dotenv-vault-rails 0.4.1 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +3 -3
- data/lib/dotenv-vault/version.rb +1 -1
- data/lib/dotenv-vault.rb +25 -13
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 40bf354479d33c010a5f1899482b90f9ee6094702c6c99ae730a115ac53227a8
|
|
4
|
+
data.tar.gz: 5afb9b56bfbceb85e78f1252420569316496f4f229b336d912ba854aa763f6fb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 32fb077fb0c97c19522cff72e8d4721b90ab106d6d2606ad3cb684c4290d9f75c3b4b6fd73a839094dbb439518231ae37983254b20c2f8ebc155e07e4abf5fb9
|
|
7
|
+
data.tar.gz: a14615e72623fef08ffccc662dd86d2950e2b34b65f613032382b9e16bff1ee5592b81ec7be8e40f7602f0a89e3cebdff440373f1adb99ab9520f1296bb14787
|
data/Gemfile.lock
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
dotenv-vault (0.
|
|
4
|
+
dotenv-vault (0.6.0)
|
|
5
5
|
dotenv
|
|
6
6
|
lockbox
|
|
7
|
-
dotenv-vault-rails (0.
|
|
7
|
+
dotenv-vault-rails (0.6.0)
|
|
8
8
|
dotenv-rails
|
|
9
|
-
dotenv-vault (= 0.
|
|
9
|
+
dotenv-vault (= 0.6.0)
|
|
10
10
|
|
|
11
11
|
GEM
|
|
12
12
|
remote: https://rubygems.org/
|
data/lib/dotenv-vault/version.rb
CHANGED
data/lib/dotenv-vault.rb
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
require "uri"
|
|
1
2
|
require "dotenv"
|
|
2
3
|
require "lockbox"
|
|
3
4
|
require "dotenv-vault/version"
|
|
@@ -105,43 +106,54 @@ module DotenvVault
|
|
|
105
106
|
end
|
|
106
107
|
|
|
107
108
|
def parse_vault(*filenames)
|
|
108
|
-
#
|
|
109
|
+
# DOTENV_KEY=development/key_1234
|
|
110
|
+
#
|
|
111
|
+
# Warn the developer unless formatted correctly
|
|
109
112
|
raise NotFoundDotenvKey, "NOT_FOUND_DOTENV_KEY: Cannot find ENV['DOTENV_KEY']" unless present?(ENV["DOTENV_KEY"])
|
|
110
|
-
raise NotFoundDotenvEnvironment, "NOT_FOUND_DOTENV_ENVIRONMENT: Cannot find ENV['DOTENV_ENVIRONMENT']" unless present?(ENV["DOTENV_ENVIRONMENT"])
|
|
111
113
|
|
|
112
|
-
#
|
|
113
|
-
|
|
114
|
-
|
|
114
|
+
# Parse DOTENV_KEY. Format is a URI
|
|
115
|
+
uri = URI.parse(ENV["DOTENV_KEY"]) # dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=production
|
|
116
|
+
|
|
117
|
+
# Get decrypt key
|
|
118
|
+
key = uri.password
|
|
119
|
+
raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Missing key part" unless present?(key)
|
|
120
|
+
|
|
121
|
+
# Get environment
|
|
122
|
+
params = Hash[URI::decode_www_form(uri.query.to_s)]
|
|
123
|
+
environment = params["environment"]
|
|
124
|
+
raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Missing environment part" unless present?(environment)
|
|
125
|
+
|
|
126
|
+
# Get vault path
|
|
127
|
+
vault_path = uri.path.gsub("/vault/", "") # /vault/.env.vault => .env.vault
|
|
128
|
+
raise NotFoundDotenvVault, "NotFoundDotenvVault: Cannot find .env.vault at #{vaultPath}" unless File.file?(vault_path)
|
|
115
129
|
|
|
116
130
|
# Parse .env.vault
|
|
117
131
|
parsed = Dotenv.parse(vault_path)
|
|
118
132
|
|
|
119
133
|
# Get ciphertext
|
|
120
|
-
environment_key = "DOTENV_VAULT_#{
|
|
134
|
+
environment_key = "DOTENV_VAULT_#{environment.upcase}"
|
|
121
135
|
ciphertext = parsed[environment_key] # DOTENV_VAULT_PRODUCTION
|
|
122
136
|
raise NotFoundDotenvEnvironment, "NOT_FOUND_DOTENV_ENVIRONMENT: Cannot locate #{environment_key} in .env.vault" unless ciphertext
|
|
123
137
|
|
|
124
138
|
# Decrypt ciphertext
|
|
125
|
-
decrypted = decrypt(ciphertext)
|
|
139
|
+
decrypted = decrypt(ciphertext, key)
|
|
126
140
|
|
|
127
141
|
# Parse decrypted .env string
|
|
128
142
|
Dotenv::Parser.call(decrypted, true)
|
|
129
143
|
end
|
|
130
144
|
|
|
131
145
|
def using_vault?
|
|
132
|
-
present?(ENV["
|
|
146
|
+
present?(ENV["DOTENV_KEY"])
|
|
133
147
|
end
|
|
134
148
|
|
|
135
149
|
def present?(str)
|
|
136
150
|
!(str.nil? || str.empty?)
|
|
137
151
|
end
|
|
138
152
|
|
|
139
|
-
def decrypt(ciphertext)
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
key = ENV["DOTENV_KEY"][-64..-1] # last 64 characters. allows for passing keys with preface like key_*****
|
|
153
|
+
def decrypt(ciphertext, key)
|
|
154
|
+
key = key[-64..-1] # last 64 characters. allows for passing keys with preface like key_*****
|
|
143
155
|
|
|
144
|
-
raise InvalidDotenvKey, "INVALID_DOTENV_KEY:
|
|
156
|
+
raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Key part must be 64 characters long (or more)" unless key.bytesize == 64
|
|
145
157
|
|
|
146
158
|
lockbox = Lockbox.new(key: key, encode: true)
|
|
147
159
|
begin
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dotenv-vault-rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- motdotla
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-09-
|
|
11
|
+
date: 2022-09-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dotenv-rails
|
|
@@ -30,14 +30,14 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - '='
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.
|
|
33
|
+
version: 0.6.0
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - '='
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.
|
|
40
|
+
version: 0.6.0
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: spring
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|