cici 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: e0e0d27ce6125fb072e36aa5a3e197bd3ad70742d5171c2f2f360b771179d23a
+  data.tar.gz: bd919b3ef9990aa2952461ee646febdb9c803fbafe2c2f298d5168ea0b286731
+SHA512:
+  metadata.gz: d1f5f125bbcfb71b5975f1cec0a5aeb7a442af524ceca952d6e8583da752bfb79627397958768bacd88dc89aa44c4333053f0f8fe76a5de58c6b5a381fddd735
+  data.tar.gz: 71614938679b2d015f7224e5d4d4f754d2d116a8a687fe3a5b36fed1aded3e429720fe3640b8475a7703d4e1acae5e73d17bf68d2cbb320c456d143a3d7e27be

data/CHANGELOG.md

@@ -0,0 +1,8 @@
+## [0.1.0] - 2019-12-17
+
+### Added 
+- CLI able to compress and encrypt directory.
+- CLI able to decrypt, uncompress, and copy files to destinations.
+- CLI reads from yml config file to control whole program. 
+- CLI adds entries to .gitignore so secrets do not get added to repo by accident. 
+- CLI able to encrypt/decrypt a default set of files or a separate collection of files.

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2019 Levi Bostian <levi.bostian@gmail.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,212 @@
+[![Gem](https://img.shields.io/gem/v/cici.svg)](https://rubygems.org/gems/cici)
+[![Travis (.com)](https://travis-ci.com/levibostian/cici.svg?branch=master)](https://travis-ci.com/levibostian/cici)
+[![GitHub](https://img.shields.io/github/license/levibostian/cici.svg)](https://github.com/levibostian/cici)
+
+# cici
+
+*Confidential Information for Continuous Integration (CICI)*
+
+When environment variables are not enough and you need to store secrets within files, `cici` is your friend. Store secret files in your source code repository with ease. 
+
+*Note: Can be used without a CI server, but tool is primarily designed for your CI server to decrypt your secret files for deployment.*
+
+# What is cici?
+
+`cici` is a CLI program where you can encrypt a directory of confidential files on your local machine, then decrypt that directory of files on a CI server with great ease and flexibility. Store secrets in your source code, easily without checking those secrets into source control. 
+
+# Why use cici?
+
+`cici` was inspired by Travis-CI's ability to encrypt files, but it's only limited to encrypting 1 file, per Travis repository. We can get around the 1 file limitation because we can just compress a directory of files into 1 compressed file using `zip` or `tar`. Well, that's great, but what about when we get to the CI server and we need to decrypt those secret files and then copy them from their original source to their final destination? It can start to get complex. 
+
+It would be awesome if we could simply write 1 command on the CI server: `cici decrypt` and automatically for us, the secret files our project depends on will be decrypted and then each secret file is copied to their destination in the source code. Nice! 
+
+But what if we have a production and a staging server? Easy. `cici decrypt --set production` or `cici decrypt --set staging`. `cici` can be configured with any number of sets of files. 
+
+Besides this simplicity and power, `cici` provides some nice features:
+1. Use `cici` with any CI service or git hosting service. It's not opinionated. You don't even need to use a CI service, really, if you just want to store private files in source code. 
+2. `cici` will add entries to your `.gitignore` file for you to make sure you don't accidentally add secrets to your git repo. 
+3. Full flexibility of where your secrets are stored with a configuration file you check into source control. 
+
+# Getting started 
+
+* Install this tool:
+
+```
+gem install cici
+```
+
+* Config. Let's use an example to explain the rest of the guide on getting started. 
+
+Let's say that you're building an app with the following secret files required to compile your project:
+1. `.env`
+2. `src/firebase/firebase-secrets.json`
+3. `App/GoogleService-Info.plist`
+
+Let's also say that we have a production and a beta app. 2 separate environments that require the same 3 files for each environment. 
+
+All you need to do is...
+1. Create a `secrets/` directory in your project source code with this file structure:
+```
+secrets/
+  .env
+  src/
+    firebase/
+      firebase-secrets.json
+  App/
+    GoogleService-Info.plist
+  beta/
+    .env
+    src/
+      firebase/
+        firebase-secrets.json
+    App/
+      GoogleService-Info.plist
+```
+
+2. Create a `.cici.yml` config file in the root of your project with the following:
+
+```yml
+default:
+  secrets:
+    - ".env"
+    - "src/firebase/firebase-secrets.json"
+    - "App/GoogleService-Info.plist"
+sets:
+  beta:
+```
+
+This config file here defines a default set of files that are secrets and also states that we have a set of files besides the default for "beta". `cici` requires you state a default set of secret files. It's up to you to decide what that default is. In this example, we decided that production should be the default set. You can have a development environment be your default. Then all other sets you need, define those in `sets` in the config. 
+
+* Time to encrypt!
+
+On your local development machine, run the command: `cici encrypt`. You will know the command ran successfully when you see "Success!" with further instructions of what to do next. 
+
+Make sure to follow the instructions printed out after the command so you can successfully decrypt. This includes setting *secret* environment variables on your CI machine (or whatever machine you're decrypting the data). Note: Make sure to keep these environment variables a secret. Follow the instructions for your given CI service to create environment variables that are not publicly viewable.
+
+Here are some instructions for some CI providers. Add yours if you don't see it below:
+* [Travis-CI](https://docs.travis-ci.com/user/environment-variables/#defining-encrypted-variables-in-travisyml)
+
+* Now, it's time to decrypt. After you add the secret environment variables above, you need to run one of the following commands on the CI server:
+
+```
+cici decrypt 
+```
+
+...for the default production environment...
+
+or,
+
+```
+cici decrypt --set beta 
+```
+
+...for the beta environment. 
+
+Done! What `cici` has done is (1) decrypted the encrypted file you made with the encryption step, (2) taken the production set of files or the beta set of files and copied them from the "secrets" directory into your project's source code where they belong. 
+
+So, if you have the following configuration file:
+
+```yml
+default:
+  secrets:
+    - ".env"
+    - "src/firebase/firebase-secrets.json"
+```
+
+and you run `cici decrypt`, `cici` will perform the following copy operations for you:
+
+1. `secrets/.env` -> `.env`
+2. `secrets/src/firebase/firebase-secrets.json` -> `src/firebase/firebase-secrets.json`
+
+and if you run `cici decrypt --set beta`, `cici` will perform the following copy operations for you:
+
+1. `secrets/beta/.env` -> `.env`
+2. `secrets/beta/src/firebase/firebase-secrets.json` -> `src/firebase/firebase-secrets.json`
+
+You're all done! I hope you enjoy `cici`. 
+
+# Advanced configuration 
+
+Here is a more advanced configuration file including all options the config file has to offer:
+
+```yml
+path: "_secrets"
+default:
+  secrets:
+    - "file.txt"
+    - "path/file2.txt"
+sets:
+  production:
+    path: "_production"
+  staging:
+    secrets:
+      - "file3.txt"
+output: "secrets_cici"
+skip_gitignore: false
+```
+
+Here is a breakdown of this file:
+
+```yml
+path: (optional, default 'secrets') - the name of the directory your secrets are stored.
+default: (required) - specifies a default set of files you want to encrypt/decrypt
+  secrets:
+    - "file.txt"
+    - "path/file2.txt"
+sets: (optional) - specify a unique collection of files to encrypt/decrypt
+  production: name of a set used as CLI argument to decrypt
+    path: (optional, default name of set) - subdirectory within "path" to store files for this set 
+  staging: another set
+    secrets: (optional, default is default secrets within subdirectory) set of files to encrypt/decrypt.
+      - "file3.txt"
+output: "secrets_cici" (optional, default, "secrets") - output file name when secrets compressed
+skip_gitignore: (optional, default true) - have cici add rules to .gitignore automatically or not for you. 
+```
+
+## Development 
+
+```bash
+$> bundle install
+```
+
+You're ready to start developing! 
+
+##### Lint
+
+```
+bundle exec rake lint
+```
+
+##### Build/install
+
+```
+bundle exec rake install
+bundle exec cici # You're running cici!
+```
+
+Or, 
+
+```
+bundle exec rake build; gem install cici*.gem
+cici # you have installed cici to your whole machine!
+```
+
+## Deployment 
+
+This gem is setup automatically to deploy to RubyGems on a git tag deployment. 
+
+* Add `RUBYGEMS_KEY` secret to Travis-CI's settings. 
+* Make a new git tag, push it up to GitHub. Travis will deploy for you. 
+
+## Author
+
+* Levi Bostian - [GitHub](https://github.com/levibostian), [Twitter](https://twitter.com/levibostian), [Website/blog](http://levibostian.com)
+
+![Levi Bostian image](https://gravatar.com/avatar/22355580305146b21508c74ff6b44bc5?s=250)
+
+## Contribute
+
+cici is open for pull requests. Check out the [list of issues](https://github.com/levibostian/cici/issues) for tasks I am planning on working on. Check them out if you wish to contribute in that way.
+
+**Want to add features?** Before you decide to take a bunch of time and add functionality to the library, please, [create an issue]
+(https://github.com/levibostian/cici/issues/new) stating what you wish to add. This might save you some time in case your purpose does not fit well in the use cases of this project.

data/bin/cici

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'cici'
+
+CICI::CLI.new

data/lib/cici.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'cici/cli'

data/lib/cici/cli.rb

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+require 'colorize'
+require 'optparse'
+require 'set'
+require 'pathname'
+require_relative './ui'
+require_relative './util'
+require_relative './encrypt'
+require_relative './decrypt'
+require_relative './version'
+require_relative './config'
+
+module CICI
+  Options = Struct.new(:verbose, :debug, :help, :set)
+
+  class CLI
+    def initialize
+      @options = parse_options
+
+      @ui = CICI::UI.new(@options.verbose, @options.debug)
+      @ui.debug("Options: #{@options}")
+
+      @config = CICI::Config.new(@ui)
+      @config.load
+
+      run_command
+    end
+
+    def run_command
+      case ARGV[0]
+      when 'encrypt'
+        encrypt
+      when 'decrypt'
+        decrypt
+      else
+        @ui.fail('Command invalid.')
+        print_help(1)
+      end
+    end
+
+    def print_help(exit_code)
+      puts @options.help
+      exit exit_code
+    end
+
+    def parse_options
+      options = Options.new
+      options.verbose = false
+      options.debug = false
+
+      opt_parser = OptionParser.new do |opts|
+        opts.banner = 'Usage: cici encrypt|decrypt [options]'
+
+        opts.on('-v', '--version', 'Print version') do
+          puts CICI::Version.get
+          exit
+        end
+        opts.on('--verbose', 'Verbose output') do
+          options.verbose = true
+        end
+        opts.on('--debug', 'Debug output (also turns on verbose)') do
+          options.verbose = true
+          options.debug = true
+        end
+        opts.on('--set SET_NAME', 'Set to decrypt (Note: option ignored for encrypt command)') do |set_name|
+          options.set = set_name
+        end
+        opts.on('-h', '--help', 'Prints this help') do
+          puts opts
+          exit
+        end
+      end
+
+      help = opt_parser.help
+      options.help = help
+      abort(help) if ARGV.empty?
+
+      opt_parser.parse!(ARGV)
+
+      options
+    end
+
+    def encrypt
+      CICI::Encrypt.new(@ui, @config).start
+    end
+
+    def decrypt
+      CICI::Decrypt.new(@ui, @config).start(@options.set)
+    end
+  end
+end

data/lib/cici/config.rb

@@ -0,0 +1,128 @@
+# frozen_string_literal: true
+
+require 'yaml'
+require 'set'
+
+module CICI
+  class Config
+    def initialize(ui)
+      @ui = ui
+    end
+
+    def load
+      config_file_name = '.cici.yml'
+
+      @ui.fail("Cannot find config file, #{config_file_name} in current directory.") unless File.file?(config_file_name)
+
+      config_file_contents = File.read(config_file_name)
+      @config = YAML.safe_load(config_file_contents)
+
+      @ui.verbose("Loaded config from file, #{config_file_name}")
+      @ui.debug("Config: #{@config}")
+    end
+
+    # Functions below are to pull out parts from the config file
+
+    # Get "path", or default value
+    def base_path
+      @config['path'] || 'secrets'
+    end
+
+    # Gets default array of secrets. Each secrets includes 'base_path' so they each look like:
+    # "secrets/path_to_file/file.txt"
+    def default_secrets
+      default_secrets_without_base_path.map { |secret_path| Pathname.new(base_path).join(secret_path).to_s }
+    end
+
+    # Same as default_secrets(), but omit "base_path" inclusion. So you get raw entires from config file.
+    def default_secrets_without_base_path
+      secrets = []
+      return secrets unless @config.key? 'default'
+
+      return @config['default']['secrets'] if @config['default'].key? 'secrets'
+    end
+
+    # Get a Hash for the set from the config file
+    def set(name)
+      @ui.fail("Set, #{name}, does not exist in config file.") unless @config['sets'].key? name
+
+      set = @config['sets'][name]
+
+      set = {} if set.nil?
+
+      set
+    end
+
+    # Gets the "base_path" for where all secrets will be stored for a set.
+    # If set name is `production` and base path is `secrets/`, this function could return: "secrets/production/"
+    def path_for_set(set_name)
+      set = set(set_name)
+      path = Pathname.new(base_path)
+
+      directory = set.key?('path') ? set['path'] : set_name
+      path = path.join(directory)
+
+      path.to_s
+    end
+
+    # Same as secrets_for_set(), but omit "base_path" inclusion. So you get raw entires from config file.
+    def secrets_for_set_without_base_path(set_name)
+      set = set(set_name)
+      return set['secrets'] if set.key? 'secrets'
+
+      default_secrets_without_base_path
+    end
+
+    # Gets array of secrets for a set. Each secrets includes 'base_path' so they each look like:
+    # "secrets/name-of-set/path_to_file/file.txt"
+    def secrets_for_set(set_name)
+      secrets_for_set_without_base_path(set_name).map { |secret_path| Pathname.new(path_for_set(set_name)).join(secret_path).to_s }
+    end
+
+    # Should skip gitignore operation?
+    def skip_gitignore?
+      skip = false
+      return @config['skip_gitignore'] if @config.key? 'skip_gitignore'
+
+      skip
+    end
+
+    # Get array of all secrets, including their base paths. So, a collection of files in the secrets directory to compress.
+    def all_secrets
+      secrets = Set[]
+      secrets.merge(default_secrets)
+      sets.keys.each { |set_key| secrets.merge(secrets_for_set(set_key)) }
+
+      secrets.to_a
+    end
+
+    # Same as all_secrets(), but without base paths. So, a collection of files in their original source locations.
+    def all_secrets_original_paths
+      secrets = Set[]
+      secrets.merge(default_secrets_without_base_path)
+      sets.keys.each { |set_key| secrets.merge(secrets_for_set_without_base_path(set_key)) }
+
+      secrets.to_a
+    end
+
+    # Hash of all sets
+    def sets
+      sets = {}
+      sets = @config['sets'] if @config.key? 'sets'
+      sets
+    end
+
+    # outout file name. Includes file extension
+    def output_file
+      output_file = 'secrets.tar'
+      output_file = "#{@config['output']}.tar" unless @config['output'].nil?
+
+      output_file
+    end
+
+    # output file name plus encryption file extension
+    def output_file_encrypted
+      "#{output_file}.enc"
+    end
+  end
+end

data/lib/cici/constants.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module CICI
+  DECRYPT_KEY_ENV_VAR = 'CICI_DECRYPT_KEY'
+  DECRYPT_IV_ENV_VAR = 'CICI_DECRYPT_IV'
+end

data/lib/cici/decrypt.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+require 'colorize'
+require 'optparse'
+require 'set'
+require 'pathname'
+require_relative './ui'
+require_relative './util'
+require_relative './constants'
+require 'base64'
+require 'openssl'
+require 'fileutils'
+
+module CICI
+  class Decrypt
+    include CICI
+
+    def initialize(ui, config)
+      @ui = ui
+      @config = config
+      @util = CICI::Util.new(@ui)
+    end
+
+    def start(set)
+      @set = set
+
+      assert_encrypted_secret_exist
+      decrypt
+      decompress
+      copy_files
+
+      @ui.success('Files successfully decrypted and copied to their destination!')
+    end
+
+    private
+
+    def assert_encrypted_secret_exist
+      @ui.fail("Encrypted secrets file, #{@config.output_file_encrypted}, does not exist") unless File.file?(@config.output_file_encrypted)
+    end
+
+    def decrypt
+      @ui.verbose('Decrypting secrets encrypted file.')
+
+      decipher = OpenSSL::Cipher.new('AES-256-CBC')
+      decipher.decrypt
+      decipher.key = Base64.decode64(@util.get_env(CICI::DECRYPT_KEY_ENV_VAR))
+      decipher.iv = Base64.decode64(@util.get_env(CICI::DECRYPT_IV_ENV_VAR))
+
+      plain = decipher.update(File.read(@config.output_file_encrypted)) + decipher.final
+      File.write(@config.output_file, plain)
+    end
+
+    def decompress
+      @ui.verbose('Decompressing compressed file.')
+
+      @util.run_command("tar xvf #{@config.output_file}")
+    end
+
+    def copy_files
+      @ui.verbose('Copying files to their final destination')
+
+      copy_file = lambda { |path, secrets_path|
+        source = Pathname.new(secrets_path).join(path).to_s
+        destination = path
+
+        @ui.verbose("Copying file from #{source} to #{destination}")
+
+        parent_directory = Pathname.new(destination).expand_path.dirname.to_s
+
+        @ui.debug("mkdir -p for: #{parent_directory}")
+        FileUtils.mkdir_p(parent_directory)
+        @ui.debug("cp -r for, source: #{source}, destination: #{destination}")
+        FileUtils.cp_r(source, destination)
+      }
+
+      if @set.nil?
+        @config.default_secrets_without_base_path.each do |secret|
+          copy_file.call(secret, @config.base_path)
+        end
+      else
+        @config.secrets_for_set_without_base_path(@set).each do |secret|
+          copy_file.call(secret, @config.path_for_set(@set))
+        end
+      end
+    end
+  end
+end

data/lib/cici/encrypt.rb

@@ -0,0 +1,113 @@
+# frozen_string_literal: true
+
+require 'colorize'
+require 'optparse'
+require 'set'
+require 'pathname'
+require_relative './ui'
+require_relative './util'
+require_relative './constants'
+require 'openssl'
+require 'base64'
+
+module CICI
+  class Encrypt
+    include CICI
+
+    def initialize(ui, config)
+      @ui = ui
+      @config = config
+      @util = CICI::Util.new(@ui)
+    end
+
+    def start
+      assert_secret_files_exist
+      compress
+      assert_files_in_gitignore
+      encrypt
+    end
+
+    private
+
+    def assert_secret_files_exist
+      @ui.verbose('Asserting secret files exist')
+
+      assert_file_exists = lambda { |file|
+        @ui.debug("Checking #{file} exists...")
+
+        @ui.fail("File or directory at path #{file} does not exist. Can't encrypt your secrets with missing secrets.") unless File.exist?(file)
+      }
+
+      @ui.verbose("Checking secrets exist in #{@config.base_path} directory.")
+
+      @config.all_secrets.each do |file|
+        assert_file_exists.call(file)
+      end
+    end
+
+    def compress
+      @ui.verbose('Compressing secrets...')
+
+      @util.run_command("tar cvf #{@config.output_file} #{@config.base_path}")
+    end
+
+    def encrypt
+      @ui.verbose("Encrypting #{@config.output_file} to file #{@config.output_file_encrypted}")
+
+      aes = OpenSSL::Cipher.new('AES-256-CBC')
+      data = File.binread(@config.output_file)
+      aes.encrypt
+      key = aes.random_key
+      iv = aes.random_iv
+      File.write(@config.output_file_encrypted, aes.update(data) + aes.final)
+
+      @ui.success('Success! Now, you need to follow these last few steps:')
+      @ui.success("1. Make sure to add #{@config.output_file_encrypted} to your source code repository")
+      @ui.success("2. Create a *secret* environment variable with key: #{CICI::DECRYPT_KEY_ENV_VAR} with value: #{Base64.encode64(key).strip}")
+      @ui.success("3. Create a *secret* environment variable with key: #{CICI::DECRYPT_IV_ENV_VAR} with value: #{Base64.encode64(iv).strip}")
+    end
+
+    def assert_files_in_gitignore
+      ignore_file_name = '.gitignore'
+
+      if @config.skip_gitignore? || !File.exist?(ignore_file_name)
+        @ui.verbose('Skipping adding entries to .gitignore file')
+        return
+      end
+
+      @ui.verbose("Adding entries to #{ignore_file_name} file")
+
+      current_gitignore_file_contents = Set[]
+      File.foreach(ignore_file_name).with_index do |line, _line_num|
+        line = line.strip
+        current_gitignore_file_contents = current_gitignore_file_contents.add(line)
+      end
+      @ui.debug("current contents of #{ignore_file_name}: #{current_gitignore_file_contents}")
+
+      new_gitignore_additions = current_gitignore_file_contents.clone
+      add_to_gitignore = lambda { |file|
+        new_gitignore_additions = new_gitignore_additions.add(file)
+      }
+
+      # Add all but the encrypted output file as that is required for decryption
+      add_to_gitignore.call(@config.output_file)
+      add_to_gitignore.call(@config.base_path)
+      @config.all_secrets_original_paths.each do |secret_file|
+        add_to_gitignore.call(secret_file)
+      end
+
+      new_gitignore_additions -= current_gitignore_file_contents
+      @ui.debug("additions to #{ignore_file_name}: #{new_gitignore_additions}")
+
+      new_gitignore_additions = new_gitignore_additions.to_a
+      unless new_gitignore_additions.empty? # only write if something to add
+        @ui.debug("writing new #{ignore_file_name} additions: #{new_gitignore_additions}")
+        gitignore_file_prepended_additions = new_gitignore_additions.join("\n") + "\n\n" + File.read(ignore_file_name)
+
+        File.write(ignore_file_name, gitignore_file_prepended_additions)
+      end
+
+      @ui.verbose("Done adding entries to #{ignore_file_name}")
+    end
+  end
+end

data/lib/cici/ui.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'colorize'
+require 'optparse'
+
+module CICI
+  class UI
+    def initialize(verbose, debug)
+      @verbose = verbose
+      @debug = debug
+    end
+
+    def success(message)
+      puts message.colorize(:green)
+    end
+
+    def fail(message)
+      abort(message.colorize(:red))
+    end
+
+    def warning(message)
+      puts message.to_s.colorize(:yellow)
+    end
+
+    def verbose(message)
+      puts message.to_s if @verbose
+    end
+
+    def debug(message)
+      puts message.to_s.colorize(:light_blue) if @debug
+    end
+  end
+end

data/lib/cici/util.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module CICI
+  class Util
+    def initialize(ui)
+      @ui = ui
+    end
+
+    def run_command(command)
+      @ui.warning("Running command: #{command}")
+      success = system(command)
+      @ui.fail("\nCommand failed. Fix issue and try again.") unless success
+    end
+
+    def get_env(name)
+      @ui.fail("Forgot to specify environment variable, #{name}") unless ENV[name]
+      ENV[name]
+    end
+  end
+end

data/lib/cici/version.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module CICI
+  class Version
+    def self.get
+      '0.1.0'
+    end
+  end
+end

metadata

@@ -0,0 +1,159 @@
+--- !ruby/object:Gem::Specification
+name: cici
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Levi Bostian
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-12-18 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.8.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.8.1
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.58'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.58.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.58'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.58.2
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 12.3.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 12.3.1
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.8.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.8.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+- !ruby/object:Gem::Dependency
+  name: rspec_junit_formatter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.4.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.4.1
+description: When environment variables are not enough and you need to store secrets
+  within files, cici is your friend. Store secret files in your source code repository
+  with ease. Can be used without a CI server, but tool is primarily designed for your
+  CI server to decrypt these secret files for deployment.
+email: levi.bostian@gmail.com
+executables:
+- cici
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE
+- README.md
+- bin/cici
+- lib/cici.rb
+- lib/cici/cli.rb
+- lib/cici/config.rb
+- lib/cici/constants.rb
+- lib/cici/decrypt.rb
+- lib/cici/encrypt.rb
+- lib/cici/ui.rb
+- lib/cici/util.rb
+- lib/cici/version.rb
+homepage: https://github.com/levibostian/cici
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.6
+signing_key: 
+specification_version: 4
+summary: Confidential Information for Continuous Integration (CICI)
+test_files: []