chef-vault 3.4.0 → 4.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b2393b696dd0505b83769e01e744b50a0514f507a3398e03bd4bb0a0cb26c53b
-  data.tar.gz: e91d4be1450033a65bfa10ea433b888d3edb2170682e0c705b35f5ceff591df4
+  metadata.gz: 03bdd8e351901cf22ffe796719f896d66facb68e879c9391cc1a9b1c37f7fda6
+  data.tar.gz: f0bcdfb1453a3a1369b8dc4c4bf953d88f02553b7b7a75c37b52bb53d6c433c6
 SHA512:
-  metadata.gz: bf36f5d7612489eb89789c7e98c71ce6b0c74de063341c99e05f7fb7b98a1037ce492979809e242e907ed289aac6ebc43c466915b3d1a43c076724655396e268
-  data.tar.gz: 2eb39a0b5cc7c75beb17f092feb6d30a32ebfd37346ab898852e7037fd1aaab9172bc4c797c0919f67049183f163cffdd285250dfc3ba5878d77cd649e0a605d
+  metadata.gz: dd6bf1713a7070cb868c8ada5cebefc160f7d20dea520068b280a4bbd66c6a2dca429ca3a06a6c50186d4bc23145e41536b6dd141c8d53ed3c12d0244ae0a105
+  data.tar.gz: b5be7ab98224fecb927546fe14513fc2c1efec41d63069c460e402b9581ee38e7bc3fd1241e76de00334760e7df7aa480abd907263155d6bb59124d6eadb0017

data/Gemfile

@@ -0,0 +1,27 @@
+source "https://rubygems.org"
+
+gemspec
+
+group :development do
+  gem "chefstyle"
+  gem "chef-zero"
+  gem "rake"
+  gem "rspec", "~> 3.4"
+  gem "aruba", "~> 0.6"
+  gem "simplecov", "~> 0.9"
+  gem "simplecov-console", "~> 0.2.0"
+  gem "chef", "~> 14.0" # avoids test failures on license acceptance
+end
+
+group :docs do
+  gem "yard"
+  gem "redcarpet"
+  gem "github-markup"
+end
+
+group :debug do
+  gem "pry"
+  gem "pry-byebug"
+  gem "pry-stack_explorer", "~> 0.4.0" # pin until we drop ruby < 2.6
+  gem "rb-readline"
+end

data/chef-vault.gemspec

@@ -0,0 +1,35 @@
+# Chef-Vault Gemspec file
+# Copyright 2013-2015, Nordstrom, Inc.
+# Copyright 2017-2019, Chef Software, Inc.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+$:.push File.expand_path("../lib", __FILE__)
+require "chef-vault/version"
+
+Gem::Specification.new do |s|
+  s.name             = "chef-vault"
+  s.version          = ChefVault::VERSION
+  s.authors          = ["Thom May"]
+  s.email            = ["thom@chef.io"]
+  s.summary          = "Data encryption support for Chef Infra using data bags"
+  s.description      = s.summary
+  s.homepage         = "https://github.com/chef/chef-vault"
+  s.license          = "Apache-2.0"
+  s.files            = %w{LICENSE Gemfile} + Dir.glob("*.gemspec") + `git ls-files`.split("\n").select { |f| f =~ %r{^(?:bin/|lib/)}i }
+  s.require_paths    = ["lib"]
+  s.bindir           = "bin"
+  s.executables      = %w{ chef-vault }
+
+  s.required_ruby_version = ">= 2.4"
+end

data/lib/chef-vault.rb

@@ -23,14 +23,14 @@ require "chef/api_client"
 require "chef/data_bag_item"
 require "chef/encrypted_data_bag_item"
 require "chef/user"
-require "chef-vault/version"
-require "chef-vault/exceptions"
-require "chef-vault/item"
-require "chef-vault/item_keys"
-require "chef-vault/user"
-require "chef-vault/certificate"
-require "chef-vault/chef_api"
-require "chef-vault/actor"
+require_relative "chef-vault/version"
+require_relative "chef-vault/exceptions"
+require_relative "chef-vault/item"
+require_relative "chef-vault/item_keys"
+require_relative "chef-vault/user"
+require_relative "chef-vault/certificate"
+require_relative "chef-vault/chef_api"
+require_relative "chef-vault/actor"
 
 require "mixlib/log"
 

data/lib/chef-vault/actor.rb

@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "json"
+require "json" unless defined?(JSON)
 
 class ChefVault
   class Actor
@@ -27,6 +27,7 @@ class ChefVault
       if actor_type != "clients" && actor_type != "admins"
         raise "You must pass either 'clients' or 'admins' as the first argument to ChefVault::Actor.new."
       end
+
       @type = actor_type
       @name = actor_name
     end
@@ -52,7 +53,7 @@ class ChefVault
           case http_error.response.code
           when "404"
             raise ChefVault::Exceptions::AdminNotFound,
-                  "FATAL: Could not find default key for #{name} in users or clients!"
+              "FATAL: Could not find default key for #{name} in users or clients!"
           when "403"
             print_forbidden_error
             raise http_error
@@ -73,7 +74,7 @@ class ChefVault
         raise http_error
       elsif http_error.response.code.eql?("404")
         raise ChefVault::Exceptions::ClientNotFound,
-              "#{name} is not a valid chef client and/or node"
+          "#{name} is not a valid chef client and/or node"
       else
         raise http_error
       end
@@ -115,6 +116,7 @@ class ChefVault
     # If the keys endpoint doesn't exist, try getting it directly from the V0 chef object.
     rescue Net::HTTPServerException => http_error
       raise http_error unless http_error.response.code.eql?("404")
+
       if request_actor_type.eql?("clients")
         chef_api_client.load(name).public_key
       else

data/lib/chef-vault/item.rb

@@ -15,8 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "securerandom"
-require "chef-vault/mixins"
+require "securerandom" unless defined?(SecureRandom)
+require_relative "mixins"
 
 class ChefVault
   class Item < Chef::DataBagItem
@@ -131,6 +131,10 @@ class ChefVault
       end
     end
 
+    def mode(mode)
+      keys.mode(mode) if mode
+    end
+
     def admins(admin_string, action = :add)
       admin_string.split(",").each do |admin|
         admin.strip!
@@ -142,7 +146,7 @@ class ChefVault
           keys.delete(admin_key)
         else
           raise ChefVault::Exceptions::KeysActionNotValid,
-                "#{action} is not a valid action"
+            "#{action} is not a valid action"
         end
       end
     end
@@ -157,7 +161,7 @@ class ChefVault
 
     def secret
       if @keys.include?(@node_name) && !@keys[@node_name].nil?
-        private_key = OpenSSL::PKey::RSA.new(File.open(@client_key_path).read())
+        private_key = OpenSSL::PKey::RSA.new(File.open(@client_key_path).read)
         begin
           private_key.private_decrypt(Base64.decode64(@keys[@node_name]))
         rescue OpenSSL::PKey::RSAError
@@ -268,7 +272,7 @@ class ChefVault
 
       if Chef::Config[:solo_legacy_mode]
         data_bag_path = File.join(Chef::Config[:data_bag_path],
-                                  data_bag)
+          data_bag)
         data_bag_item_path = File.join(data_bag_path, @raw_data["id"])
 
         FileUtils.rm("#{data_bag_item_path}.json")
@@ -336,7 +340,16 @@ class ChefVault
     def self.data_bag_item_type(vault, name)
       # adapted from https://github.com/opscode-cookbooks/chef-vault/blob/v1.3.0/libraries/chef_vault_item.rb
       # and https://github.com/sensu/sensu-chef/blob/2.9.0/libraries/sensu_helpers.rb
-      dbi = Chef::DataBagItem.load(vault, name)
+      begin
+        dbi = Chef::DataBagItem.load(vault, name)
+      rescue Net::HTTPServerException => http_error
+        if http_error.response.code == "404"
+          raise ChefVault::Exceptions::ItemNotFound,
+            "#{vault}/#{name} not found"
+        else
+          raise http_error
+        end
+      end
       encrypted = dbi.detect do |_, v|
         v.is_a?(Hash) && v.key?("encrypted_data")
       end
@@ -358,12 +371,12 @@ class ChefVault
     #   no longer be found
     # @return [void]
     def refresh(clean_unknown_clients = false)
-      unless search
+      if search.empty?
         raise ChefVault::Exceptions::SearchNotFound,
-              "#{vault}/#{item} does not have a stored search_query, "\
-              "probably because it was created with an older version "\
-              "of chef-vault. Use 'knife vault update' to update the "\
-              "databag with the search query."
+          "#{@data_bag}/#{@raw_data["id"]} does not have a stored "\
+          "search_query, probably because it was created with an "\
+          "older version of chef-vault. Use 'knife vault update' "\
+          "to update the databag with the search query."
       end
 
       # a bit of a misnomer; this doesn't remove unknown
@@ -434,11 +447,12 @@ class ChefVault
       true
     rescue Net::HTTPServerException => http_error
       return false if http_error.response.code == "404"
+
       raise http_error
     end
 
     # adds or deletes an API client from the vault item keys
-    # @param client [Chef::ApiClient] the API client to operate on
+    # @param api_client [Chef::ApiClient] the API client to operate on
     # @param action [Symbol] :add or :delete
     # @return [void]
     def handle_client_action(api_client, action)
@@ -460,7 +474,7 @@ class ChefVault
     end
 
     # removes a client to the vault item keys
-    # @param client_or_node [String] the name of the API client or node to remove
+    # @param name [String] the name of the API client or node to remove
     # @return [void]
     def delete_client_or_node(name)
       client = load_actor(name, "clients")

data/lib/chef-vault/item_keys.rb

@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "chef-vault/mixins"
+require_relative "mixins"
 
 class ChefVault
   class ItemKeys < Chef::DataBagItem
@@ -39,9 +39,11 @@ class ChefVault
     def [](key)
       # return options immediately
       return @raw_data[key] if %w{id admins clients search_query mode}.include?(key)
+
       # check if the key is in the write-back cache
       ckey = @cache[key]
       return ckey unless ckey.nil?
+
       # check if the key is saved in sparse mode
       skey = sparse_key(sparse_id(key)) if sparse?
       if skey
@@ -58,6 +60,7 @@ class ChefVault
       return (ckey ? true : false) unless ckey.nil?
       # check if the key is saved in sparse mode
       return true if sparse? && sparse_key(sparse_id(key))
+
       # fallback to non-sparse mode if sparse key is not found
       @raw_data.keys.include?(key)
     end
@@ -66,10 +69,14 @@ class ChefVault
       type = chef_key.type
       unless @raw_data.key?(type)
         raise ChefVault::Exceptions::V1Format,
-              "cannot manage a v1 vault.  See UPGRADE.md for help"
+          "cannot manage a v1 vault.  See UPGRADE.md for help"
       end
       @cache[chef_key.name] = skip_reencryption ? self[chef_key.name] : nil
-      @cache[chef_key.name] ||= ChefVault::ItemKeys.encode_key(chef_key.key, data_bag_shared_secret)
+      begin
+        @cache[chef_key.name] ||= ChefVault::ItemKeys.encode_key(chef_key.key, data_bag_shared_secret)
+      rescue OpenSSL::PKey::RSAError
+        raise OpenSSL::PKey::RSAError, "While adding #{chef_key.type} an invalid or old (pre chef-server 12) format public key was found for #{chef_key.name}"
+      end
       @raw_data[type] << chef_key.name unless @raw_data[type].include?(chef_key.name)
       @raw_data[type]
     end
@@ -135,7 +142,7 @@ class ChefVault
             begin
               Chef::DataBagItem.from_hash("data_bag" => data_bag,
                                           "id" => sparse_id(key))
-                               .destroy(data_bag, sparse_id(key))
+                .destroy(data_bag, sparse_id(key))
             rescue Net::HTTPServerException => http_error
               raise http_error unless http_error.response.code == "404"
             end
@@ -161,6 +168,25 @@ class ChefVault
           end
         end
       end
+
+      if @raw_data["mode"] == "sparse"
+        @raw_data.each do |key, val|
+          next if %w{ id clients admins search_query mode }.include?(key)
+
+          skey = Chef::DataBagItem.from_hash(
+            "data_bag" => data_bag,
+            "id" => sparse_id(key),
+            key => val
+          )
+          @raw_data.delete(key)
+          if Chef::Config[:solo_legacy_mode]
+            save_solo(skey.id, skey.raw_data)
+          else
+            skey.save
+          end
+        end
+      end
+
       # save raw data
       if Chef::Config[:solo_legacy_mode]
         save_solo(item_id)
@@ -187,7 +213,7 @@ class ChefVault
         items = Chef::DataBag.load(data_bag).keys.select { |item| item =~ rgx }
         items.each do |id|
           Chef::DataBagItem.from_hash("data_bag" => data_bag, "id" => id)
-                           .destroy(data_bag, id)
+            .destroy(data_bag, id)
         end
         # destroy this metadata
         super(data_bag, id)

data/lib/chef-vault/mixins.rb

@@ -6,7 +6,7 @@ class ChefVault
     #     paths and use that by preference
     #  1. Otherwise, just use the first location in the array
     def find_solo_path(item_id)
-      if Chef::Config[:data_bag_path].kind_of?(Array)
+      if Chef::Config[:data_bag_path].is_a?(Array)
         path = Chef::Config[:data_bag_path].find do |dir|
           File.exist?(File.join(dir, data_bag, "#{item_id}.json"))
         end
@@ -15,7 +15,7 @@ class ChefVault
         data_bag_path = File.join(path, data_bag)
       else
         data_bag_path = File.join(Chef::Config[:data_bag_path],
-                                  data_bag)
+          data_bag)
       end
       data_bag_item_path = File.join(data_bag_path, item_id) + ".json"
 

data/lib/chef-vault/version.rb

@@ -15,6 +15,6 @@
 # limitations under the License.
 
 class ChefVault
-  VERSION = "3.4.0"
+  VERSION = "4.0.6"
   MAJOR, MINOR, TINY = VERSION.split(".")
 end

data/lib/chef/knife/mixin/helper.rb

@@ -33,7 +33,7 @@ class ChefVault
       end
 
       def values_from_file(file)
-        json = File.open(file) { |fh| fh.read() }
+        json = File.open(file, &:read)
 
         values_from_json(json)
       end

data/lib/chef/knife/vault_admins.rb

@@ -14,7 +14,7 @@
 # limitations under the License.
 
 require "chef/knife"
-require "chef-vault"
+require_relative "../../chef-vault"
 
 class Chef
   class Knife

data/lib/chef/knife/vault_base.rb

@@ -14,7 +14,7 @@
 # limitations under the License.
 
 require "chef/knife"
-require "chef-vault"
+require_relative "../../chef-vault"
 
 class Chef
   class Knife
@@ -55,13 +55,16 @@ class Chef
         # - item_keys has zero or more keys in sparse mode
         # vaults have a number of keys >= 2
         return false unless bag.keys.size >= 2
+
         # partition into those that end in _keys
         keylike, notkeylike = split_vault_keys(bag)
         # there must be an equal number of keyline and not-keylike items
         return false unless keylike.size == notkeylike.size
+
         # strip the _keys suffix and check if the sets match
         keylike.map! { |k| k.gsub(/_keys$/, "") }
         return false unless keylike.sort == notkeylike.sort
+
         # it's (probably) a vault
         true
       end
@@ -70,7 +73,7 @@ class Chef
         # get all item keys
         keys = bag.keys.select { |k| k =~ /_keys$/ }
         # get all sparse keys
-        r = Regexp.union(keys.map { |k| Regexp.new("^#{k.chomp('_keys')}_key_.*") })
+        r = Regexp.union(keys.map { |k| Regexp.new("^#{k.chomp("_keys")}_key_.*") })
         sparse = bag.keys.select { |k| k =~ r }
         # the rest
         items = bag.keys - keys - sparse

data/lib/chef/knife/vault_create.rb

@@ -13,9 +13,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "chef/knife/vault_base"
-require "chef/knife/vault_admins"
-require "chef/knife/vault_clients"
+require_relative "vault_base"
+require_relative "vault_admins"
+require_relative "vault_clients"
 
 class Chef
   class Knife
@@ -84,7 +84,7 @@ class Chef
 
               if file
                 vault_item["file-name"] = File.basename(file)
-                vault_item["file-content"] = File.open(file) { |f| f.read() }
+                vault_item["file-content"] = File.open(file, &:read)
               end
             else
               vault_json = edit_hash({})

data/lib/chef/knife/vault_delete.rb

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "chef/knife/vault_base"
+require_relative "vault_base"
 
 class Chef
   class Knife

data/lib/chef/knife/vault_download.rb

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "chef/knife/vault_base"
+require_relative "vault_base"
 
 class Chef
   class Knife
@@ -34,7 +34,7 @@ class Chef
           File.open(path, "w") do |file|
             file.write(vault_item["file-content"])
           end
-          ui.info("Saved #{vault_item['file-name']} as #{path}")
+          ui.info("Saved #{vault_item["file-name"]} as #{path}")
         else
           show_usage
         end

data/lib/chef/knife/vault_edit.rb

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "chef/knife/vault_base"
+require_relative "vault_base"
 
 class Chef
   class Knife

data/lib/chef/knife/vault_isvault.rb

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "chef/knife/vault_base"
+require_relative "vault_base"
 
 class Chef
   class Knife

data/lib/chef/knife/vault_itemtype.rb

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "chef/knife/vault_base"
+require_relative "vault_base"
 
 class Chef
   class Knife

data/lib/chef/knife/vault_list.rb

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "chef/knife/vault_base"
+require_relative "vault_base"
 
 class Chef
   class Knife

data/lib/chef/knife/vault_refresh.rb

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "chef/knife/vault_base"
+require_relative "vault_base"
 
 class Chef
   class Knife
@@ -47,8 +47,8 @@ class Chef
                  ChefVault::Exceptions::ItemNotFound
 
             raise ChefVault::Exceptions::ItemNotFound,
-                  "#{vault}/#{item} does not exist, "\
-                  "use 'knife vault create' to create."
+              "#{vault}/#{item} does not exist, "\
+              "use 'knife vault create' to create."
           end
         else
           show_usage

data/lib/chef/knife/vault_remove.rb

@@ -13,8 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "chef/knife/vault_base"
-require "chef/knife/vault_clients"
+require_relative "vault_base"
+require_relative "vault_clients"
 
 class Chef
   class Knife

data/lib/chef/knife/vault_rotate_all_keys.rb

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "chef/knife/vault_base"
+require_relative "vault_base"
 
 class Chef
   class Knife
@@ -45,9 +45,10 @@ class Chef
         end
       end
 
+      # Permalink for regex of replacing '_keys' with '': https://rubular.com/r/5cA5JNSyLfPSfY
       def vault_items(vault)
         Chef::DataBag.load(vault).keys.each_with_object([]) do |key, array|
-          array << key.sub("_keys", "") if key =~ /.+_keys$/
+          array << key.sub(/_keys(?=[^_keys]*$)/, "") if key =~ /.+_keys$/
         end
       end
 

data/lib/chef/knife/vault_rotate_keys.rb

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "chef/knife/vault_base"
+require_relative "vault_base"
 
 class Chef
   class Knife

data/lib/chef/knife/vault_show.rb

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "chef/knife/vault_base"
+require_relative "vault_base"
 
 class Chef
   class Knife

data/lib/chef/knife/vault_update.rb

@@ -13,9 +13,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "chef/knife/vault_base"
-require "chef/knife/vault_admins"
-require "chef/knife/vault_clients"
+require_relative "vault_base"
+require_relative "vault_admins"
+require_relative "vault_clients"
 
 class Chef
   class Knife
@@ -54,6 +54,11 @@ class Chef
         long: "--clean",
         description: "Clean clients before performing search"
 
+      option :keys_mode,
+        short: "-K KEYS_MODE",
+        long: "--keys-mode KEYS_MODE",
+        description: "Mode in which to save vault keys"
+
       def run
         vault = @name_args[0]
         item = @name_args[1]
@@ -62,16 +67,17 @@ class Chef
         json_file = config[:json]
         file = config[:file]
         clean = config[:clean]
+        keys_mode = config[:keys_mode]
 
         set_mode(config[:vault_mode])
 
-        if vault && item && ((values || json_file || file) || (search || clients || admins))
+        if vault && item && ((values || json_file || file) || (search || clients || admins) || (keys_mode))
           begin
             vault_item = ChefVault::Item.load(vault, item)
 
             # Keys management first
             if clean
-              vault_clients = vault_item.get_clients.clone().sort()
+              vault_clients = vault_item.get_clients.clone.sort
               vault_clients.each do |client|
                 ui.info "Deleting #{client}"
                 vault_item.delete_client(client)
@@ -91,7 +97,7 @@ class Chef
 
               if file
                 vault_item["file-name"] = File.basename(file)
-                vault_item["file-content"] = File.open(file) { |f| f.read() }
+                vault_item["file-content"] = File.open(file, &:read)
               end
 
               vault_item.save
@@ -105,6 +111,11 @@ class Chef
               "#{vault}/#{item} does not exist, "\
               "use 'knife vault create' to create."
           end
+
+          if keys_mode
+            vault_item.mode(keys_mode)
+            vault_item.save_keys
+          end
         else
           show_usage
         end

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: chef-vault
 version: !ruby/object:Gem::Version
-  version: 3.4.0
+  version: 4.0.6
 platform: ruby
 authors:
 - Thom May
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-09-19 00:00:00.000000000 Z
+date: 2020-08-13 00:00:00.000000000 Z
 dependencies: []
-description: Data encryption support for Chef using data bags
+description: Data encryption support for Chef Infra using data bags
 email:
 - thom@chef.io
 executables:
@@ -18,8 +18,10 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- Gemfile
 - LICENSE
 - bin/chef-vault
+- chef-vault.gemspec
 - lib/chef-vault.rb
 - lib/chef-vault/actor.rb
 - lib/chef-vault/certificate.rb
@@ -49,7 +51,7 @@ files:
 - lib/chef/knife/vault_update.rb
 homepage: https://github.com/chef/chef-vault
 licenses:
-- Apache License, v2.0
+- Apache-2.0
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -59,16 +61,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.2.0
+      version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
-summary: Data encryption support for Chef using data bags
+summary: Data encryption support for Chef Infra using data bags
 test_files: []