment hash so that they are easier to parse for humans' do
-    allow(SystemEnvironment).to receive(:extract_from).
-                                and_return('C' => 'value',
-                                           'D' => 'value',
-                                           'A' => 'value',
-                                           'E' => 'value',
-                                           'B' => 'value',)
-
-    settings = Settings.new(settings: { setting: 'value' })
+    settings = Settings.new(settings: { 'C' => 'value',
+                                        'D' => 'value',
+                                        'A' => 'value',
+                                        'E' => 'value',
+                                        'B' => 'value' })
 
     expect(settings.to_environment.to_a).to eql([['A', 'value'],
                                                  ['B', 'value'],
@@ -59,16 +67,46 @@ describe  Settings do
   end
 
   it 'can convert itself into a string' do
-    allow(SystemEnvironment).to receive(:extract_from).
-                                and_return('C' => 'cv',
-                                           'D' => 'dv',
-                                           'A' => 'av',
-                                           'E' => 'ev',
-                                           'B' => 'bv',)
-
-    settings = Settings.new(settings: { setting: 'value' })
+    settings = Settings.new(settings: {
+                              my_setting: 'value',
+                              level_1:    {
+                                level_2:    {
+                                  some_setting: 'hello',
+                                  another:      'goodbye',
+                                },
+                                body:       'gracias',
+                              },
+                              there:      'was not that easy?',
+                            })
+
+    expect(settings.to_s).to eql %Q{LEVEL_1_BODY="gracias" LEVEL_1_LEVEL_2_ANOTHER="goodbye" LEVEL_1_LEVEL_2_SOME_SETTING="hello" MY_SETTING="value" THERE="was not that easy?"}
+  end
 
-    expect(settings.to_s).to eql %Q{A="av" B="bv" C="cv" D="dv" E="ev"}
+  it 'can convert itself into a string with custom options' do
+    settings = Settings.new(settings: {
+                              my_setting: 'value',
+                              level_1:    {
+                                level_2:    {
+                                  some_setting: 'hello',
+                                  another:      'goodbye',
+                                },
+                                body:       'gracias',
+                              },
+                              there:      'was not that easy?',
+                            })
+
+    settings_string = settings.to_s hierarchical_separator: '/',
+                                    pair_separator:         "\n",
+                                    value_surrounder:       "'",
+                                    name_value_separator:   ': '
+
+    expect(settings_string).to eql <<-HEREDOC.chomp
+LEVEL_1/BODY: 'gracias'
+LEVEL_1/LEVEL_2/ANOTHER: 'goodbye'
+LEVEL_1/LEVEL_2/SOME_SETTING: 'hello'
+MY_SETTING: 'value'
+THERE: 'was not that easy?'
+HEREDOC
   end
 
   it 'can merge itself with a hash' do
@@ -113,6 +151,30 @@ describe  Settings do
     expect(settings.to_hash).not_to be_a Hashie::Mash
   end
 
+  it 'can convert itself into a hash with flattened names' do
+    settings = Settings.new(settings: {
+                              my_setting: 'value',
+                              level_1:    {
+                                level_2:    {
+                                  some_setting: 'hello',
+                                  another:      'goodbye',
+                                },
+                                body:       'gracias',
+                              },
+                              there:      'was not that easy?',
+                            })
+
+    expect(settings.to_flattened_name_hash).to     eql(
+      ['my_setting']                         => 'value',
+      ['level_1', 'level_2', 'some_setting'] => 'hello',
+      ['level_1', 'level_2', 'another']      => 'goodbye',
+      ['level_1', 'body']                    => 'gracias',
+      ['there']                              => 'was not that easy?',
+    )
+    expect(settings.to_flattened_name_hash).to     be_a Hash
+    expect(settings.to_flattened_name_hash).not_to be_a Hashie::Mash
+  end
+
   it 'does not allow manipulation of the internal setting hash when converted to a Hash' do
     settings = Settings.new(settings: {setting: 'value'})
 
@@ -186,7 +248,7 @@ describe  Settings do
 
     secure_settings = settings.secure
 
-    expect(secure_settings._secure_my_encrypted_setting).to match Filters::EncryptionFilter::BASE64_STRING_PATTERN
+    expect(secure_settings.my_encrypted_setting).to match Filters::EncryptionFilter::BASE64_STRING_PATTERN
   end
 
   it 'can check if it is equal to other items which can be converted into hashes' do
@@ -195,17 +257,34 @@ describe  Settings do
     expect(settings).to eq('setting' => 'value')
   end
 
-  it 'can filter secured settings' do
-    settings = Settings.new(settings:   {
-                              _secure_my_encrypted_setting: 'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
-                              my_insecure_setting:          'goodbye',
+  it 'can filter securable settings' do
+    settings = Settings.new(settings: {
+                              _secure_my_encrypted_setting:   'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
+                              _secure_my_unencrypted_setting: 'nifty',
+                              my_insecure_setting:            'goodbye',
+                            },
+                            decryption_key: './spec/spec_key')
+
+    secured_settings = settings.securable
+
+    expect(secured_settings.my_encrypted_setting).to    eql 'hello'
+    expect(secured_settings.my_unencrypted_setting).to  eql 'nifty'
+    expect(secured_settings.my_insecure_setting?).to    eql false
+  end
+
+  it 'can filter unencrypted settings' do
+    settings = Settings.new(settings: {
+                              _secure_my_encrypted_setting:   'cJbFe0NI5wknmsp2fVgpC/YeBD2pvcdVD+p0pUdnMoYThaV4mpsspg/ZTBtmjx7kMwcF6cjXFLDVw3FxptTHwzJUd4akun6EZ57m+QzCMJYnfY95gB2/emEAQLSz4/YwsE4LDGydkEjY1ZprfXznf+rU31YGDJUTf34ESz7fsQGSc9DjkBb9ao8Mv4cI7pCXkQZDwS5kLAZDf6agy1GzeL71Z8lrmQzk8QQuf/1kQzxsWVlzpKNXWS7u2CJ0sN5eINMngJBfv5ZFrZgfXc86wdgUKc8aaoX8OQA1kKTcdgbE9NcAhNr1+WfNxMnz84XzmUp2Y0H1jPgGkBKQJKArfQ==',
+                              _secure_my_unencrypted_setting: 'nifty',
+                              my_insecure_setting:            'goodbye',
                             },
                             decryption_key: './spec/spec_key')
 
-    secured_settings = settings.secured
+    secured_settings = settings.insecure
 
-    expect(secured_settings.my_encrypted_setting).to  eql 'hello'
-    expect(secured_settings.my_insecure_setting?).to  eql false
+    expect(secured_settings.my_encrypted_setting?).to   eql false
+    expect(secured_settings.my_unencrypted_setting).to  eql 'nifty'
+    expect(secured_settings.my_insecure_setting?).to    eql false
   end
 end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: chamber
 version: !ruby/object:Gem::Version
-  version: 2.2.1
+  version: 2.3.0
 platform: ruby
 authors:
 - stevenhallen
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-04-06 00:00:00.000000000 Z
+date: 2014-06-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -19,56 +19,56 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.18.1
+        version: 0.19.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.18.1
+        version: 0.19.1
 - !ruby/object:Gem::Dependency
   name: hashie
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: 2.0.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: 2.0.5
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.0.0.beta
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.0.0.beta
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: rspectacular
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.23.0
+        version: '0.46'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.23.0
+        version: '0.46'
 - !ruby/object:Gem::Dependency
   name: codeclimate-test-reporter
   requirement: !ruby/object:Gem::Requirement
@@ -127,14 +127,15 @@ files:
 - lib/chamber/filters/decryption_filter.rb
 - lib/chamber/filters/encryption_filter.rb
 - lib/chamber/filters/environment_filter.rb
+- lib/chamber/filters/insecure_filter.rb
 - lib/chamber/filters/namespace_filter.rb
 - lib/chamber/filters/secure_filter.rb
+- lib/chamber/filters/translate_secure_keys_filter.rb
 - lib/chamber/instance.rb
 - lib/chamber/namespace_set.rb
 - lib/chamber/rails.rb
 - lib/chamber/rails/railtie.rb
 - lib/chamber/settings.rb
-- lib/chamber/system_environment.rb
 - lib/chamber/version.rb
 - spec/fixtures/settings.yml
 - spec/lib/chamber/commands/files_spec.rb
@@ -151,11 +152,12 @@ files:
 - spec/lib/chamber/filters/decryption_filter_spec.rb
 - spec/lib/chamber/filters/encryption_filter_spec.rb
 - spec/lib/chamber/filters/environment_filter_spec.rb
+- spec/lib/chamber/filters/insecure_filter_spec.rb
 - spec/lib/chamber/filters/namespace_filter_spec.rb
 - spec/lib/chamber/filters/secure_filter_spec.rb
+- spec/lib/chamber/filters/translate_secure_keys_filter_spec.rb
 - spec/lib/chamber/namespace_set_spec.rb
 - spec/lib/chamber/settings_spec.rb
-- spec/lib/chamber/system_environment_spec.rb
 - spec/lib/chamber_spec.rb
 - spec/rails-2-test/config.ru
 - spec/rails-2-test/config/application.rb
@@ -190,7 +192,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: chamber
-rubygems_version: 2.2.2
+rubygems_version: 2.3.0
 signing_key: 
 specification_version: 4
 summary: A surprisingly configurable convention-based approach to managing your application's
@@ -211,11 +213,12 @@ test_files:
 - spec/lib/chamber/filters/decryption_filter_spec.rb
 - spec/lib/chamber/filters/encryption_filter_spec.rb
 - spec/lib/chamber/filters/environment_filter_spec.rb
+- spec/lib/chamber/filters/insecure_filter_spec.rb
 - spec/lib/chamber/filters/namespace_filter_spec.rb
 - spec/lib/chamber/filters/secure_filter_spec.rb
+- spec/lib/chamber/filters/translate_secure_keys_filter_spec.rb
 - spec/lib/chamber/namespace_set_spec.rb
 - spec/lib/chamber/settings_spec.rb
-- spec/lib/chamber/system_environment_spec.rb
 - spec/lib/chamber_spec.rb
 - spec/rails-2-test/config/application.rb
 - spec/rails-2-test/config.ru

data/lib/chamber/system_environment.rb

@@ -1,55 +0,0 @@
-require 'chamber/environmentable'
-
-###
-# Internal: Gives access to the existing environment for importing/exporting
-# values.
-#
-module  Chamber
-module  SystemEnvironment
-  extend Environmentable
-
-  ###
-  # Internal: Allows the environment variable-compatible variables to be
-  # extracted from a passed in hash.
-  #
-  # Examples:
-  #
-  #   ###
-  #   # Extracts the environment variables based on the hash keys
-  #   #
-  #   SystemEnvironment.extract_from(
-  #     level_one_1: {
-  #       level_two_1: 'value 1',
-  #       level_two_2: {
-  #         level_three_1: 'value 2' } } )
-  #
-  #   # => {
-  #     'LEVEL_ONE_1_LEVEL_TWO_1'               => 'env value 1',
-  #     'LEVEL_ONE_1_LEVEL_TWO_2_LEVEL_THREE_1' => 'env value 2',
-  #   }
-  #
-  #   ###
-  #   # Can extract environment variables if said variables are prefixed
-  #   #
-  #   SystemEnvironment.extract_from({
-  #                                   level_two_1: 'value 1',
-  #                                   level_two_2: 'value 2'
-  #                                 },
-  #                                 ['prefix'])
-  #
-  #   # => {
-  #     'PREFIX_LEVEL_TWO_1' => 'value 1',
-  #     'PREFIX_LEVEL_TWO_2' => 'value 2',
-  #   }
-  #
-  def self.extract_from(settings, parent_keys = [])
-    with_environment(settings, parent_keys,
-      ->(key, value, environment_keys) do
-        extract_from(value, environment_keys)
-      end,
-      ->(key, value, environment_key) do
-        { environment_key => value.to_s }
-      end)
-  end
-end
-end

data/spec/lib/chamber/system_environment_spec.rb

@@ -1,51 +0,0 @@
-require 'rspectacular'
-require 'chamber/system_environment'
-
-module    Chamber
-describe  SystemEnvironment do
-  it 'can extract environment variables based on a hash that is passed in' do
-    source_hash = {
-      level_one_1: {
-        level_two_1: 'value 1',
-        level_two_2: {
-          level_three_1: 'value 2',
-          level_three_2: 'value 3',
-        },
-        level_two_3: 'value 4',
-      level_one_2: 'value 5' }
-    }
-
-    expect(SystemEnvironment.extract_from(source_hash)).to eql({
-      'LEVEL_ONE_1_LEVEL_TWO_1'               => 'value 1',
-      'LEVEL_ONE_1_LEVEL_TWO_2_LEVEL_THREE_1' => 'value 2',
-      'LEVEL_ONE_1_LEVEL_TWO_2_LEVEL_THREE_2' => 'value 3',
-      'LEVEL_ONE_1_LEVEL_TWO_3'               => 'value 4',
-      'LEVEL_ONE_1_LEVEL_ONE_2'               => 'value 5',
-    })
-  end
-
-  it 'converts all items to strings so that they are usable as an environment variable' do
-    source_hash = {
-      value_one: Time.utc(2013, 10, 8, 18, 0, 1),
-      value_two: 3,
-    }
-
-    expect(SystemEnvironment.extract_from(source_hash)).to eql({
-      'VALUE_ONE' => '2013-10-08 18:00:01 UTC',
-      'VALUE_TWO' => '3',
-    })
-  end
-
-  it 'allows extracted environment variables to be prefixed for compatibility' do
-    source_hash = {
-      value_one: 'value',
-    }
-
-    environment_hash = SystemEnvironment.extract_from(source_hash, [:prefix])
-
-    expect(environment_hash).to eql({
-      'PREFIX_VALUE_ONE' => 'value',
-    })
-  end
-end
-end