diffcrypt 0.1.1 → 0.3.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b9a07ad0aa1385421550a40093fe6e724337f7697e71f7af081a7011daa05a8c
-  data.tar.gz: 40406c43e1a8ef7396577e70d62e3bee026db6500563e56aadf113b95203069d
+  metadata.gz: 9e77d7111ad066e219da5f2c20dd2930bdda46641aa477bd3ab03e6194e19695
+  data.tar.gz: 6af61a30f44c3c18ff92e7dac0564fbbb8ea6384740835d15f84c88eb200c9e5
 SHA512:
-  metadata.gz: b3f03e909e4b49740dfd7e6e8e4bdab3a39decca30556149e4645f2071156b9632e3a54827f33fc6fcac7a419443eb066bf8fca249eca98219a9be5989ef3840
-  data.tar.gz: 001bf874603205e1421a0a99ac8d2c14e15b187495505adb1141f84108b0270d159f58c703c730fea6d69a974b1c8e32b2268437a93b590a9adf8d851f854a37
+  metadata.gz: 2c28fd4f218a5dafc07074b38f0b7b772b1cbd0eec06fee19a51e3b1f65ef048c8df0fa43ada8a785c166f03e0db21cf0534ff6586c010f916e2f7814a1dec5f
+  data.tar.gz: a8e8130402e6a7aff0eb169a3498a33bc64fe383cd1a85742f4efb18ed2861fbaa335ae30109c9ba30fc298df55fd937f118370a8d58ce41d4c46fcb9ad75b75

data/.circleci/config.yml

@@ -0,0 +1,26 @@
+version: 2.1
+
+jobs:
+  build:
+    docker:
+      - image: circleci/ruby:2.6.6
+    working_directory: /mnt/ramdisk
+    steps:
+      - checkout
+      - run: bundle install
+      - run:
+          name: Setup Code Climate test-reporter
+          command: |
+            # download test reporter as a static binary
+            curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
+            chmod +x ./cc-test-reporter
+      - run:
+          name: rake test
+          command: |
+            ./cc-test-reporter before-build
+            bundle exec rake test
+            ./cc-test-reporter after-build --coverage-input-type lcov --exit-code $?
+      - run:
+          name: rubocop
+          command: bundle exec rubocop
+          when: always

data/.github/dependabot.yml

@@ -0,0 +1,7 @@
+version: 2
+updates:
+- package-ecosystem: bundler
+  directory: "/"
+  rebase-strategy: auto
+  schedule:
+    interval: daily

data/.rubocop.yml

@@ -9,6 +9,12 @@ Style/Documentation:
 Metrics/MethodLength:
   Exclude:
     - test/**/*_test.rb
+TrailingCommaInArrayLiteral:
+  EnforcedStyleForMultiline: consistent_comma
+Style/TrailingCommaInArguments:
+  EnforcedStyleForMultiline: consistent_comma
+Style/AccessorGrouping:
+  EnforcedStyle: separated
 
 Layout/LineLength:
   Exclude:

data/CHANGELOG.md

@@ -0,0 +1,82 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+
+
+## [0.3.3] - 2020-07-25
+
+### Fixed
+
+- Explicit FileUtils require to avoid potentially warning logs
+
+
+
+## [0.3.2] - 2020-07-20
+
+### Added
+
+- CLI: `diffcrypt generate-key` command to generate a new key for a cipher
+- Internal: Library now generates and publishes code coverage publically on Code Climate
+
+### Changed
+
+- Only support ruby 2.5+ since 2.4 is no longer maintained
+
+### Removed
+
+- No longer generate and store a checksum. Backwards compatible since it wasn't used
+
+
+
+## [0.3.1] - 2020-07-08
+
+### Fixed
+
+- Thor deprecation error no longer shows on CLI failure
+
+### Changed
+
+- Thor 0.20+ can now be used alongside this gem
+
+
+
+## [0.3.0] - 2020-06-30
+
+## Added
+
+- CLI: Use diffcrypt from command line of any project without requiring ruby integration
+- CLI: `diffcrypt encrypt` Directly encrypt any file and output the contents
+- CLI: `diffcrypt decrypt` Directly decrypt any file and output the contents
+
+
+
+## [0.2.0] - 2020-06-28
+
+### Added
+
+- Store client, cipher and checksum in file metadata
+
+### Fixed
+
+- Only attenpt to decrypt original content if it exists
+
+
+
+## [0.1.1] - 2020-06-28
+
+### Fixed
+
+- Converting rails native credentials files would fail on first run
+
+
+
+## [0.1.0] - 2020-06-28
+
+### Added
+
+- First release!
+- Rails support via monkey patch

data/Gemfile

@@ -7,4 +7,6 @@ gemspec
 
 gem 'minitest', '~> 5.0'
 gem 'rake', '~> 13.0'
-gem 'rubocop', '~> 0.86'
+gem 'rubocop', '~> 0.88.0'
+gem 'simplecov', '~> 0.17.0', require: false # CodeClimate not compatible with 0.18+ yet - https://github.com/codeclimate/test-reporter/issues/413
+gem 'simplecov-lcov', '< 0.8'

data/README.md

@@ -1,5 +1,9 @@
 # Diffcrypt
 
+[![Gem Version](https://badge.fury.io/rb/diffcrypt.svg)](https://rubygems.org/gems/diffcrypt)
+[![CircleCI](https://circleci.com/gh/marcqualie/diffcrypt.svg?style=svg)](https://circleci.com/gh/marcqualie/diffcrypt)
+
+
 Diffable encrypted files that you can safely commit into your repo.
 
 
@@ -16,7 +20,7 @@ And then execute:
 
     $ bundle install
 
-Or install it yourself as:
+Or install it globally (to use the CLI from any project):
 
     $ gem install diffcrypt
 
@@ -24,8 +28,24 @@ Or install it yourself as:
 
 ## Usage
 
+There are a few ways to use the library, depending on how advanced your use case is.
+
 
-### Encrypt existing file
+### CLI
+
+The easiest way to get started is to use the CLI.
+
+```shell
+diffcrypt decrypt -k $(cat test/fixtures/master.key) test/fixtures/example.yml.enc
+diffcrypt encrypt -k $(cat test/fixtures/master.key) test/fixtures/example.yml
+```
+
+
+### Ruby
+
+A direct API is exposed so `Diffcrypt::Encryptor` can be used in any ruby project.
+
+**NOTE:** This API may change any time until v1.0
 
 ```ruby
 encryptor = Diffcrypt::Encryptor.new('99e1f86b9e61f24c56ff4108dd415091')
@@ -34,18 +54,16 @@ encrypted = encryptor.encrypt(yaml)
 File.write('tmp/example.yml.enc', encrypted)
 ```
 
-### Decrypt a file
-
 ```ruby
 encryptor = Diffcrypt::Encryptor.new('99e1f86b9e61f24c56ff4108dd415091')
 yaml = File.read('test/fixtures/example.yml.enc')
 config = YAML.safe_load(encryptor.decrypt(yaml))
 ```
 
-### Rails
+### Ruby on Rails
 
 Currently there is not native support for rails, but ActiveSupport can be monkeypatched to override
-the build in encrypter.
+the built in encrypter. All existing `rails credentials:edit` also work with this method.
 
 ```ruby
 require 'diffcrypt/rails/encrypted_configuration'

data/SECURITY.md

@@ -0,0 +1,17 @@
+# Security Policy
+
+
+
+## Supported Versions
+
+Since the internal APIs may change dramatically until v1.0, here is a list of the versions that are supported.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.3.x   | :white_check_mark: |
+
+
+
+## Reporting a Vulnerability
+
+Please email security@marcqualie.com to report any security issues.

data/bin/diffcrypt

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'thor'
+
+require_relative '../lib/diffcrypt/cli'
+
+Diffcrypt::CLI.start(ARGV)

data/diffcrypt.gemspec

@@ -12,7 +12,7 @@ Gem::Specification.new do |spec|
   spec.description   = 'Diffable encrypted configuration files that can be safely committed into a git repository'
   spec.homepage      = 'https://github.com/marcqualie/diffcrypt'
   spec.license       = 'MIT'
-  spec.required_ruby_version = Gem::Requirement.new('>= 2.3.0')
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.5.0')
 
   # spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
 
@@ -25,9 +25,10 @@ Gem::Specification.new do |spec|
   spec.files = Dir.chdir(File.expand_path(__dir__)) do
     `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
-  spec.bindir = 'exe'
-  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.bindir = 'bin'
+  spec.executables = %w[diffcrypt]
   spec.require_paths = ['lib']
 
   spec.add_runtime_dependency 'activesupport', '~> 6.0.0'
+  spec.add_runtime_dependency 'thor', '>= 0.20', '< 2'
 end

data/lib/diffcrypt/cli.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require_relative './encryptor'
+require_relative './version'
+
+module Diffcrypt
+  class CLI < Thor
+    desc 'decrypt <path>', 'Decrypt a file'
+    method_option :key, aliases: %i[k], required: true
+    def decrypt(path)
+      ensure_file_exists(path)
+      contents = File.read(path)
+      puts encryptor.decrypt(contents)
+    end
+
+    desc 'encrypt <path>', 'Encrypt a file'
+    method_option :key, aliases: %i[k], required: true
+    def encrypt(path)
+      ensure_file_exists(path)
+      contents = File.read(path)
+      puts encryptor.encrypt(contents)
+    end
+
+    desc 'generate-key', 'Generate a 32 bit key'
+    method_option :cipher, default: Encryptor::CIPHER
+    def generate_key
+      say Encryptor.generate_key(options[:cipher])
+    end
+
+    desc 'version', 'Show client version'
+    def version
+      say Diffcrypt::VERSION
+    end
+
+    no_commands do
+      def key
+        options[:key]
+      end
+
+      def encryptor
+        @encryptor ||= Encryptor.new(key)
+      end
+
+      def ensure_file_exists(path)
+        abort('[ERROR] File does not exist') unless File.exist?(path)
+      end
+
+      def self.exit_on_failure?
+        true
+      end
+    end
+  end
+end

data/lib/diffcrypt/encryptor.rb

@@ -8,12 +8,14 @@ require 'yaml'
 
 require 'active_support/message_encryptor'
 
+require_relative './version'
+
 module Diffcrypt
   class Encryptor
     CIPHER = 'aes-128-gcm'
 
-    def self.generate_key
-      SecureRandom.hex(ActiveSupport::MessageEncryptor.key_len(CIPHER))
+    def self.generate_key(cipher = CIPHER)
+      SecureRandom.hex(ActiveSupport::MessageEncryptor.key_len(cipher))
     end
 
     def initialize(key)
@@ -24,7 +26,7 @@ module Diffcrypt
     # @param [String] contents The raw YAML string to be encrypted
     def decrypt(contents)
       yaml = YAML.safe_load contents
-      decrypted = decrypt_hash yaml
+      decrypted = decrypt_hash yaml['data']
       YAML.dump decrypted
     end
 
@@ -43,11 +45,23 @@ module Diffcrypt
 
     # @param [String] contents The raw YAML string to be encrypted
     # @param [String, nil] original_encrypted_contents The original (encrypted) content to determine which keys have changed
+    # @return [String]
     def encrypt(contents, original_encrypted_contents = nil)
+      data = encrypt_data contents, original_encrypted_contents
+      YAML.dump(
+        'client' => "diffcrypt-#{Diffcrypt::VERSION}",
+        'cipher' => CIPHER,
+        'data' => data,
+      )
+    end
+
+    # @param [String] contents The raw YAML string to be encrypted
+    # @param [String, nil] original_encrypted_contents The original (encrypted) content to determine which keys have changed
+    # @return [Hash] Encrypted hash containing the data
+    def encrypt_data(contents, original_encrypted_contents = nil)
       yaml = YAML.safe_load contents
-      original_yaml = original_encrypted_contents ? YAML.safe_load(original_encrypted_contents) : nil
-      encrypted = encrypt_values yaml, original_yaml
-      YAML.dump encrypted
+      original_yaml = original_encrypted_contents ? YAML.safe_load(original_encrypted_contents)['data'] : nil
+      encrypt_values yaml, original_yaml
     end
 
     # @param [String] value Plain text string that needs encrypting
@@ -66,7 +80,7 @@ module Diffcrypt
         data[key] = if value.is_a?(Hash) || value.is_a?(Array)
                       encrypt_values(value, original_encrypted_value)
                     else
-                      original_decrypted_value = original_data ? decrypt_string(original_encrypted_value) : nil
+                      original_decrypted_value = original_encrypted_value ? decrypt_string(original_encrypted_value) : nil
                       key_changed = original_decrypted_value.nil? || original_decrypted_value != value
                       key_changed ? encrypt_string(value) : original_encrypted_value
                     end

data/lib/diffcrypt/rails/encrypted_configuration.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'fileutils'
 require 'pathname'
 require 'tmpdir'
 
@@ -50,7 +51,7 @@ module Diffcrypt
         deserialize(contents)
 
         IO.binwrite "#{content_path}.tmp", encrypt(contents, original_encrypted_contents)
-        FileUtils.mv "#{content_path}.tmp", content_path
+        ::FileUtils.mv "#{content_path}.tmp", content_path
       end
 
       def config
@@ -81,7 +82,7 @@ module Diffcrypt
 
         write(updated_contents, content_path_diffable? && content_path.binread)
       ensure
-        FileUtils.rm(tmp_path) if tmp_path&.exist?
+        ::FileUtils.rm(tmp_path) if tmp_path&.exist?
       end
       # rubocop:enable Metrics/AbcSize
 

data/lib/diffcrypt/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Diffcrypt
-  VERSION = '0.1.1'
+  VERSION = '0.3.3'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: diffcrypt
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.3.3
 platform: ruby
 authors:
 - Marc Qualie
 autorequire:
-bindir: exe
+bindir: bin
 cert_chain: []
-date: 2020-06-28 00:00:00.000000000 Z
+date: 2020-07-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -24,25 +24,51 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 6.0.0
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.20'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.20'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
 description: Diffable encrypted configuration files that can be safely committed into
   a git repository
 email:
 - marc@marcqualie.com
-executables: []
+executables:
+- diffcrypt
 extensions: []
 extra_rdoc_files: []
 files:
+- ".circleci/config.yml"
+- ".github/dependabot.yml"
 - ".gitignore"
 - ".rubocop.yml"
-- ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md
 - Rakefile
+- SECURITY.md
 - bin/console
+- bin/diffcrypt
 - bin/setup
 - diffcrypt.gemspec
 - lib/diffcrypt.rb
+- lib/diffcrypt/cli.rb
 - lib/diffcrypt/encryptor.rb
 - lib/diffcrypt/rails/encrypted_configuration.rb
 - lib/diffcrypt/version.rb
@@ -60,14 +86,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
 signing_key:
 specification_version: 4
 summary: Diffable encrypted configuration files

data/.travis.yml

@@ -1,6 +0,0 @@
----
-language: ruby
-cache: bundler
-rvm:
-  - 2.6.6
-before_install: gem install bundler -v 2.1.4