complex_config 0.14.1 → 0.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c28053b61dff2ae48b2da22e7bd5e8f2bcc80f48fdeaf490c9a2a607d4e876c9
-  data.tar.gz: cadf63913aeebf969f0f99d76a6be2e6c06cad5304f40699b96dce0fcd77e8f5
+  metadata.gz: 8e2e094436710a9fe5569cdb635d9d2230c07d401a084120d8d3a66e0b545155
+  data.tar.gz: 9d5d62f7903c36706445ab9b2f81b720aaf6c20bbc5e04a2aefc28d9a9c4e237
 SHA512:
-  metadata.gz: e00cb460bb319128e56fa2ea8607bdaa93a16bf64c279d2480d417633688e80eb8fc6e2ea905345862dbc8ad2174ef6d30b218742addb055108b9933c07142ee
-  data.tar.gz: 49a16f1422acee6f938c09e4de0fee07861b765c1ada576ecad07bb957f35fc0d6d35119287717af7ad8c4936de874d15a3c661a5069212af763dbfcc7022102
+  metadata.gz: 88b09d7bdd720f1fce793ac31592315d41268a76014fec760728b3a837b569fe294af91171534c2bdd20f71802bba68c1a06e8fc1a1d32759b50de3fe0cf2117
+  data.tar.gz: 7708530ed03359d75b9ef2be05014289f090399a5ff1cbbde1aceab1313245153ce3574b1a6d1bcef9649620a0b877307cdcc689685f5c6cfc16f529d03d699b

data/VERSION

@@ -1 +1 @@
-0.14.1
+0.15.0

data/bin/complex_config

@@ -4,8 +4,10 @@ require 'complex_config/rude'
 require 'tins/xt'
 include Tins::GO
 require 'tempfile'
+require 'fileutils'
+include FileUtils
 
-$opts = go 'h'
+$opts = go 'o:n:h'
 
 def usage(msg: 'Displaying help', rc: 0)
   puts <<~end
@@ -14,10 +16,12 @@ def usage(msg: 'Displaying help', rc: 0)
     Usage: #$0 COMMAND [OPTIONS] [FILENAME]"
 
     Commands are
-      edit      edit encrypted file FILENAME (suffix .enc)
-      encrypt   encrypt file FILENAME (suffix not .enc)
-      decrypt   decrypt file FILENAME (suffix .enc)
-      display   decrypt and display encrypted file FILENAME (suffix .enc)
+      edit        edit encrypted file FILENAME (suffix .enc)
+      encrypt     encrypt file FILENAME (suffix not .enc)
+      decrypt     decrypt file FILENAME (suffix .enc)
+      display     decrypt and display encrypted file FILENAME (suffix .enc)
+      new_key     generate a new key and display it
+      recrypt     recrypt a file, -o OLD_KEY to decrypt, -n NEW_KEY to encrypt
 
     Options are
 
@@ -86,7 +90,22 @@ when 'encrypt'
     f.write ComplexConfig::Provider.encrypt_config(fn, IO.binread(fn))
   end
   puts "File was encrypted to #{(fn + '.enc').inspect}. You can remove #{fn.inspect} now."
+when 'new_key'
+  puts ComplexConfig::Provider.new_key
+when 'recrypt'
+  old_key = $opts[?o] && ComplexConfig::Provider.valid_key?($opts[?o]) or
+    usage msg: "-o OLD_KEY option required and has to be valid", rc: 1
+  new_key = $opts[?n] && ComplexConfig::Provider.valid_key?($opts[?n]) or
+    usage msg: "-n NEW_KEY option required and has to be valid", rc: 1
+  encrypted_fn = fetch_filename
+  encrypted_text = IO.binread(encrypted_fn + '.enc')
+  decrypted_text = ComplexConfig::Encryption.new(old_key.key_bytes).decrypt(encrypted_text)
+  recrypted_text = ComplexConfig::Encryption.new(new_key.key_bytes).encrypt(decrypted_text)
+  File.secure_write(encrypted_fn + '.enc') do |f|
+    f.write(recrypted_text)
+    mv encrypted_fn + '.enc', encrypted_fn + '.enc.bak'
+  end
+  puts "File was recrypted as #{(encrypted_fn + '.enc').inspect}. You can remove #{(encrypted_fn + '.enc.bak').inspect} now."
 else
   usage msg: "Unknown command #{command.inspect}", rc: 1
 end
-

data/complex_config.gemspec

@@ -1,9 +1,9 @@
 # -*- encoding: utf-8 -*-
-# stub: complex_config 0.14.1 ruby lib
+# stub: complex_config 0.15.0 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "complex_config".freeze
-  s.version = "0.14.1"
+  s.version = "0.15.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib".freeze]

data/lib/complex_config/encryption.rb

@@ -10,7 +10,6 @@ class ComplexConfig::Encryption
   end
 
   def encrypt(text)
-
     @cipher.encrypt
     @cipher.key = @secret
     iv = @cipher.random_iv

data/lib/complex_config/provider.rb

@@ -195,6 +195,18 @@ class ComplexConfig::Provider
 
   attr_writer :master_key_pathname
 
+  def new_key
+    SecureRandom.hex(16)
+  end
+
+  def valid_key?(key)
+    ks = ComplexConfig::KeySource.new(var: key)
+    ComplexConfig::Encryption.new(ks.key_bytes)
+    ks
+  rescue
+    false
+  end
+
   private
 
   def interpret_name_value(name, value)
@@ -217,7 +229,7 @@ class ComplexConfig::Provider
     ks =
       case encrypt
       when :random
-        ComplexConfig::KeySource.new(var: SecureRandom.hex(16))
+        ComplexConfig::KeySource.new(var: new_key)
       when true
         key_source(pathname)
       when String

data/lib/complex_config/version.rb

@@ -1,6 +1,6 @@
 module ComplexConfig
   # ComplexConfig version
-  VERSION         = '0.14.1'
+  VERSION         = '0.15.0'
   VERSION_ARRAY   = VERSION.split('.').map(&:to_i) # :nodoc:
   VERSION_MAJOR   = VERSION_ARRAY[0] # :nodoc:
   VERSION_MINOR   = VERSION_ARRAY[1] # :nodoc:

data/spec/complex_config/provider_spec.rb

@@ -156,6 +156,11 @@ RSpec.describe ComplexConfig::Provider do
     it 'can read when key is stored in file' do
       expect(described_class['with-key-file'].development.foo.bar).to eq 'baz'
     end
+
+    it 'can check the size of a given key' do
+      expect(described_class).to be_valid_key(key)
+      expect(described_class).not_to be_valid_key(key + ' blub')
+    end
   end
 
   context 'writing encrypted configurations' do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: complex_config
 version: !ruby/object:Gem::Version
-  version: 0.14.1
+  version: 0.15.0
 platform: ruby
 authors:
 - Florian Frank