dotenv-vault-rails 0.4.1 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +3 -3
- data/lib/dotenv-vault/version.rb +1 -1
- data/lib/dotenv-vault.rb +25 -13
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 40bf354479d33c010a5f1899482b90f9ee6094702c6c99ae730a115ac53227a8
|
|
4
|
+
data.tar.gz: 5afb9b56bfbceb85e78f1252420569316496f4f229b336d912ba854aa763f6fb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 32fb077fb0c97c19522cff72e8d4721b90ab106d6d2606ad3cb684c4290d9f75c3b4b6fd73a839094dbb439518231ae37983254b20c2f8ebc155e07e4abf5fb9
|
|
7
|
+
data.tar.gz: a14615e72623fef08ffccc662dd86d2950e2b34b65f613032382b9e16bff1ee5592b81ec7be8e40f7602f0a89e3cebdff440373f1adb99ab9520f1296bb14787
|
data/Gemfile.lock
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
dotenv-vault (0.
|
|
4
|
+
dotenv-vault (0.6.0)
|
|
5
5
|
dotenv
|
|
6
6
|
lockbox
|
|
7
|
-
dotenv-vault-rails (0.
|
|
7
|
+
dotenv-vault-rails (0.6.0)
|
|
8
8
|
dotenv-rails
|
|
9
|
-
dotenv-vault (= 0.
|
|
9
|
+
dotenv-vault (= 0.6.0)
|
|
10
10
|
|
|
11
11
|
GEM
|
|
12
12
|
remote: https://rubygems.org/
|
data/lib/dotenv-vault/version.rb
CHANGED
data/lib/dotenv-vault.rb
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
require "uri"
|
|
1
2
|
require "dotenv"
|
|
2
3
|
require "lockbox"
|
|
3
4
|
require "dotenv-vault/version"
|
|
@@ -105,43 +106,54 @@ module DotenvVault
|
|
|
105
106
|
end
|
|
106
107
|
|
|
107
108
|
def parse_vault(*filenames)
|
|
108
|
-
#
|
|
109
|
+
# DOTENV_KEY=development/key_1234
|
|
110
|
+
#
|
|
111
|
+
# Warn the developer unless formatted correctly
|
|
109
112
|
raise NotFoundDotenvKey, "NOT_FOUND_DOTENV_KEY: Cannot find ENV['DOTENV_KEY']" unless present?(ENV["DOTENV_KEY"])
|
|
110
|
-
raise NotFoundDotenvEnvironment, "NOT_FOUND_DOTENV_ENVIRONMENT: Cannot find ENV['DOTENV_ENVIRONMENT']" unless present?(ENV["DOTENV_ENVIRONMENT"])
|
|
111
113
|
|
|
112
|
-
#
|
|
113
|
-
|
|
114
|
-
|
|
114
|
+
# Parse DOTENV_KEY. Format is a URI
|
|
115
|
+
uri = URI.parse(ENV["DOTENV_KEY"]) # dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=production
|
|
116
|
+
|
|
117
|
+
# Get decrypt key
|
|
118
|
+
key = uri.password
|
|
119
|
+
raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Missing key part" unless present?(key)
|
|
120
|
+
|
|
121
|
+
# Get environment
|
|
122
|
+
params = Hash[URI::decode_www_form(uri.query.to_s)]
|
|
123
|
+
environment = params["environment"]
|
|
124
|
+
raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Missing environment part" unless present?(environment)
|
|
125
|
+
|
|
126
|
+
# Get vault path
|
|
127
|
+
vault_path = uri.path.gsub("/vault/", "") # /vault/.env.vault => .env.vault
|
|
128
|
+
raise NotFoundDotenvVault, "NotFoundDotenvVault: Cannot find .env.vault at #{vaultPath}" unless File.file?(vault_path)
|
|
115
129
|
|
|
116
130
|
# Parse .env.vault
|
|
117
131
|
parsed = Dotenv.parse(vault_path)
|
|
118
132
|
|
|
119
133
|
# Get ciphertext
|
|
120
|
-
environment_key = "DOTENV_VAULT_#{
|
|
134
|
+
environment_key = "DOTENV_VAULT_#{environment.upcase}"
|
|
121
135
|
ciphertext = parsed[environment_key] # DOTENV_VAULT_PRODUCTION
|
|
122
136
|
raise NotFoundDotenvEnvironment, "NOT_FOUND_DOTENV_ENVIRONMENT: Cannot locate #{environment_key} in .env.vault" unless ciphertext
|
|
123
137
|
|
|
124
138
|
# Decrypt ciphertext
|
|
125
|
-
decrypted = decrypt(ciphertext)
|
|
139
|
+
decrypted = decrypt(ciphertext, key)
|
|
126
140
|
|
|
127
141
|
# Parse decrypted .env string
|
|
128
142
|
Dotenv::Parser.call(decrypted, true)
|
|
129
143
|
end
|
|
130
144
|
|
|
131
145
|
def using_vault?
|
|
132
|
-
present?(ENV["
|
|
146
|
+
present?(ENV["DOTENV_KEY"])
|
|
133
147
|
end
|
|
134
148
|
|
|
135
149
|
def present?(str)
|
|
136
150
|
!(str.nil? || str.empty?)
|
|
137
151
|
end
|
|
138
152
|
|
|
139
|
-
def decrypt(ciphertext)
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
key = ENV["DOTENV_KEY"][-64..-1] # last 64 characters. allows for passing keys with preface like key_*****
|
|
153
|
+
def decrypt(ciphertext, key)
|
|
154
|
+
key = key[-64..-1] # last 64 characters. allows for passing keys with preface like key_*****
|
|
143
155
|
|
|
144
|
-
raise InvalidDotenvKey, "INVALID_DOTENV_KEY:
|
|
156
|
+
raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Key part must be 64 characters long (or more)" unless key.bytesize == 64
|
|
145
157
|
|
|
146
158
|
lockbox = Lockbox.new(key: key, encode: true)
|
|
147
159
|
begin
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dotenv-vault-rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- motdotla
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-09-
|
|
11
|
+
date: 2022-09-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dotenv-rails
|
|
@@ -30,14 +30,14 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - '='
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.
|
|
33
|
+
version: 0.6.0
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - '='
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.
|
|
40
|
+
version: 0.6.0
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: spring
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|