cryptoform 0.2.0 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f0f9f5718fd04bc8d3b41709ab275e3c3149c687a05620d08befcfe6ab142465
4
- data.tar.gz: e1007775f8a6ac33000f526f99f9704339e715c133b663a0c29ba00d625acfa3
3
+ metadata.gz: 633406ee496476f536770fa7e1dc5f9483f9d20e2146d264a4124546f7527b32
4
+ data.tar.gz: ee177df230dfa9fc43b85c82ceb277baa34a36389ed338dda6cea9e70ca4e3df
5
5
  SHA512:
6
- metadata.gz: 24159b9944f41adae6d9a040531d6470dd5bac1a3de7d08e7d736ece145c7e4f827f3cb205bcc99179005b4cbf04ff21ab6556ee89ad043b5b99946ab5924853
7
- data.tar.gz: 5bb71e41df20928ec480e2eb0c497646e7b43b7087a083900e0f2ddef3926237cc6f95aea6d4f9d04bd0b436309e7b6fe712423c8f1cb67817edbd10c513f8d1
6
+ metadata.gz: 02c095397d6fce68b45e6ed75408626a8170877eea2a2a8fa38959f41e7f13452b948798e16acdb0dc1ae98cb5ad31db39ad87247fa2aa4b7a4070095033f1d8
7
+ data.tar.gz: d2c352d5004399d1e8d93427ff1a6faf370bcf646e5ce4e2305f14b8f8d9dcd41933c4324fb8f8ccc3c6ed92c953574dff19e659489cc9e4fb166913efc940ae
data/README.md CHANGED
@@ -1,13 +1,13 @@
1
1
  # Cryptoform
2
2
 
3
3
  Implemented as an http backend, cryptoform encypts your state using one of the providers and stores in one
4
- on the backends. Currently only [lockbox](https://github.com/ankane/lockbox) provider and file backend
4
+ on the backends. Currently only [lockbox](https://github.com/ankane/lockbox) provider and file backend
5
5
  are supported. The tool designed to be modular so other encryption providers and backends may be added
6
6
  later on.
7
7
 
8
8
  ## Why
9
9
 
10
- Even though it's strongly recommended to use S3 or some other 3rd party service to store the state, and
10
+ Even though it's strongly recommended to use S3 or some other 3rd party service to store the state, and
11
11
  using git to store it is discouraged, sometimes it's still very handy to not have any external services
12
12
  and store the state in git, encryted for better safety. For instance: you work on the project alone and
13
13
  you don't need locking(an external lock mechanism can be supported in the future) and you don't want to
@@ -15,34 +15,46 @@ bother configuring an external state store.
15
15
 
16
16
  ## Installation
17
17
 
18
+ ### Native installation
19
+
18
20
  1. Install one of supported ruby versions: 3.2 or newer
19
21
  2. In your terraform project, create 2 files:
20
-
21
- *Gemfile*:
22
- ```ruby
23
- # frozen_string_literal: true
24
22
 
25
- source "https://rubygems.org"
23
+ _Gemfile_:
24
+
25
+ ```ruby
26
+ # frozen_string_literal: true
27
+
28
+ source "https://rubygems.org"
29
+
30
+ gem "cryptoform"
31
+ ```
26
32
 
27
- gem "cryptoform"
28
- ```
29
33
  3. Run `bundle install`
30
- 4. TODO: Run `bundle exec rake cryptoform:init` and save the printed key.
31
- 5. Run `CRYPTOFORM_KEY=<key from the previous step> bundle exec cryptoform`
32
- 6. Configure your terraform backend:
33
- ```hcl
34
- terraform {
35
- backend "http" {
36
- address = "http://127.0.0.1:3000/state"
37
- }
38
- }
39
- ```
40
-
41
- TODO: ship in docker?
34
+ 4. Run `bundle exec cryptoform init` and follow the instructions.
35
+
36
+ ### Docker
37
+
38
+ 1. Download the script `wget https://raw.githubusercontent.com/zhulik/cryptoform/main/cryptoform`
39
+ 2. **Read it, never trust random scripts from the internet**. Adjust the scrupt if needed.
40
+ 3. Make it executable `chmod +x ./cryptoform`
41
+ 4. Run it `./cryptoform init`
42
42
 
43
43
  ## Cryptofile
44
44
 
45
- TODO: Write Cryptofile details here
45
+ ```ruby
46
+ port 3000 # Optional, default is 3000
47
+
48
+ state :state do # required, name can be different if you like
49
+ # only file is supported, state will be stored in <state name>.tfstate.enc
50
+ storage_backend :file, name: "state.tfstate.env" # required, file name can be overwriten if needed
51
+
52
+ # lockbox and diff_lockbox are supported backends, both use lockbox gem,
53
+ # but diff_lockbox only encrypts JSON scalar values making the state file
54
+ # a little bit less secure, but partially human readable and gid diff friendly.
55
+ encryption_backend :diff_lockbox, key: -> { ENV.fetch("CRYPTOFORM_KEY") } # required, `key` is also required
56
+ end
57
+ ```
46
58
 
47
59
  ## Development
48
60
 
@@ -52,7 +64,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
52
64
 
53
65
  ## Contributing
54
66
 
55
- Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/cryptoform. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/cryptoform/blob/main/CODE_OF_CONDUCT.md).
67
+ Bug reports and pull requests are welcome on GitHub at https://github.com/zhulik/cryptoform. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/zhulik/cryptoform/blob/main/CODE_OF_CONDUCT.md).
56
68
 
57
69
  ## License
58
70
 
@@ -60,4 +72,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
60
72
 
61
73
  ## Code of Conduct
62
74
 
63
- Everyone interacting in the Cryptoform project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/cryptoform/blob/main/CODE_OF_CONDUCT.md).
75
+ Everyone interacting in the Cryptoform project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/zhulik/cryptoform/blob/main/CODE_OF_CONDUCT.md).
@@ -0,0 +1,35 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "lib/cryptoform/version"
4
+
5
+ Gem::Specification.new do |spec|
6
+ spec.name = "cryptoform"
7
+ spec.version = Cryptoform::VERSION
8
+ spec.authors = ["Gleb Sinyavskiy"]
9
+ spec.email = ["zhulik.gleb@gmail.com"]
10
+
11
+ spec.summary = "Save your encypted terraform state in git."
12
+ spec.description = "Save your encypted terraform state in git."
13
+ spec.homepage = "https://github.com/zhulik/cryptoform"
14
+ spec.license = "MIT"
15
+ spec.required_ruby_version = ">= 3.2.0"
16
+
17
+ spec.metadata["homepage_uri"] = spec.homepage
18
+ spec.metadata["source_code_uri"] = spec.homepage
19
+ spec.metadata["changelog_uri"] = "https://github.com/zhulik/cryptoform/releases"
20
+
21
+ spec.files = Dir["lib/**/*.rb"] + Dir["exe/*"] + ["cryptoform.gemspec", "README.md"]
22
+ spec.bindir = "exe"
23
+ spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
24
+ spec.require_paths = ["lib"]
25
+
26
+ spec.add_dependency "base64", "~> 0.2"
27
+ spec.add_dependency "lockbox", "~> 1.3"
28
+ spec.add_dependency "rackup", "~> 2.1"
29
+ spec.add_dependency "sinatra", "~> 4.0"
30
+ spec.add_dependency "sinatra-contrib", "~> 4.0"
31
+ spec.add_dependency "thor", "~> 1.3"
32
+ spec.add_dependency "zeitwerk", "~> 2.6"
33
+
34
+ spec.metadata["rubygems_mfa_required"] = "true"
35
+ end
data/exe/cryptoform CHANGED
@@ -1,12 +1,83 @@
1
1
  #!/usr/bin/env ruby
2
2
  # frozen_string_literal: true
3
3
 
4
+ ENV["APP_ENV"] = "production"
5
+
4
6
  require "cryptoform"
5
7
 
6
- begin
7
- Sync do
8
- Cryptoform.run("Cryptofile")
8
+ class CryptoformCLI < Thor
9
+ CRYPTOFOFILE = "Cryptofile"
10
+ class << self
11
+ def exit_on_failure?
12
+ false
13
+ end
14
+ end
15
+
16
+ desc "server", "run cryptoform server"
17
+ option :cryptofile, type: :string, default: CRYPTOFOFILE
18
+ def server
19
+ Cryptoform.run!(File.read(options[:cryptofile]))
20
+ end
21
+
22
+ desc "validate", "validate your cryptofile"
23
+ option :cryptofile, type: :string, default: CRYPTOFOFILE
24
+ def validate
25
+ Cryptoform.load_cryptofile!(File.read(options[:cryptofile]))
26
+ puts "#{options[:cryptofile]} is valid!"
27
+ rescue Cryptoform::ConfigValidationError => e
28
+ puts "#{options[:cryptofile]} is invalid:"
29
+ puts(e.message)
30
+ end
31
+
32
+ desc "init", "initialize project"
33
+ option :cryptofile, type: :string, default: CRYPTOFOFILE
34
+ option :generate_key, type: :boolean, default: true
35
+ option :port, type: :numeric, default: 3000
36
+ option :name, type: :string, default: "state"
37
+ option :storage_backend, type: :string, default: "file"
38
+ option :encryption_backend, type: :string, default: "diff_lockbox"
39
+ option :force, type: :boolean, default: false
40
+ def init # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
41
+ if File.exist?(cryptofile_path) && !options[:force]
42
+ puts("#{cryptofile_path} already exists, is the project already initialized?")
43
+ exit(1)
44
+ end
45
+
46
+ config_generator = Cryptoform::ConfigGenerator.new(
47
+ **options.slice(:name, :port, :storage_backend, :encryption_backend).transform_keys(&:to_sym)
48
+ )
49
+ cryptofile = config_generator.generate_cryptofile
50
+ config = Cryptoform.load_cryptofile!(cryptofile)
51
+
52
+ if options[:generate_key]
53
+ key = config.config.states[options[:name].to_sym].encryption_backend.generate_key
54
+ puts("We generated a key for you, pass it to Cryptoform as \"CRYPTOFORM_KEY\" environment variable")
55
+ puts("Key: #{key}")
56
+ end
57
+
58
+ File.write(cryptofile_path, cryptofile)
59
+ puts("#{cryptofile_path} is written!")
60
+
61
+ puts("Use this to configure you terraform backend:")
62
+ puts(config_generator.generate_terraform_backend)
63
+
64
+ puts("And this to configure a terraform remote state data source:")
65
+ puts(config_generator.generate_terraform_remote_state_data_source)
66
+
67
+ puts("All done, you can start using Cryptoform. To run the server execute:")
68
+ command = "bundle exec cryptoform"
69
+ command += " --cryptofile #{cryptofile_path}" if cryptofile_path != CRYPTOFOFILE
70
+
71
+ puts(command)
72
+ end
73
+
74
+ default_command :server
75
+
76
+ no_commands do
77
+ def cryptofile_path
78
+ options[:cryptofile]
79
+ end
9
80
  end
10
- rescue Interrupt
11
- puts("Interrupted")
12
81
  end
82
+
83
+ CryptoformCLI.start(ARGV)
@@ -1,11 +1,14 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  class Cryptoform::Config::Builder
4
+ PORTS = 1..65_535
4
5
  Config = Data.define(:port, :states)
5
6
 
6
- def initialize
7
+ def initialize(cryptofile)
7
8
  @port = 3000
8
9
  @states = {}
10
+
11
+ instance_eval(cryptofile)
9
12
  end
10
13
 
11
14
  def port(port)
@@ -22,8 +25,8 @@ class Cryptoform::Config::Builder
22
25
 
23
26
  def validate!
24
27
  @states.each_value(&:validate!)
25
-
26
- raise Cryptoform::ConfigValidationError, "port must be an integer" if @key.is_a?(Numeric)
28
+ raise Cryptoform::ConfigValidationError, "at least one state must be configured" if @states.empty?
29
+ raise Cryptoform::ConfigValidationError, "port must be an in range 0-65545" unless PORTS.include?(@port)
27
30
  end
28
31
 
29
32
  def config
@@ -8,7 +8,8 @@ class Cryptoform::Config::StateConfigBuilder
8
8
  }.freeze
9
9
 
10
10
  ENCRYPTION_BACKENDS = {
11
- lockbox: Cryptoform::EncryptionBackends::Lockbox
11
+ lockbox: Cryptoform::EncryptionBackends::Lockbox,
12
+ diff_lockbox: Cryptoform::EncryptionBackends::DiffLockbox
12
13
  }.freeze
13
14
 
14
15
  def initialize(name, &)
@@ -0,0 +1,45 @@
1
+ # frozen_string_literal: true
2
+
3
+ class Cryptoform::ConfigGenerator
4
+ def initialize(name:, port:, storage_backend:, encryption_backend:)
5
+ @name = name
6
+ @port = port
7
+ @storage_backend = storage_backend
8
+ @encryption_backend = encryption_backend
9
+ end
10
+
11
+ def generate_cryptofile
12
+ <<~RUBY
13
+ # frozen_string_literal: true
14
+
15
+ port #{@port}
16
+
17
+ state :#{@name} do
18
+ storage_backend :#{@storage_backend}
19
+ encryption_backend :#{@encryption_backend}, key: -> { ENV.fetch("CRYPTOFORM_KEY") }
20
+ end
21
+ RUBY
22
+ end
23
+
24
+ def generate_terraform_backend
25
+ <<~HCL
26
+ terraform {
27
+ backend "http" {
28
+ address = "http://127.0.0.1:#{@port}/states/#{@name}"
29
+ }
30
+ }
31
+ HCL
32
+ end
33
+
34
+ def generate_terraform_remote_state_data_source
35
+ <<~HCL
36
+ data "terraform_remote_state" "#{@name}_remote_state" {
37
+ backend = "http"
38
+
39
+ config = {
40
+ address = "http://127.0.0.1:#{@port}/states/#{@name}"
41
+ }
42
+ }
43
+ HCL
44
+ end
45
+ end
@@ -10,7 +10,11 @@ class Cryptoform::EncryptionBackends::Backend
10
10
  raise NotImplementedError
11
11
  end
12
12
 
13
- def encrypt(json)
13
+ def encrypt(object)
14
+ raise NotImplementedError
15
+ end
16
+
17
+ def generate_key
14
18
  raise NotImplementedError
15
19
  end
16
20
  end
@@ -0,0 +1,29 @@
1
+ # frozen_string_literal: true
2
+
3
+ class Cryptoform::EncryptionBackends::DiffLockbox < Cryptoform::EncryptionBackends::Lockbox
4
+ def encrypt(json)
5
+ JSON.pretty_generate(encrypt_object(json, lockbox))
6
+ end
7
+
8
+ def decrypt(ciphertext)
9
+ decrypt_object(JSON.parse(ciphertext, symbolize_names: true), lockbox)
10
+ end
11
+
12
+ private
13
+
14
+ def decrypt_object(object, box)
15
+ return object.transform_values { decrypt_object(_1, box) } if object.is_a?(Hash)
16
+ return object.map { decrypt_object(_1, box) } if object.is_a?(Array)
17
+
18
+ decrypted = box.decrypt(object)
19
+
20
+ decrypted.start_with?("{") ? JSON.parse(decrypted, symbolize_names: true)[:value] : decrypted
21
+ end
22
+
23
+ def encrypt_object(object, box)
24
+ return object.transform_values { encrypt_object(_1, box) } if object.is_a?(Hash)
25
+ return object.map { encrypt_object(_1, box) } if object.is_a?(Array)
26
+
27
+ box.encrypt({ value: object }.to_json)
28
+ end
29
+ end
@@ -1,14 +1,20 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  class Cryptoform::EncryptionBackends::Lockbox < Cryptoform::EncryptionBackends::Backend
4
- def encrypt(json)
5
- lockbox.encrypt(json.to_json)
4
+ def encrypt(object)
5
+ lockbox.encrypt(object.to_json)
6
6
  end
7
7
 
8
8
  def decrypt(ciphertext)
9
- JSON.parse(lockbox.decrypt(ciphertext))
9
+ JSON.parse(lockbox.decrypt(ciphertext), symbolize_names: true)
10
10
  end
11
11
 
12
+ def generate_key
13
+ ::Lockbox.generate_key
14
+ end
15
+
16
+ private
17
+
12
18
  def lockbox
13
19
  ::Lockbox.new(key: @params[:key].call, encode: true)
14
20
  end
@@ -1,56 +1,69 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- class Cryptoform::Server
4
- def initialize(config)
5
- @config = config
6
- end
3
+ class Cryptoform::Server < Sinatra::Application
4
+ set :show_exceptions, false
7
5
 
8
- def run
9
- logger.info { "Cryptoform is listening on #{endpoint.url}..." }
10
- Async::HTTP::Server.for(endpoint) do |request|
11
- log_request(request) { handle_request(request) }
12
- end.run
6
+ class Encoder
7
+ def self.encode(json)
8
+ JSON.pretty_generate(json)
9
+ end
13
10
  end
14
11
 
15
- private
12
+ set :json_encoder, Encoder
16
13
 
17
- def handle_request(request) # rubocop:disable Metrics/AbcSize
18
- name = request.path.split("/")&.[](1)&.to_sym
19
- return ::Protocol::HTTP::Response[404, {}, []] unless @config.states.key?(name)
14
+ before do
15
+ content_type "application/json"
16
+ end
17
+
18
+ class << self
19
+ def run!(config, **)
20
+ Cryptoform::Server.port = config.port
21
+ Cryptoform::Server.set(:states, config.states)
22
+ super(**)
23
+ end
24
+ end
20
25
 
21
- handler_name = :"#{request.method.downcase}_state"
22
- return ::Protocol::HTTP::Response[405, {}, []] unless respond_to?(handler_name, true)
26
+ get "/" do
27
+ json(
28
+ cryptoform: {
29
+ version: Cryptoform::VERSION
30
+ }
31
+ )
32
+ end
23
33
 
24
- send(handler_name, @config.states[name], request:)
25
- rescue Cryptoform::StateMissingError
26
- ::Protocol::HTTP::Response[404, {}, []]
27
- rescue StandardError => e
28
- logger.error(e)
29
- ::Protocol::HTTP::Response[500, {}, []]
34
+ get "/states" do
35
+ json(settings.states.transform_values { {} })
30
36
  end
31
37
 
32
- def get_state(state_config, *)
38
+ get "/states/:name" do
33
39
  state = state_config.encryption_backend.decrypt(state_config.storage_backend.read)
34
- ::Protocol::HTTP::Response[200, {}, [JSON.pretty_generate(state)]]
40
+ json(state)
35
41
  end
36
42
 
37
- def post_state(state_config, request:)
38
- state_config.storage_backend.write(state_config.encryption_backend.encrypt(request.body.read))
43
+ post "/states/:name" do
44
+ state = JSON.parse(request.body.read, symbolize_names: true)
45
+ state_config.storage_backend.write(state_config.encryption_backend.encrypt(state))
46
+ json(state)
47
+ end
39
48
 
40
- ::Protocol::HTTP::Response[201, {}, []]
49
+ error Cryptoform::StateMissingError, Cryptoform::UnknownStateError do |e|
50
+ status 404
51
+ json(error: e.message)
41
52
  end
42
53
 
43
- def logger
44
- @logger ||= Logger.new($stdout)
54
+ error Sinatra::NotFound do |_e|
55
+ status 404
56
+ json(error: "Not found")
45
57
  end
46
58
 
47
- def endpoint
48
- @endpoint ||= Async::HTTP::Endpoint.parse("http://localhost:#{@config.port}")
59
+ error 500 do
60
+ json(error: "Internal server error")
49
61
  end
50
62
 
51
- def log_request(request)
52
- yield.tap do |response|
53
- logger.info { "#{request.method} #{request.path}: #{response.status}" }
54
- end
63
+ private
64
+
65
+ def state_config
66
+ name = params[:name].to_sym
67
+ settings.states[name] || raise(Cryptoform::UnknownStateError, "state '#{name}' is not configured in Cryptofile")
55
68
  end
56
69
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Cryptoform
4
- VERSION = "0.2.0"
4
+ VERSION = "0.5.0"
5
5
  end
data/lib/cryptoform.rb CHANGED
@@ -1,10 +1,12 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "zeitwerk"
4
3
  require "logger"
5
4
 
6
5
  require "lockbox"
7
- require "async/http"
6
+ require "sinatra"
7
+ require "sinatra/json"
8
+ require "thor"
9
+ require "zeitwerk"
8
10
 
9
11
  loader = Zeitwerk::Loader.for_gem
10
12
 
@@ -14,12 +16,16 @@ module Cryptoform
14
16
  class Error < StandardError; end
15
17
  class ConfigValidationError < Cryptoform::Error; end
16
18
  class StateMissingError < Cryptoform::Error; end
19
+ class UnknownStateError < Cryptoform::Error; end
17
20
 
18
21
  class << self
19
- def run(path)
20
- config = Cryptoform::Config::Builder.new.tap { _1.instance_eval(File.read(path)) }
21
- config.validate!
22
- Cryptoform::Server.new(config.config).run
22
+ def run!(cryptofile)
23
+ config = load_cryptofile!(cryptofile)
24
+ Cryptoform::Server.run!(config.config)
25
+ end
26
+
27
+ def load_cryptofile!(cryptofile)
28
+ Cryptoform::Config::Builder.new(cryptofile).tap(&:validate!)
23
29
  end
24
30
  end
25
31
  end
metadata CHANGED
@@ -1,45 +1,87 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cryptoform
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gleb Sinyavskiy
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-07-13 00:00:00.000000000 Z
11
+ date: 2024-07-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
- name: async-http
14
+ name: base64
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '0.69'
19
+ version: '0.2'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '0.69'
26
+ version: '0.2'
27
27
  - !ruby/object:Gem::Dependency
28
- name: base64
28
+ name: lockbox
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '0.2'
33
+ version: '1.3'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '0.2'
40
+ version: '1.3'
41
41
  - !ruby/object:Gem::Dependency
42
- name: lockbox
42
+ name: rackup
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '2.1'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '2.1'
55
+ - !ruby/object:Gem::Dependency
56
+ name: sinatra
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '4.0'
62
+ type: :runtime
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '4.0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: sinatra-contrib
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '4.0'
76
+ type: :runtime
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '4.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: thor
43
85
  requirement: !ruby/object:Gem::Requirement
44
86
  requirements:
45
87
  - - "~>"
@@ -74,31 +116,20 @@ executables:
74
116
  extensions: []
75
117
  extra_rdoc_files: []
76
118
  files:
77
- - ".overcommit.yml"
78
- - ".rspec"
79
- - ".rubocop.yml"
80
- - ".tool-versions"
81
- - CODE_OF_CONDUCT.md
82
- - Cryptofile
83
- - Gemfile
84
- - Gemfile.lock
85
- - LICENSE.txt
86
119
  - README.md
87
- - Rakefile
120
+ - cryptoform.gemspec
88
121
  - exe/cryptoform
89
122
  - lib/cryptoform.rb
90
123
  - lib/cryptoform/config/builder.rb
91
124
  - lib/cryptoform/config/state_config_builder.rb
125
+ - lib/cryptoform/config_generator.rb
92
126
  - lib/cryptoform/encryption_backends/backend.rb
127
+ - lib/cryptoform/encryption_backends/diff_lockbox.rb
93
128
  - lib/cryptoform/encryption_backends/lockbox.rb
94
129
  - lib/cryptoform/server.rb
95
130
  - lib/cryptoform/storage_backends/backend.rb
96
131
  - lib/cryptoform/storage_backends/file.rb
97
132
  - lib/cryptoform/version.rb
98
- - terraform/.terraform.lock.hcl
99
- - terraform/backend.tf
100
- - terraform/data.tf
101
- - terraform/providers.tf
102
133
  homepage: https://github.com/zhulik/cryptoform
103
134
  licenses:
104
135
  - MIT
@@ -122,7 +153,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
122
153
  - !ruby/object:Gem::Version
123
154
  version: '0'
124
155
  requirements: []
125
- rubygems_version: 3.5.11
156
+ rubygems_version: 3.4.19
126
157
  signing_key:
127
158
  specification_version: 4
128
159
  summary: Save your encypted terraform state in git.
data/.overcommit.yml DELETED
@@ -1,4 +0,0 @@
1
- PreCommit:
2
- RuboCop:
3
- enabled: true
4
- on_warn: fail # Treat all warnings as failures
data/.rspec DELETED
@@ -1,3 +0,0 @@
1
- --format documentation
2
- --color
3
- --require spec_helper
data/.rubocop.yml DELETED
@@ -1,59 +0,0 @@
1
- AllCops:
2
- TargetRubyVersion: 3.2
3
- NewCops: enable
4
- SuggestExtensions: true
5
-
6
- Include:
7
- - spec/**/*.rb
8
- - lib/**/*.rb
9
-
10
- Exclude:
11
- - vendor/**/*
12
-
13
- require:
14
- - rubocop-performance
15
- - rubocop-rspec
16
- - rubocop-rake
17
- - rubocop-disable_syntax
18
-
19
- Style/DisableSyntax:
20
- DisableSyntax:
21
- - endless_methods
22
-
23
- Layout/LineLength:
24
- Max: 120
25
-
26
- Metrics/BlockLength:
27
- Exclude:
28
- - spec/**/*_spec.rb
29
- - "*.gemspec"
30
-
31
- RSpec/NamedSubject:
32
- Enabled: false
33
-
34
- Style/StringLiterals:
35
- Enabled: true
36
- EnforcedStyle: double_quotes
37
-
38
- Style/StringLiteralsInInterpolation:
39
- Enabled: true
40
- EnforcedStyle: double_quotes
41
-
42
- Style/Documentation:
43
- Enabled: false
44
-
45
- Style/SymbolArray:
46
- EnforcedStyle: brackets
47
-
48
- Style/WordArray:
49
- EnforcedStyle: brackets
50
-
51
- Style/ClassAndModuleChildren:
52
- EnforcedStyle: compact
53
-
54
- Style/NumberedParametersLimit:
55
- Max: 2
56
-
57
- Naming/FileName:
58
- Exclude:
59
- - cryptoform
data/.tool-versions DELETED
@@ -1,2 +0,0 @@
1
- ruby 3.2.4
2
- terraform 1.9.2
data/CODE_OF_CONDUCT.md DELETED
@@ -1,84 +0,0 @@
1
- # Contributor Covenant Code of Conduct
2
-
3
- ## Our Pledge
4
-
5
- We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.
6
-
7
- We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
8
-
9
- ## Our Standards
10
-
11
- Examples of behavior that contributes to a positive environment for our community include:
12
-
13
- * Demonstrating empathy and kindness toward other people
14
- * Being respectful of differing opinions, viewpoints, and experiences
15
- * Giving and gracefully accepting constructive feedback
16
- * Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
17
- * Focusing on what is best not just for us as individuals, but for the overall community
18
-
19
- Examples of unacceptable behavior include:
20
-
21
- * The use of sexualized language or imagery, and sexual attention or
22
- advances of any kind
23
- * Trolling, insulting or derogatory comments, and personal or political attacks
24
- * Public or private harassment
25
- * Publishing others' private information, such as a physical or email
26
- address, without their explicit permission
27
- * Other conduct which could reasonably be considered inappropriate in a
28
- professional setting
29
-
30
- ## Enforcement Responsibilities
31
-
32
- Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.
33
-
34
- Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate.
35
-
36
- ## Scope
37
-
38
- This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
39
-
40
- ## Enforcement
41
-
42
- Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at zhulik.gleb@gmail.com. All complaints will be reviewed and investigated promptly and fairly.
43
-
44
- All community leaders are obligated to respect the privacy and security of the reporter of any incident.
45
-
46
- ## Enforcement Guidelines
47
-
48
- Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct:
49
-
50
- ### 1. Correction
51
-
52
- **Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.
53
-
54
- **Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested.
55
-
56
- ### 2. Warning
57
-
58
- **Community Impact**: A violation through a single incident or series of actions.
59
-
60
- **Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban.
61
-
62
- ### 3. Temporary Ban
63
-
64
- **Community Impact**: A serious violation of community standards, including sustained inappropriate behavior.
65
-
66
- **Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.
67
-
68
- ### 4. Permanent Ban
69
-
70
- **Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.
71
-
72
- **Consequence**: A permanent ban from any sort of public interaction within the community.
73
-
74
- ## Attribution
75
-
76
- This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.0,
77
- available at https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
78
-
79
- Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity).
80
-
81
- [homepage]: https://www.contributor-covenant.org
82
-
83
- For answers to common questions about this code of conduct, see the FAQ at
84
- https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations.
data/Cryptofile DELETED
@@ -1,13 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- port 3000
4
-
5
- state :state1 do
6
- storage_backend :file, name: "state1.tfstate.enc"
7
- encryption_backend :lockbox, key: -> { ENV.fetch("CRYPTOFORM_KEY") }
8
- end
9
-
10
- state :state2 do
11
- storage_backend :file, name: "state2.tfstate.enc"
12
- encryption_backend :lockbox, key: -> { ENV.fetch("CRYPTOFORM_KEY") }
13
- end
data/Gemfile DELETED
@@ -1,18 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- source "https://rubygems.org"
4
-
5
- # Specify your gem's dependencies in cryptoform.gemspec
6
- gemspec
7
-
8
- gem "overcommit"
9
- gem "rake"
10
- gem "rspec"
11
- gem "simplecov"
12
- gem "solargraph"
13
-
14
- gem "rubocop"
15
- gem "rubocop-performance"
16
- gem "rubocop-rake"
17
- gem "rubocop-rspec"
18
- gem 'rubocop-disable_syntax'
data/Gemfile.lock DELETED
@@ -1,170 +0,0 @@
1
- PATH
2
- remote: .
3
- specs:
4
- cryptoform (0.2.0)
5
- async-http (~> 0.69)
6
- base64 (~> 0.2)
7
- lockbox (~> 1.3)
8
- zeitwerk (~> 2.6)
9
-
10
- GEM
11
- remote: https://rubygems.org/
12
- specs:
13
- ast (2.4.2)
14
- async (2.12.1)
15
- console (~> 1.25, >= 1.25.2)
16
- fiber-annotation
17
- io-event (~> 1.6, >= 1.6.5)
18
- async-http (0.69.0)
19
- async (>= 2.10.2)
20
- async-pool (~> 0.7)
21
- io-endpoint (~> 0.11)
22
- io-stream (~> 0.4)
23
- protocol-http (~> 0.26)
24
- protocol-http1 (~> 0.19)
25
- protocol-http2 (~> 0.18)
26
- traces (>= 0.10)
27
- async-pool (0.7.0)
28
- async (>= 1.25)
29
- backport (1.2.0)
30
- base64 (0.2.0)
31
- benchmark (0.3.0)
32
- childprocess (5.0.0)
33
- console (1.25.2)
34
- fiber-annotation
35
- fiber-local (~> 1.1)
36
- json
37
- diff-lcs (1.5.1)
38
- docile (1.4.0)
39
- e2mmap (0.1.0)
40
- fiber-annotation (0.2.0)
41
- fiber-local (1.1.0)
42
- fiber-storage
43
- fiber-storage (0.1.2)
44
- iniparse (1.5.0)
45
- io-endpoint (0.11.0)
46
- io-event (1.6.5)
47
- io-stream (0.4.0)
48
- jaro_winkler (1.6.0)
49
- json (2.7.2)
50
- kramdown (2.4.0)
51
- rexml
52
- kramdown-parser-gfm (1.1.0)
53
- kramdown (~> 2.0)
54
- language_server-protocol (3.17.0.3)
55
- lockbox (1.3.3)
56
- mini_portile2 (2.8.7)
57
- nokogiri (1.16.6)
58
- mini_portile2 (~> 2.8.2)
59
- racc (~> 1.4)
60
- nokogiri (1.16.6-x86_64-linux)
61
- racc (~> 1.4)
62
- overcommit (0.63.0)
63
- childprocess (>= 0.6.3, < 6)
64
- iniparse (~> 1.4)
65
- rexml (~> 3.2)
66
- parallel (1.25.1)
67
- parser (3.3.4.0)
68
- ast (~> 2.4.1)
69
- racc
70
- protocol-hpack (1.4.3)
71
- protocol-http (0.26.8)
72
- protocol-http1 (0.19.1)
73
- protocol-http (~> 0.22)
74
- protocol-http2 (0.18.0)
75
- protocol-hpack (~> 1.4)
76
- protocol-http (~> 0.18)
77
- racc (1.8.0)
78
- rainbow (3.1.1)
79
- rake (13.2.1)
80
- rbs (2.8.4)
81
- regexp_parser (2.9.2)
82
- reverse_markdown (2.1.1)
83
- nokogiri
84
- rexml (3.3.1)
85
- strscan
86
- rspec (3.13.0)
87
- rspec-core (~> 3.13.0)
88
- rspec-expectations (~> 3.13.0)
89
- rspec-mocks (~> 3.13.0)
90
- rspec-core (3.13.0)
91
- rspec-support (~> 3.13.0)
92
- rspec-expectations (3.13.1)
93
- diff-lcs (>= 1.2.0, < 2.0)
94
- rspec-support (~> 3.13.0)
95
- rspec-mocks (3.13.1)
96
- diff-lcs (>= 1.2.0, < 2.0)
97
- rspec-support (~> 3.13.0)
98
- rspec-support (3.13.1)
99
- rubocop (1.65.0)
100
- json (~> 2.3)
101
- language_server-protocol (>= 3.17.0)
102
- parallel (~> 1.10)
103
- parser (>= 3.3.0.2)
104
- rainbow (>= 2.2.2, < 4.0)
105
- regexp_parser (>= 2.4, < 3.0)
106
- rexml (>= 3.2.5, < 4.0)
107
- rubocop-ast (>= 1.31.1, < 2.0)
108
- ruby-progressbar (~> 1.7)
109
- unicode-display_width (>= 2.4.0, < 3.0)
110
- rubocop-ast (1.31.3)
111
- parser (>= 3.3.1.0)
112
- rubocop-disable_syntax (0.1.1)
113
- rubocop (>= 1.50)
114
- rubocop-performance (1.21.1)
115
- rubocop (>= 1.48.1, < 2.0)
116
- rubocop-ast (>= 1.31.1, < 2.0)
117
- rubocop-rake (0.6.0)
118
- rubocop (~> 1.0)
119
- rubocop-rspec (3.0.3)
120
- rubocop (~> 1.61)
121
- ruby-progressbar (1.13.0)
122
- simplecov (0.22.0)
123
- docile (~> 1.1)
124
- simplecov-html (~> 0.11)
125
- simplecov_json_formatter (~> 0.1)
126
- simplecov-html (0.12.3)
127
- simplecov_json_formatter (0.1.4)
128
- solargraph (0.50.0)
129
- backport (~> 1.2)
130
- benchmark
131
- bundler (~> 2.0)
132
- diff-lcs (~> 1.4)
133
- e2mmap
134
- jaro_winkler (~> 1.5)
135
- kramdown (~> 2.3)
136
- kramdown-parser-gfm (~> 1.1)
137
- parser (~> 3.0)
138
- rbs (~> 2.0)
139
- reverse_markdown (~> 2.0)
140
- rubocop (~> 1.38)
141
- thor (~> 1.0)
142
- tilt (~> 2.0)
143
- yard (~> 0.9, >= 0.9.24)
144
- strscan (3.1.0)
145
- thor (1.3.1)
146
- tilt (2.4.0)
147
- traces (0.11.1)
148
- unicode-display_width (2.5.0)
149
- yard (0.9.36)
150
- zeitwerk (2.6.16)
151
-
152
- PLATFORMS
153
- ruby
154
- x86_64-linux
155
-
156
- DEPENDENCIES
157
- cryptoform!
158
- overcommit
159
- rake
160
- rspec
161
- rubocop
162
- rubocop-disable_syntax
163
- rubocop-performance
164
- rubocop-rake
165
- rubocop-rspec
166
- simplecov
167
- solargraph
168
-
169
- BUNDLED WITH
170
- 2.5.11
data/LICENSE.txt DELETED
@@ -1,21 +0,0 @@
1
- The MIT License (MIT)
2
-
3
- Copyright (c) 2024 Gleb Sinyavskiy
4
-
5
- Permission is hereby granted, free of charge, to any person obtaining a copy
6
- of this software and associated documentation files (the "Software"), to deal
7
- in the Software without restriction, including without limitation the rights
8
- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
- copies of the Software, and to permit persons to whom the Software is
10
- furnished to do so, subject to the following conditions:
11
-
12
- The above copyright notice and this permission notice shall be included in
13
- all copies or substantial portions of the Software.
14
-
15
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
- THE SOFTWARE.
data/Rakefile DELETED
@@ -1,12 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "bundler/gem_tasks"
4
- require "rspec/core/rake_task"
5
-
6
- RSpec::Core::RakeTask.new(:spec)
7
-
8
- require "rubocop/rake_task"
9
-
10
- RuboCop::RakeTask.new
11
-
12
- task default: %i[spec rubocop]
@@ -1,21 +0,0 @@
1
- # This file is maintained automatically by "terraform init".
2
- # Manual edits may be lost in future updates.
3
-
4
- provider "registry.terraform.io/hashicorp/random" {
5
- version = "3.6.2"
6
- hashes = [
7
- "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=",
8
- "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec",
9
- "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53",
10
- "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114",
11
- "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad",
12
- "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b",
13
- "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916",
14
- "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6",
15
- "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
16
- "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150",
17
- "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544",
18
- "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7",
19
- "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af",
20
- ]
21
- }
data/terraform/backend.tf DELETED
@@ -1,5 +0,0 @@
1
- terraform {
2
- backend "http" {
3
- address = "http://127.0.0.1:3000/state1"
4
- }
5
- }
data/terraform/data.tf DELETED
@@ -1,3 +0,0 @@
1
- resource "random_password" "password" {
2
- length = 20
3
- }
@@ -1,3 +0,0 @@
1
- terraform {
2
- required_version = "1.9.2"
3
- }