chamber 3.0.0rc1 → 3.0.0rc2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3119f8787d3c63913a0ab69a0114cbf6d43a154ad1703aef610a2b02720b0cbc
-  data.tar.gz: ed25f8e4a9f93045c94aba4776fa6a0296f9db9f1312e4a1dadeb35343eba140
+  metadata.gz: 9de7c74ea902d381006bd6b5f05bae3680d1beef940ae75e483f30c923bc310f
+  data.tar.gz: b6f45eb5b668a5964e898ffb4caa5b9a3e9bc227736dd0e687e257cff0c99f84
 SHA512:
-  metadata.gz: acc3d5daf9e6570ccf16e76b8433e8d0912cdd85f4858f6634ee37531aa6a1c53b47621afeb21c0b9524eea6f8af3a02b52872f843b28a3f94d3e20bfa582880
-  data.tar.gz: 39a117062b19f734066f11c405730e499cc0325e6b2e3fd208aa68a930645e28f6b88f4f98e43133e8b70457d82ac3860f426b1385611b0d4b924003f79f0490
+  metadata.gz: b1ab7fedfaf6cb26ab3e97402966368f3e686751ca76e441a7d9db64b7fe354a289ac4ac330cac806fb7960f3b4750c1ce4f7799e548c4f0f549ee57826e8552
+  data.tar.gz: 64cfa0683ca78d71cd620e38e60c4d2c25683c5217d74858995b2ee65eda704f7d2aca9395451ac743424bd75b8974ee088ed3563e192be5ab057f49ad458165

data/lib/chamber/adapters/cloud/heroku.rb

@@ -20,18 +20,18 @@ class   Heroku
     self.app       = app
   end
 
-  def add_environment_variable(name, value) # rubocop:disable Metrics/AbcSize
+  def add_environment_variable(name, value)
     value   = value.gsub(/\n/, '\n') if value
     request = ::Net::HTTP::Patch.new(config_vars_uri)
 
     request['Authorization'] = "Bearer #{api_token}"
     request['Accept']        = 'application/vnd.heroku+json; version=3'
     request['Content-Type']  = 'application/json'
-    request.body             = ::JSON.dump(::Hash[name, value])
+    request.body             = ::JSON.dump({ name => value })
 
     response = ::JSON.parse(response(request).body)
 
-    fail ::NameError, response['message'] if response['message']
+    fail NameError, response['message'] if response['message']
 
     response
   end
@@ -44,7 +44,7 @@ class   Heroku
 
     response = ::JSON.parse(response(request).body)
 
-    fail ::NameError, response['message'] if response['message']
+    fail NameError, response['message'] if response['message']
 
     response
   end

data/lib/chamber/binary/circle_ci.rb

@@ -5,13 +5,11 @@ require 'chamber/commands/cloud/clear'
 require 'chamber/commands/cloud/push'
 require 'chamber/commands/cloud/pull'
 require 'chamber/commands/cloud/compare'
-require 'chamber/refinements/hash'
 
 module  Chamber
 module  Binary
-class   CircleCi < ::Thor
-  include ::Thor::Actions
-  using ::Chamber::Refinements::Hash
+class   CircleCi < Thor
+  include Thor::Actions
 
   class_option :api_token,
                type:     :string,
@@ -50,7 +48,7 @@ class   CircleCi < ::Thor
 
   def clear
     Commands::Cloud::Clear.call(**options
-                                    .deep_transform_keys(&:to_sym)
+                                    .transform_keys(&:to_sym)
                                     .merge(shell: self, adapter: 'circle_ci'))
   end
 
@@ -82,7 +80,7 @@ class   CircleCi < ::Thor
 
   def push
     Commands::Cloud::Push.call(**options
-                                   .deep_transform_keys(&:to_sym)
+                                   .transform_keys(&:to_sym)
                                    .merge(shell: self, adapter: 'circle_ci'))
   end
 
@@ -97,7 +95,7 @@ class   CircleCi < ::Thor
 
   def pull
     Commands::Cloud::Pull.call(**options
-                                   .deep_transform_keys(&:to_sym)
+                                   .transform_keys(&:to_sym)
                                    .merge(shell: self, adapter: 'circle_ci'))
   end
 
@@ -115,7 +113,7 @@ class   CircleCi < ::Thor
 
   def compare
     Commands::Cloud::Compare.call(**options
-                                      .deep_transform_keys(&:to_sym)
+                                      .transform_keys(&:to_sym)
                                       .merge(shell: self, adapter: 'circle_ci'))
   end
 end

data/lib/chamber/binary/heroku.rb

@@ -5,13 +5,11 @@ require 'chamber/commands/cloud/clear'
 require 'chamber/commands/cloud/push'
 require 'chamber/commands/cloud/pull'
 require 'chamber/commands/cloud/compare'
-require 'chamber/refinements/hash'
 
 module  Chamber
 module  Binary
-class   Heroku < ::Thor
-  include ::Thor::Actions
-  using ::Chamber::Refinements::Hash
+class   Heroku < Thor
+  include Thor::Actions
 
   class_option :app,
                type:     :string,
@@ -38,7 +36,7 @@ class   Heroku < ::Thor
 
   def clear
     Commands::Cloud::Clear.call(**options
-                                    .deep_transform_keys(&:to_sym)
+                                    .transform_keys(&:to_sym)
                                     .merge(shell: self, adapter: 'heroku'))
   end
 
@@ -70,7 +68,7 @@ class   Heroku < ::Thor
 
   def push
     Commands::Cloud::Push.call(**options
-                                   .deep_transform_keys(&:to_sym)
+                                   .transform_keys(&:to_sym)
                                    .merge(shell: self, adapter: 'heroku'))
   end
 
@@ -85,7 +83,7 @@ class   Heroku < ::Thor
 
   def pull
     Commands::Cloud::Pull.call(**options
-                                   .deep_transform_keys(&:to_sym)
+                                   .transform_keys(&:to_sym)
                                    .merge(shell: self, adapter: 'heroku'))
   end
 
@@ -103,7 +101,7 @@ class   Heroku < ::Thor
 
   def compare
     Commands::Cloud::Compare.call(**options
-                                      .deep_transform_keys(&:to_sym)
+                                      .transform_keys(&:to_sym)
                                       .merge(shell: self, adapter: 'heroku'))
   end
 end

data/lib/chamber/binary/runner.rb

@@ -12,13 +12,11 @@ require 'chamber/commands/sign'
 require 'chamber/commands/verify'
 require 'chamber/commands/compare'
 require 'chamber/commands/initialize'
-require 'chamber/refinements/hash'
 
 module  Chamber
 module  Binary
-class   Runner < ::Thor
-  include ::Thor::Actions
-  using ::Chamber::Refinements::Hash
+class   Runner < Thor
+  include Thor::Actions
 
   source_root ::File.expand_path('../../../templates', __dir__)
 
@@ -94,7 +92,7 @@ class   Runner < ::Thor
                          'Useful for debugging.'
 
   def show
-    puts Commands::Show.call(**options.deep_transform_keys(&:to_sym).merge(shell: self))
+    puts Commands::Show.call(**options.transform_keys(&:to_sym).merge(shell: self))
   end
 
   ################################################################################
@@ -102,7 +100,7 @@ class   Runner < ::Thor
   desc 'files', 'Lists the settings files which are parsed with the given options'
 
   def files
-    puts Commands::Files.call(**options.deep_transform_keys(&:to_sym).merge(shell: self))
+    puts Commands::Files.call(**options.transform_keys(&:to_sym).merge(shell: self))
   end
 
   ################################################################################
@@ -132,7 +130,7 @@ class   Runner < ::Thor
                           'destination of the comparison'
 
   def compare
-    Commands::Compare.call(**options.deep_transform_keys(&:to_sym).merge(shell: self))
+    Commands::Compare.call(**options.transform_keys(&:to_sym).merge(shell: self))
   end
 
   ################################################################################
@@ -152,7 +150,7 @@ class   Runner < ::Thor
                          'what values would be encrypted'
 
   def secure
-    Commands::Secure.call(**options.deep_transform_keys(&:to_sym).merge(shell: self))
+    Commands::Secure.call(**options.transform_keys(&:to_sym).merge(shell: self))
   end
 
   ################################################################################
@@ -171,9 +169,9 @@ class   Runner < ::Thor
 
   def sign
     if options[:verify]
-      Commands::Verify.call(**options.deep_transform_keys(&:to_sym).merge(shell: self))
+      Commands::Verify.call(**options.transform_keys(&:to_sym).merge(shell: self))
     else
-      Commands::Sign.call(**options.deep_transform_keys(&:to_sym).merge(shell: self))
+      Commands::Sign.call(**options.transform_keys(&:to_sym).merge(shell: self))
     end
   end
 
@@ -187,7 +185,7 @@ class   Runner < ::Thor
                 default: false
 
   def init
-    Commands::Initialize.call(**options.deep_transform_keys(&:to_sym).merge(shell: self))
+    Commands::Initialize.call(**options.transform_keys(&:to_sym).merge(shell: self))
   end
 end
 end

data/lib/chamber/binary/travis.rb

@@ -2,13 +2,10 @@
 
 require 'thor'
 require 'chamber/commands/travis/secure'
-require 'chamber/refinements/hash'
 
 module  Chamber
 module  Binary
-class   Travis < ::Thor
-  using ::Chamber::Refinements::Hash
-
+class   Travis < Thor
   desc 'secure',
        'Uses your Travis CI public key to encrypt the settings you have ' \
        'chosen not to commit to the repo'
@@ -28,9 +25,7 @@ class   Travis < ::Thor
                          'which are marked as "_secure"'
 
   def secure
-    Commands::Travis::Secure.call(**options
-                                    .deep_transform_keys(&:to_sym)
-                                    .merge(shell: self))
+    Commands::Travis::Secure.call(**options.transform_keys(&:to_sym).merge(shell: self))
   end
 end
 end

data/lib/chamber/commands/initialize.rb

@@ -194,7 +194,7 @@ class   Initialize < Chamber::Commands::Base
       .chamber*.enc.pass
       !.chamber*.pub.pem
     }.each do |pattern|
-      unless gitignore_contents =~ Regexp.new(Regexp.escape(pattern))
+      unless gitignore_contents&.match?(Regexp.new(Regexp.escape(pattern)))
         shell.append_to_file gitignore_filepath, "#{pattern}\n"
       end
     end

data/lib/chamber/commands/securable.rb

@@ -2,18 +2,15 @@
 
 require 'shellwords'
 require 'chamber/instance'
-require 'chamber/refinements/hash'
 
 module  Chamber
 module  Commands
 module  Securable
-  using ::Chamber::Refinements::Hash
-
   def initialize(only_sensitive: nil, **args)
     super(**args)
 
     ignored_settings_options        = args
-                                        .deep_merge(files: ignored_settings_filepaths)
+                                        .merge(files: ignored_settings_filepaths)
                                         .reject { |k, _v| k == 'basepath' }
     self.ignored_settings_instance  = Chamber::Instance.new(**ignored_settings_options)
     self.current_settings_instance  = Chamber::Instance.new(**args)

data/lib/chamber/context_resolver.rb

@@ -41,6 +41,7 @@ class   ContextResolver
                                     options[:basepath] + 'settings*.yml',
                                     options[:basepath] + 'settings',
                                   ]
+
     options[:signature_name]    = options[:signature_name]
 
     options

data/lib/chamber/encryption_methods/public_key.rb

@@ -2,29 +2,41 @@
 
 require 'base64'
 
+require 'chamber/errors/disallowed_class'
+
 module  Chamber
 module  EncryptionMethods
 class   PublicKey
-  def self.encrypt(_key, value, encryption_key)
+  def self.encrypt(_settings_key, value, encryption_key)
     value            = YAML.dump(value)
     encrypted_string = encryption_key.public_encrypt(value)
 
     Base64.strict_encode64(encrypted_string)
   end
 
-  def self.decrypt(_key, value, decryption_key)
-    if decryption_key.nil?
-      value
-    else
-      decoded_string    = Base64.strict_decode64(value)
-      unencrypted_value = decryption_key.private_decrypt(decoded_string)
-
-      begin
-        _unserialized_value = YAML.load(unencrypted_value)
-      rescue TypeError
-        unencrypted_value
-      end
-    end
+  def self.decrypt(_settings_key, value, decryption_key)
+    return value if decryption_key.nil?
+
+    decoded_string    = ::Base64.strict_decode64(value)
+    unencrypted_value = decryption_key.private_decrypt(decoded_string)
+
+    ::YAML.safe_load(unencrypted_value,
+                     aliases:           true,
+                     permitted_classes: [
+                                          ::Date,
+                                          ::Time,
+                                          ::Regexp,
+                                        ])
+  rescue ::Psych::DisallowedClass => error
+    raise ::Chamber::Errors::DisallowedClass, <<~HEREDOC
+      #{error.message}
+
+      You attempted to load a class instance via your Chamber settings that is not allowed.
+
+      See https://github.com/thekompanee/chamber/wiki/Upgrading-To-Chamber-3.0#limiting-complex-classes for full details.
+    HEREDOC
+  rescue ::TypeError
+    unencrypted_value
   end
 end
 end

data/lib/chamber/encryption_methods/ssl.rb

@@ -16,7 +16,7 @@ class   Ssl
                                 \z
                               /x.freeze
 
-  def self.encrypt(_key, value, encryption_keys) # rubocop:disable Metrics/AbcSize
+  def self.encrypt(_settings_key, value, encryption_keys) # rubocop:disable Metrics/AbcSize
     value         = YAML.dump(value)
     cipher        = OpenSSL::Cipher.new('AES-128-CBC')
     cipher.encrypt
@@ -35,38 +35,46 @@ class   Ssl
     Base64.strict_encode64(encrypted_data)
   end
 
-  def self.decrypt(key, value, decryption_keys) # rubocop:disable Metrics/AbcSize
-    if decryption_keys.nil?
-      value
-    else
-      key, iv, decoded_string = value
-                                  .match(LARGE_DATA_STRING_PATTERN)
-                                  .captures
-                                  .map do |part|
-        Base64.strict_decode64(part)
-      end
-      key                     = decryption_keys.private_decrypt(key)
+  def self.decrypt(_settings_key, value, decryption_keys) # rubocop:disable Metrics/AbcSize
+    return value if decryption_keys.nil?
 
-      cipher_dec = OpenSSL::Cipher.new('AES-128-CBC')
+    key, iv, decoded_string = value
+                                .match(LARGE_DATA_STRING_PATTERN)
+                                .captures
+                                .map do |part|
+                                  ::Base64.strict_decode64(part)
+                                end
+    key                     = decryption_keys.private_decrypt(key)
 
-      cipher_dec.decrypt
+    cipher_dec = ::OpenSSL::Cipher.new('AES-128-CBC')
 
-      cipher_dec.key = key
-      cipher_dec.iv  = iv
+    cipher_dec.decrypt
 
-      begin
-        unencrypted_value = cipher_dec.update(decoded_string) + cipher_dec.final
-      rescue OpenSSL::Cipher::CipherError
-        raise Chamber::Errors::DecryptionFailure,
-              'A decryption error occurred. It was probably due to invalid key data.'
-      end
+    cipher_dec.key = key
+    cipher_dec.iv  = iv
 
-      begin
-        _unserialized_value = YAML.load(unencrypted_value)
-      rescue TypeError
-        unencrypted_value
-      end
-    end
+    unencrypted_value = cipher_dec.update(decoded_string) + cipher_dec.final
+
+    ::YAML.safe_load(unencrypted_value,
+                     aliases:           true,
+                     permitted_classes: [
+                                          ::Date,
+                                          ::Time,
+                                          ::Regexp,
+                                        ])
+  rescue ::OpenSSL::Cipher::CipherError
+    raise ::Chamber::Errors::DecryptionFailure,
+          'A decryption error occurred. It was probably due to invalid key data.'
+  rescue ::Psych::DisallowedClass => error
+    raise ::Chamber::Errors::DisallowedClass, <<~HEREDOC
+      #{error.message}
+
+      You attempted to load a class instance via your Chamber settings that is not allowed.
+
+      See https://github.com/thekompanee/chamber/wiki/Upgrading-To-Chamber-3.0#limiting-complex-classes for full details.
+    HEREDOC
+  rescue ::TypeError
+    unencrypted_value
   end
 end
 end

data/lib/chamber/errors/disallowed_class.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module  Chamber
+module  Errors
+class   DisallowedClass < ::Psych::DisallowedClass
+end
+end
+end

data/lib/chamber/errors/non_conforming_key.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module  Chamber
+module  Errors
+class   NonConformingKey < ::ArgumentError
+end
+end
+end

data/lib/chamber/file.rb

@@ -4,7 +4,6 @@ require 'pathname'
 require 'yaml'
 require 'erb'
 require 'chamber/files/signature'
-require 'chamber/refinements/hash'
 
 ###
 # Internal: Represents a single file containing settings information in a given
@@ -12,8 +11,6 @@ require 'chamber/refinements/hash'
 #
 module  Chamber
 class   File < Pathname
-  using ::Chamber::Refinements::Hash
-
   attr_accessor :namespaces,
                 :decryption_keys,
                 :encryption_keys,
@@ -144,10 +141,24 @@ class   File < Pathname
 
   def file_contents_hash
     file_contents = read
-    erb_result    = ERB.new(file_contents).result
-
-    (YAML.load(erb_result) || {}).deep_transform_keys(&:to_s)
-  rescue Errno::ENOENT
+    erb_result    = ::ERB.new(file_contents).result
+
+    ::YAML.safe_load(erb_result,
+                     aliases:           true,
+                     permitted_classes: [
+                                          ::Date,
+                                          ::Time,
+                                          ::Regexp,
+                                        ]) || {}
+  rescue ::Psych::DisallowedClass => error
+    raise ::Chamber::Errors::DisallowedClass, <<~HEREDOC
+      #{error.message}
+
+      You attempted to load a class instance via your Chamber settings that is not allowed.
+
+      See https://github.com/thekompanee/chamber/wiki/Upgrading-To-Chamber-3.0#limiting-complex-classes for full details.
+    HEREDOC
+  rescue ::Errno::ENOENT
     {}
   end
 end

data/lib/chamber/file_set.rb

@@ -256,9 +256,15 @@ class   FileSet
 
   private
 
+  # rubocop:disable Performance/ChainArrayAllocation
   def all_files
-    @all_files ||= file_globs.map { |fg| Pathname.glob(fg) }.flatten.uniq.sort # rubocop:disable Performance/ChainArrayAllocation
+    @all_files ||= file_globs
+                     .map { |fg| Pathname.glob(fg) }
+                     .flatten
+                     .uniq
+                     .sort
   end
+  # rubocop:enable Performance/ChainArrayAllocation
 
   def non_namespaced_files
     @non_namespaced_files ||= all_files - namespaced_files

data/lib/chamber/files/signature.rb

@@ -42,13 +42,13 @@ class  Signature
   end
 
   def write
-    signature_filename.write(<<-HEREDOC, 0, mode: 'w+')
-Signed By: #{signature_name}
-Signed At: #{Time.now.utc.iso8601}
+    signature_filename.write(<<~HEREDOC, 0, mode: 'w+')
+      Signed By: #{signature_name}
+      Signed At: #{Time.now.utc.iso8601}
 
-#{SIGNATURE_HEADER}
-#{encoded_signature}
-#{SIGNATURE_FOOTER}
+      #{SIGNATURE_HEADER}
+      #{encoded_signature}
+      #{SIGNATURE_FOOTER}
     HEREDOC
   end
 

data/lib/chamber/filters/decryption_filter.rb

@@ -36,7 +36,7 @@ class   DecryptionFilter
   attr_reader   :decryption_keys
 
   def initialize(data:, secure_key_prefix:, decryption_keys: {}, **_args)
-    self.decryption_keys  = decryption_keys || {}
+    self.decryption_keys  = (decryption_keys || {}).transform_keys(&:to_s)
     self.data             = data.deep_dup
     self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
   end
@@ -81,18 +81,16 @@ class   DecryptionFilter
     method = decryption_method(value)
 
     decryption_keys.each do |decryption_key|
-      begin
-        return method.decrypt(key, value, decryption_key)
-      rescue OpenSSL::PKey::RSAError
-        next
-      end
+      return method.decrypt(key, value, decryption_key)
+    rescue OpenSSL::PKey::RSAError
+      next
     end
 
     value
   end
 
   def decryption_method(value)
-    if value.respond_to?(:match)
+    if value.is_a?(::String)
       if value.match(BASE64_STRING_PATTERN)
         EncryptionMethods::PublicKey
       elsif value.match(LARGE_DATA_STRING_PATTERN)

data/lib/chamber/filters/encryption_filter.rb

@@ -29,7 +29,7 @@ class     EncryptionFilter
   attr_reader   :encryption_keys
 
   def initialize(data:, secure_key_prefix:, encryption_keys: {}, **_args)
-    self.encryption_keys  = encryption_keys || {}
+    self.encryption_keys  = (encryption_keys || {}).transform_keys(&:to_s)
     self.data             = data.deep_dup
     self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
   end
@@ -53,7 +53,7 @@ class     EncryptionFilter
   end
 
   def encryption_keys=(other)
-    @encryption_keys = other.each_with_object({}) do |(namespace, keyish), memo|
+    @encryption_keys = other.each_with_object({}) do |(namespace, keyish), memo| # rubocop:disable Style/HashTransformValues
       memo[namespace] = if keyish.is_a?(OpenSSL::PKey::RSA)
                           keyish
                         elsif ::File.readable?(::File.expand_path(keyish))
@@ -69,8 +69,7 @@ class     EncryptionFilter
 
   def encrypt(namespace, key, value)
     method         = encryption_method(value)
-    namespace_key  = namespace ? namespace.to_sym : nil
-    encryption_key = encryption_keys[namespace_key] || encryption_keys[:__default]
+    encryption_key = encryption_keys[namespace] || encryption_keys['__default']
 
     return value unless encryption_key
 
@@ -78,7 +77,7 @@ class     EncryptionFilter
   end
 
   def encryption_method(value)
-    value_is_encrypted = value.respond_to?(:match) &&
+    value_is_encrypted = value.is_a?(::String) &&
                            (value.match(BASE64_STRING_PATTERN) ||
                             value.match(LARGE_DATA_STRING_PATTERN))
 

data/lib/chamber/filters/environment_filter.rb

@@ -1,16 +1,12 @@
 # frozen_string_literal: true
 
 require 'yaml'
+
 require 'chamber/errors/environment_conversion'
-require 'chamber/refinements/hash'
-require 'chamber/refinements/deep_dup'
 
 module  Chamber
 module  Filters
 class   EnvironmentFilter
-  using ::Chamber::Refinements::Hash
-  using ::Chamber::Refinements::DeepDup
-
   ###
   # Internal: Allows the existing environment to be injected into the passed in
   # hash.  The hash that is passed in is *not* modified, instead a new hash is
@@ -113,9 +109,11 @@ class   EnvironmentFilter
         { key => execute(value, environment_keys) }
       end,
       lambda do |key, value, environment_key|
-        { key => convert_environment_value(environment_key,
+        {
+          key => convert_environment_value(environment_key,
                                            ENV[environment_key],
-                                           value) }
+                                           value),
+        }
       end,
     )
   end
@@ -127,14 +125,14 @@ class   EnvironmentFilter
 
     settings.each_pair do |key, value|
       environment_key  = key.to_s.gsub(secure_key_token, '')
-      environment_keys = parent_keys.deep_dup.push(environment_key)
+      environment_keys = parent_keys.dup.push(environment_key)
 
       if value.respond_to? :each_pair
-        environment_hash.deep_merge!(hash_block.call(key, value, environment_keys))
+        environment_hash.merge!(hash_block.call(key, value, environment_keys))
       else
         environment_key = environment_keys.join('_').upcase
 
-        environment_hash.deep_merge!(value_block.call(key, value, environment_key))
+        environment_hash.merge!(value_block.call(key, value, environment_key))
       end
     end
 
@@ -171,13 +169,13 @@ class   EnvironmentFilter
       environment_value
     end
   rescue ArgumentError
-    raise Chamber::Errors::EnvironmentConversion, <<-HEREDOC
-We attempted to convert '#{environment_key}' from '#{environment_value}' to a '#{settings_value.class.name}'.
+    raise Chamber::Errors::EnvironmentConversion, <<~HEREDOC
+      We attempted to convert '#{environment_key}' from '#{environment_value}' to a '#{settings_value.class.name}'.
 
-Unfortunately, this did not go as planned.  Please either verify that your value is convertable
-or change the original YAML value to be something more generic (like a String).
+      Unfortunately, this did not go as planned.  Please either verify that your value is convertable
+      or change the original YAML value to be something more generic (like a String).
 
-For more information, see https://github.com/thekompanee/chamber/wiki/Environment-Variable-Coercions
+      For more information, see https://github.com/thekompanee/chamber/wiki/Environment-Variable-Coercions
     HEREDOC
   end
 end

data/lib/chamber/filters/namespace_filter.rb

@@ -1,13 +1,13 @@
 # frozen_string_literal: true
 
-require 'chamber/refinements/hash'
 require 'chamber/refinements/deep_dup'
+require 'chamber/refinements/hash'
 
 module  Chamber
 module  Filters
 class   NamespaceFilter
-  using ::Chamber::Refinements::Hash
   using ::Chamber::Refinements::DeepDup
+  using ::Chamber::Refinements::Hash
 
   def self.execute(**args)
     new(**args).__send__(:execute)
@@ -24,19 +24,17 @@ class   NamespaceFilter
   protected
 
   def execute
-    if data_is_namespaced?
-      namespaces.each_with_object({}) do |namespace, filtered_data|
-        filtered_data.deep_merge!(data[namespace]) if data[namespace]
-      end
-    else
-      data
+    return data unless data_is_namespaced?
+
+    namespaces.each_with_object({}) do |namespace, filtered_data|
+      filtered_data.deep_merge!(data[namespace]) if data[namespace]
     end
   end
 
   private
 
   def data_is_namespaced?
-    @data_is_namespaced ||= data.keys.any? { |key| namespaces.include? key.to_s }
+    @data_is_namespaced ||= data.keys.any? { |key| namespaces.include?(key.to_s) }
   end
 end
 end

data/lib/chamber/instance.rb

@@ -3,12 +3,9 @@
 require 'chamber/configuration'
 require 'chamber/file_set'
 require 'chamber/settings'
-require 'chamber/refinements/hash'
 
 module  Chamber
 class   Instance
-  using ::Chamber::Refinements::Hash
-
   attr_accessor :configuration,
                 :files
 
@@ -66,11 +63,11 @@ class   Instance
   end
 
   def encrypt(data, **args)
-    config = configuration.to_hash.deep_merge(**args)
+    config = configuration.to_hash.merge(**args)
 
     Settings
       .new(
-        **config.deep_merge(
+        **config.merge(
           settings:     data,
           pre_filters:  [Filters::EncryptionFilter],
           post_filters: [],
@@ -80,11 +77,11 @@ class   Instance
   end
 
   def decrypt(data, **args)
-    config = configuration.to_hash.deep_merge(**args)
+    config = configuration.to_hash.merge(**args)
 
     Settings
       .new(
-        **config.deep_merge(
+        **config.merge(
           settings:     data,
           pre_filters:  [Filters::NamespaceFilter],
           post_filters: [

data/lib/chamber/keys/base.rb

@@ -39,13 +39,13 @@ class   Base
                  namespaces.map { |n| namespace_to_key_path(n) }
   end
 
-  # rubocop:disable Performance/ChainArrayAllocation
+  # rubocop:disable Performance/ChainArrayAllocation, Performance/MapCompact
   def filenames=(other)
     @filenames = Array(other)
                    .map { |o| Pathname.new(o) }
                    .compact
   end
-  # rubocop:enable Performance/ChainArrayAllocation
+  # rubocop:enable Performance/ChainArrayAllocation, Performance/MapCompact
 
   def namespaces=(other)
     @namespaces = other + %w{signature}

data/lib/chamber/refinements/deep_dup.rb

@@ -4,50 +4,26 @@ module Chamber
 module Refinements
 module DeepDup
 refine ::Array do
-  unless method_defined?(:deep_dup)
-    def deep_dup
-      map do |i|
-        if i.respond_to?(:deep_dup)
-          i.deep_dup
-        else
-          begin
-            i.dup
-          rescue ::TypeError
-            # Hack for < Ruby 2.4 since FalseClass, TrueClass, Fixnum, etc can't be
-            # dupped
-            i
-          end
-        end
-      end
-    end
+  def deep_dup
+    map { |i| i.respond_to?(:deep_dup) ? i.deep_dup : i.dup }
   end
 end
 
 refine ::Object do
-  unless method_defined?(:deep_dup)
-    def deep_dup
-      begin
-        dup
-      rescue ::TypeError
-        # Hack for < Ruby 2.4 since FalseClass, TrueClass, Fixnum, etc can't be
-        # dupped
-        self
-      end
-    end
+  def deep_dup
+    dup
   end
 end
 
 refine ::Hash do
-  unless method_defined?(:deep_dup)
-    def deep_dup
-      dup.tap do |hash|
-        each_pair do |key, value|
-          if key.frozen? && key.is_a?(::String)
-            hash[key] = value.deep_dup
-          else
-            hash.delete(key)
-            hash[key.deep_dup] = value.deep_dup
-          end
+  def deep_dup
+    dup.tap do |hash|
+      each_pair do |key, value|
+        if key.frozen? && key.is_a?(::String)
+          hash[key] = value.deep_dup
+        else
+          hash.delete(key)
+          hash[key.deep_dup] = value.deep_dup
         end
       end
     end

data/lib/chamber/refinements/enumerable.rb

@@ -1,34 +1,22 @@
 # frozen_string_literal: true
 
+require 'chamber/errors/non_conforming_key'
+
 module Chamber
 module Refinements
 class  Enumerable
-  def self.deep_transform_keys(object, &block)
+  def self.deep_validate_keys(object, &block)
     case object
     when ::Hash
-      object.each_with_object({}) do |(key, value), result|
-        result[yield(key)] = deep_transform_keys(value, &block)
-      end
-    when ::Array
-      object.map { |e| deep_transform_keys(e, &block) }
-    else
-      object
-    end
-  end
+      object.each do |(key, value)|
+        fail ::Chamber::Errors::NonConformingKey unless key == yield(key)
 
-  def self.deep_transform_values(key, value, &block)
-    case value
-    when ::Hash
-      value.each_with_object({}) do |(k, v), memo|
-        memo[k] = deep_transform_values(k, v, &block)
+        deep_validate_keys(value, &block)
       end
     when ::Array
-      yield(
-        key,
-        value.map { |v| deep_transform_values(nil, v, &block) }
-      )
+      object.map { |v| deep_validate_keys(v, &block) }
     else
-      yield(key, value)
+      object
     end
   end
 end

data/lib/chamber/refinements/hash.rb

@@ -1,47 +1,21 @@
 # frozen_string_literal: true
 
-require 'rspectacular'
-require 'chamber/refinements/hash'
-require 'chamber/refinements/enumerable'
-
 module Chamber
 module Refinements
 module Hash
 refine ::Hash do
-  def deep_strip!
-    each do |key, value|
-      if value.respond_to?(:strip)
-        self[key] = value.strip
-      elsif value.respond_to?(:deep_strip!)
-        self[key] = value.deep_strip!
-      end
-    end
-  end
-
-  def deep_transform_keys(&block)
-    Refinements::Enumerable.deep_transform_keys(self, &block)
-  end
-
-  def deep_transform_values(&block)
-    Refinements::Enumerable.deep_transform_values(nil, self, &block)
-  end
-
-  unless method_defined?(:deep_merge)
-    def deep_merge(other, &block)
-      dup.deep_merge!(other, &block)
-    end
+  def deep_merge(other_hash, &block)
+    dup.deep_merge!(other_hash, &block)
   end
 
-  unless method_defined?(:deep_merge!)
-    def deep_merge!(other, &block)
-      merge!(other) do |key, value_1, value_2|
-        if value_1.is_a?(::Hash) && value_2.is_a?(::Hash)
-          value_1.deep_merge(value_2, &block)
-        elsif block
-          yield(key, value_1, value_2)
-        else
-          value_2
-        end
+  def deep_merge!(other_hash, &block)
+    merge!(other_hash) do |key, this_val, other_val|
+      if this_val.is_a?(::Hash) && other_val.is_a?(::Hash)
+        this_val.deep_merge(other_val, &block)
+      elsif block
+        yield(key, this_val, other_val)
+      else
+        other_val
       end
     end
   end

data/lib/chamber/rubinius_fix.rb

@@ -5,7 +5,7 @@ require 'pathname'
 unless Pathname.instance_methods.include?(:write)
   class Pathname
     def write(*args)
-      IO.write @path, *args
+      IO.write @path, *args # rubocop:disable Security/IoMethods
     end
   end
 end

data/lib/chamber/settings.rb

@@ -10,6 +10,7 @@ require 'chamber/filters/translate_secure_keys_filter'
 require 'chamber/filters/insecure_filter'
 require 'chamber/filters/failed_decryption_filter'
 require 'chamber/refinements/deep_dup'
+require 'chamber/refinements/enumerable'
 require 'chamber/refinements/hash'
 
 ###
@@ -26,7 +27,6 @@ class   Settings
                 :pre_filters,
                 :secure_key_prefix
   attr_reader   :namespaces
-  attr_writer   :raw_data
 
   # rubocop:disable Metrics/ParameterLists
   def initialize(
@@ -46,9 +46,12 @@ class   Settings
                   settings:          {},
                   **_args
                 )
-    self.decryption_keys   = decryption_keys
-    self.encryption_keys   = encryption_keys
-    self.namespaces        = namespaces
+
+    ::Chamber::Refinements::Enumerable.deep_validate_keys(settings, &:to_s)
+
+    self.decryption_keys   = (decryption_keys || {}).transform_keys(&:to_s)
+    self.encryption_keys   = (encryption_keys || {}).transform_keys(&:to_s)
+    self.namespaces        = NamespaceSet.new(namespaces)
     self.post_filters      = post_filters
     self.pre_filters       = pre_filters
     self.raw_data          = settings.deep_dup
@@ -114,7 +117,7 @@ class   Settings
   # Returns a Hash
   #
   def to_hash
-    data.dup
+    data.deep_dup
   end
 
   ###
@@ -147,11 +150,11 @@ class   Settings
     flattened_name_hash = {}
 
     hash.each_pair do |key, value|
-      flattened_name_components = parent_keys.deep_dup.push(key)
+      flattened_name_components = parent_keys.dup.push(key)
 
       if value.respond_to?(:each_pair)
-        flattened_name_hash
-          .deep_merge!(to_flattened_name_hash(value, flattened_name_components))
+        flattened_name_hash.merge! to_flattened_name_hash(value,
+                                                          flattened_name_components)
       else
         flattened_name_hash[flattened_name_components] = value
       end
@@ -197,7 +200,7 @@ class   Settings
     other_settings = case other
                      when Settings
                        other
-                     when ::Hash
+                     when Hash
                        Settings.new(settings: other)
                      end
 
@@ -233,8 +236,7 @@ class   Settings
   end
 
   def [](key)
-    warn "WARNING: Bracket access will require strings instead of symbols in Chamber 3.0.  You attempted to access the '#{key}' setting.  See https://github.com/thekompanee/chamber/wiki/Upgrading-To-Chamber-3.0#removal-of-bracket-indifferent-access for full details." if key.is_a?(::Symbol) # rubocop:disable Layout/LineLength
-    warn "WARNING: Accessing a non-existent key ('#{key}') with brackets will fail in Chamber 3.0.  See https://github.com/thekompanee/chamber/wiki/Upgrading-To-Chamber-3.0#bracket-access-now-fails-on-non-existent-keys for full details." unless data.has_key?(key) # rubocop:disable Layout/LineLength
+    fail ::ArgumentError, 'Bracket access with anything other than a String is unsupported.' unless key.is_a?(::String)
 
     data.fetch(key)
   end
@@ -254,14 +256,14 @@ class   Settings
   end
 
   def securable
-    Settings.new(**metadata.deep_merge(
+    Settings.new(**metadata.merge(
                    settings:    raw_data,
                    pre_filters: [Filters::SecureFilter],
                  ))
   end
 
   def secure
-    Settings.new(**metadata.deep_merge(
+    Settings.new(**metadata.merge(
                    settings:     raw_data,
                    pre_filters:  [Filters::EncryptionFilter],
                    post_filters: [Filters::TranslateSecureKeysFilter],
@@ -269,7 +271,7 @@ class   Settings
   end
 
   def insecure
-    Settings.new(**metadata.deep_merge(
+    Settings.new(**metadata.merge(
                    settings:     raw_data,
                    pre_filters:  [Filters::InsecureFilter],
                    post_filters: [Filters::TranslateSecureKeysFilter],
@@ -278,23 +280,21 @@ class   Settings
 
   protected
 
-  def namespaces=(raw_namespaces)
-    @namespaces = NamespaceSet.new(raw_namespaces)
-  end
+  attr_writer :namespaces,
+              :raw_data
 
   # rubocop:disable Naming/MemoizedInstanceVariableName
   def raw_data
     @filtered_raw_data ||= pre_filters.inject(@raw_data) do |filtered_data, filter|
-      filter.execute(**{ data: filtered_data }.deep_merge(metadata))
+      filter.execute(**{ data: filtered_data }.merge(metadata))
     end
   end
   # rubocop:enable Naming/MemoizedInstanceVariableName
 
   def data
-    @data ||= post_filters
-                .inject(raw_data) do |filtered_data, filter|
-                  filter.execute(**{ data: filtered_data }.deep_merge(metadata))
-                end
+    @data ||= post_filters.inject(raw_data) do |filtered_data, filter|
+      filter.execute(**{ data: filtered_data }.merge(metadata))
+    end
   end
 
   def metadata

data/lib/chamber/types/secured.rb

@@ -37,14 +37,14 @@ class   Secured < CHAMBER_TYPE_VALUE_SUPERCLASS
 
   def cast(value)
     case value
-    when ::Hash
+    when Hash
       value
-    when ::String
+    when String
       ::JSON.parse(value)
-    when ::NilClass
+    when NilClass
       nil
     else
-      fail ::ArgumentError, 'Any attributes encrypted with Chamber must be either a Hash or a valid JSON string'
+      fail ArgumentError, 'Any attributes encrypted with Chamber must be either a Hash or a valid JSON string'
     end
   end
   alias type_cast_from_user cast
@@ -54,14 +54,14 @@ class   Secured < CHAMBER_TYPE_VALUE_SUPERCLASS
 
     return if value.nil?
 
-    ::Chamber.decrypt(value,
-                      decryption_keys: decryption_keys,
-                      encryption_keys: encryption_keys)
+    Chamber.decrypt(value,
+                    decryption_keys: decryption_keys,
+                    encryption_keys: encryption_keys)
   end
   alias type_cast_from_database deserialize
 
   def serialize(value)
-    fail ::ArgumentError, 'Any attributes encrypted with Chamber must be a Hash' unless value.is_a?(::Hash)
+    fail ArgumentError, 'Any attributes encrypted with Chamber must be a Hash' unless value.is_a?(Hash)
 
     ::JSON.dump(
       ::Chamber.encrypt(value,

data/lib/chamber/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Chamber
-  VERSION = '3.0.0rc1'
+  VERSION = '3.0.0rc2'
 end

data/lib/chamber.rb

@@ -11,10 +11,6 @@ module  Chamber
     self.instance = Instance.new(**args)
   end
 
-  def env
-    instance.settings
-  end
-
   def instance
     @instance ||= Instance.new
   end
@@ -87,7 +83,6 @@ module  Chamber
                   :dig!,
                   :dig,
                   :encrypt,
-                  :env,
                   :filenames,
                   :files,
                   :instance,

metadata

@@ -1,21 +1,21 @@
 --- !ruby/object:Gem::Specification
 name: chamber
 version: !ruby/object:Gem::Version
-  version: 3.0.0rc1
+  version: 3.0.0rc2
 platform: ruby
 authors:
 - thekompanee
 - jfelchner
 - stevenhallen
 - m5rk
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain:
 - |
   -----BEGIN CERTIFICATE-----
-  MIIEGDCCAoCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDDCdhY2Nv
-  dW50c19ydWJ5Z2Vtcy9EQz10aGVrb21wYW5lZS9EQz1jb20wHhcNMjAxMjI2MjIy
-  NTE5WhcNMjExMjI2MjIyNTE5WjAyMTAwLgYDVQQDDCdhY2NvdW50c19ydWJ5Z2Vt
+  MIIEdjCCAt6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDDCdhY2Nv
+  dW50c19ydWJ5Z2Vtcy9EQz10aGVrb21wYW5lZS9EQz1jb20wHhcNMjIwMzA1MjM0
+  OTEzWhcNMjMwMzA1MjM0OTEzWjAyMTAwLgYDVQQDDCdhY2NvdW50c19ydWJ5Z2Vt
   cy9EQz10aGVrb21wYW5lZS9EQz1jb20wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAw
   ggGKAoIBgQD0Z84PxtE0iiWCMTQbnit6D4w55GGBQZnhpWUCJwC0SpQ/jnT0Fsma
   g8oAIdDclLvLC9jzqSAmkOujlpkJMb5NabgkhKFwHi6cVW/gz/cVnISAv8LQTIM5
@@ -25,18 +25,20 @@ cert_chain:
   NBRKSuO15kpPo2G55N0HLy8abUzbu5cqjhSbIk9hzD6AmdGCT4DqlsdHI5gOrGP0
   BO6VxGpRuRETKoZ4epPCsXC2XAwk3TJXkuuqYkgdcv8ZR4rPW2CiPvRqgG1YVwWj
   SrIy5Dt/dlMvxdIMiTj6ytAQP1kfdKPFWrJTIA2tspl/eNB+LiYsVdj8d0UU/KTY
-  y7jqKMpOE1UCAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0O
-  BBYEFO/l0LjdONn2Rr8y4WGyMA37MWVfMA0GCSqGSIb3DQEBCwUAA4IBgQDBGn+T
-  HS7SCuLgjCimsT5e3v+Q0VaML1+yJPPqvIVM+HMyTYDpV2ogdAcX1I0lNbUHT9w7
-  5y8pQ7BtYq8LDX6D8EufjvlgpJzunuPpNVh2QQdtkYC2zGabTnk+BJC5scYckBxW
-  PxYXSuOxjXAkFe1r9RhPzeMY8lPVh6aEQKNLVkzbpIjoGzUgAPGPZG/ylKSWycwE
-  qfHiDXzCAqMzSsb3sMQO1+0euciY1oTOyYCHYKo+gemWEI/p8PyJe/qB2tWC9GYs
-  m+we5ul7O4Sq8qKnX0KCqHneqaXakcbuEkhViW6Def432jH8JjYums6EW2mg9570
-  pHS20TH4u9o0+5DIhayfGrmAtdtQutQNCclONqBlk7r3/16Y8Lr376dDHrISZlwd
-  fdbUKgJXqJeb4GYhiKV07l67XExVjmAklMuA6bcB7mk+aSYUkoWNic4ZYGNjVv88
-  AapqLKNG/UPfrJhdhTtFR4ARb8f54rgzONhTaAqVk23Bdp1yoDXaulFCkmU=
+  y7jqKMpOE1UCAwEAAaOBljCBkzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNV
+  HQ4EFgQU7+XQuN042fZGvzLhYbIwDfsxZV8wLAYDVR0RBCUwI4EhYWNjb3VudHMr
+  cnVieWdlbXNAdGhla29tcGFuZWUuY29tMCwGA1UdEgQlMCOBIWFjY291bnRzK3J1
+  YnlnZW1zQHRoZWtvbXBhbmVlLmNvbTANBgkqhkiG9w0BAQsFAAOCAYEA04F3jVFD
+  BwHv8GVMkvUAc7r247lEEYfYuU/Iq0fivT1ugxN9pqT/ODwyPSdYy4Aqj8j4HHbM
+  2OQcKXb9SXjlIa/u5McPlhbsTQozs77bXOmrlAXN6shRJtTKSKm5ttmM/sDeks6p
+  wdhM0KHu5PBFZQjWfJuqi0hH13l0qQH+8r2GzXTHMKNX+6m1cTAkP81OPFIekn0l
+  boFRgsIr1j335pLV/+hgCRNSlU84E59YVVm+W9kP0Ym/n6051mBaaEMsWnm3td7a
+  c7BNPTxfmZrtz3TVq9VvzdHad3/+1QdNl9+l3VdL7wZ3GKZLhyifn7dc5EXxiZHJ
+  eDcSScq4x5NTMajXoJLKcoQPJDL7rUpPtvGj3v9O20RzHlWVDqVdzeYlswDjIqwe
+  ZjvLRaDI6IVoq0skZju//VZLiN6slVhAYYQj0uka/T0DZieabVYDcT4BVpa9M7Gz
+  CDW/VDWjvEEbsCIW0oYhtUrkqE8GLIdrpLUjefOERbS5TslD7lG/MH5k
   -----END CERTIFICATE-----
-date: 2020-12-31 00:00:00.000000000 Z
+date: 2022-03-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -171,7 +173,9 @@ files:
 - lib/chamber/encryption_methods/public_key.rb
 - lib/chamber/encryption_methods/ssl.rb
 - lib/chamber/errors/decryption_failure.rb
+- lib/chamber/errors/disallowed_class.rb
 - lib/chamber/errors/environment_conversion.rb
+- lib/chamber/errors/non_conforming_key.rb
 - lib/chamber/file.rb
 - lib/chamber/file_set.rb
 - lib/chamber/files/signature.rb
@@ -192,7 +196,6 @@ files:
 - lib/chamber/keys/encryption.rb
 - lib/chamber/namespace_set.rb
 - lib/chamber/rails.rb
-- lib/chamber/refinements/array.rb
 - lib/chamber/refinements/deep_dup.rb
 - lib/chamber/refinements/enumerable.rb
 - lib/chamber/refinements/hash.rb
@@ -212,7 +215,7 @@ metadata:
   homepage_uri: https://github.com/thekompanee/chamber
   source_code_uri: https://github.com/thekompanee/chamber
   wiki_uri: https://github.com/thekompanee/chamber/wiki
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -220,15 +223,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.1.0
+      version: 2.7.5
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">"
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
-rubygems_version: 3.2.3
-signing_key:
+rubygems_version: 3.1.6
+signing_key: 
 specification_version: 4
 summary: A surprisingly configurable convention-based approach to managing your application's
   custom configuration settings.

data/lib/chamber/refinements/array.rb

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-require 'rspectacular'
-require 'chamber/refinements/enumerable'
-
-module Chamber
-module Refinements
-module Array
-refine ::Array do
-  def deep_transform_keys(&block)
-    Refinements::Enumerable.deep_transform_keys(self, &block)
-  end
-
-  def deep_transform_values(&block)
-    Refinements::Enumerable.deep_transform_values(nil, self, &block)
-  end
-end
-end
-end
-end