dotenv-vault-rails 0.9.0 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/Gemfile.lock +3 -3
- data/README.md +10 -10
- data/dotenv-vault-rails.gemspec +2 -2
- data/dotenv-vault.gemspec +2 -2
- data/lib/dotenv-vault/version.rb +1 -1
- data/lib/dotenv-vault.rb +55 -21
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4f612aee9f093299bc8f9ffc6d62927f5a90146982add8cf9c5efd9f58c16f13
|
|
4
|
+
data.tar.gz: 06ccf7aa83cd740991576ff3c2a0bdacf1668b3a706feb2014b8d7a59c91208e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9680ab3bb4852d5ac11107c19c90b5ff05b7c5c7218c04134c3005fd4de8421ca4b0b5ef84b348c041749892be1cbc1750bde365bf78034cfef0be907b4c009c
|
|
7
|
+
data.tar.gz: cdf203edcce1452dc5d4666849de31cfb35621cc167d1a7d70e86c083be987119f8f06c65ebac4e10f54e791f0bf15015b345013fe85a65e54a2b2de96c580cd
|
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. See [standa
|
|
|
4
4
|
|
|
5
5
|
## [Unreleased](https://github.com/dotenv-org/dotenv-vault-ruby/compare/v0.9.0...master)
|
|
6
6
|
|
|
7
|
+
## 0.10.0
|
|
8
|
+
|
|
9
|
+
### Added
|
|
10
|
+
|
|
11
|
+
- Support key rotation. Added comma separated capability to `DOTENV_KEY`. Add multiple keys to your DOTENV_KEY for use with decryption. Separate with a comma. [#2](https://github.com/dotenv-org/dotenv-vault-ruby/pull/2)
|
|
12
|
+
|
|
7
13
|
## 0.9.0
|
|
8
14
|
|
|
9
15
|
### Changed
|
data/Gemfile.lock
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
dotenv-vault (0.
|
|
4
|
+
dotenv-vault (0.10.0)
|
|
5
5
|
dotenv
|
|
6
6
|
lockbox
|
|
7
|
-
dotenv-vault-rails (0.
|
|
7
|
+
dotenv-vault-rails (0.10.0)
|
|
8
8
|
dotenv-rails
|
|
9
|
-
dotenv-vault (= 0.
|
|
9
|
+
dotenv-vault (= 0.10.0)
|
|
10
10
|
|
|
11
11
|
GEM
|
|
12
12
|
remote: https://rubygems.org/
|
data/README.md
CHANGED
|
@@ -2,14 +2,10 @@
|
|
|
2
2
|
|
|
3
3
|
<img src="https://raw.githubusercontent.com/motdotla/dotenv/master/dotenv.svg" alt="dotenv-vault" align="right" width="200" />
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
Extends the proven & trusted foundation of [dotenv](https://github.com/bkeepers/dotenv), with a `.env.vault` file.
|
|
6
6
|
|
|
7
7
|
The extended standard lets you sync your `.env` files – quickly & securely. Stop sharing them over insecure channels like Slack and email, and never lose an important `.env` file again.
|
|
8
8
|
|
|
9
|
-
You need a [Dotenv Account](https://dotenv.org) to use Dotenv Vault. It is free to use with premium features.
|
|
10
|
-
|
|
11
|
-
**[Create your account](https://dotenv.org/signup)**
|
|
12
|
-
|
|
13
9
|
## Installation
|
|
14
10
|
|
|
15
11
|
### Rails
|
|
@@ -65,12 +61,12 @@ config.fog_directory = ENV['S3_BUCKET']
|
|
|
65
61
|
|
|
66
62
|
### `.env.vault`
|
|
67
63
|
|
|
68
|
-
|
|
64
|
+
The `.env.vault` extends `.env`. It facilitates syncing your `.env` file across machines, team members, and environments.
|
|
69
65
|
|
|
70
66
|
Usage is similar to git. In the same directory as your `.env` file, run the command:
|
|
71
67
|
|
|
72
68
|
```shell
|
|
73
|
-
npx dotenv-vault new
|
|
69
|
+
$ npx dotenv-vault new
|
|
74
70
|
```
|
|
75
71
|
|
|
76
72
|
Follow those instructions and then run:
|
|
@@ -90,6 +86,8 @@ That's it!
|
|
|
90
86
|
|
|
91
87
|
You just synced your `.env` file. Commit your `.env.vault` file to code, and tell your teammates to run `npx dotenv-vault pull`.
|
|
92
88
|
|
|
89
|
+
[Learn more](https://www.dotenv.org/docs/tutorials/sync)
|
|
90
|
+
|
|
93
91
|
## Multiple Environments
|
|
94
92
|
|
|
95
93
|
Run the command:
|
|
@@ -100,7 +98,9 @@ $ npx dotenv-vault open production
|
|
|
100
98
|
|
|
101
99
|
It will open up an interface to manage your production environment variables.
|
|
102
100
|
|
|
103
|
-
|
|
101
|
+
[Learn more](https://www.dotenv.org/docs/tutorials/environments)
|
|
102
|
+
|
|
103
|
+
## Integrate Anywhere™
|
|
104
104
|
|
|
105
105
|
Build your encrypted `.env.vault`:
|
|
106
106
|
|
|
@@ -131,9 +131,9 @@ All set! When your app boots, it will recognize a `DOTENV_KEY` is set, decrypt t
|
|
|
131
131
|
|
|
132
132
|
Made a change to your production envs? Run `npx dotenv-vault build`, commit that safely to code, and deploy. It's simple and safe like that.
|
|
133
133
|
|
|
134
|
-
|
|
134
|
+
[Learn more](https://www.dotenv.org/docs/tutorials/integrations)
|
|
135
135
|
|
|
136
|
-
|
|
136
|
+
## Dotenv.org
|
|
137
137
|
|
|
138
138
|
You need a [Dotenv Account](https://dotenv.org) to use Dotenv Vault. It is free to use with premium features.
|
|
139
139
|
|
data/dotenv-vault-rails.gemspec
CHANGED
|
@@ -6,8 +6,8 @@ Gem::Specification.new "dotenv-vault-rails" do |spec|
|
|
|
6
6
|
spec.authors = ["motdotla"]
|
|
7
7
|
spec.email = ["mot@mot.la"]
|
|
8
8
|
|
|
9
|
-
spec.summary = %q{
|
|
10
|
-
spec.description = %q{
|
|
9
|
+
spec.summary = %q{Decrypt .env.vault file.}
|
|
10
|
+
spec.description = %q{Decrypt .env.vault file.}
|
|
11
11
|
spec.homepage = "https://github.com/dotenv-org/dotenv-vault-ruby"
|
|
12
12
|
spec.license = "MIT"
|
|
13
13
|
spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
|
data/dotenv-vault.gemspec
CHANGED
|
@@ -6,8 +6,8 @@ Gem::Specification.new "dotenv-vault" do |spec|
|
|
|
6
6
|
spec.authors = ["motdotla"]
|
|
7
7
|
spec.email = ["mot@mot.la"]
|
|
8
8
|
|
|
9
|
-
spec.summary = %q{
|
|
10
|
-
spec.description = %q{
|
|
9
|
+
spec.summary = %q{Decrypt .env.vault file.}
|
|
10
|
+
spec.description = %q{Decrypt .env.vault file.}
|
|
11
11
|
spec.homepage = "https://github.com/dotenv-org/dotenv-vault-ruby"
|
|
12
12
|
spec.license = "MIT"
|
|
13
13
|
spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
|
data/lib/dotenv-vault/version.rb
CHANGED
data/lib/dotenv-vault.rb
CHANGED
|
@@ -117,31 +117,35 @@ module DotenvVault
|
|
|
117
117
|
def parse_vault(*filenames)
|
|
118
118
|
# DOTENV_KEY=development/key_1234
|
|
119
119
|
#
|
|
120
|
-
# Warn the developer unless
|
|
121
|
-
raise NotFoundDotenvKey, "NOT_FOUND_DOTENV_KEY: Cannot find ENV['DOTENV_KEY']" unless present?(
|
|
120
|
+
# Warn the developer unless present
|
|
121
|
+
raise NotFoundDotenvKey, "NOT_FOUND_DOTENV_KEY: Cannot find ENV['DOTENV_KEY']" unless present?(dotenv_key)
|
|
122
122
|
|
|
123
|
-
# Parse
|
|
124
|
-
|
|
123
|
+
# Parse .env.vault
|
|
124
|
+
parsed = Dotenv.parse(vault_path)
|
|
125
125
|
|
|
126
|
-
#
|
|
127
|
-
|
|
128
|
-
|
|
126
|
+
# handle scenario for comma separated keys - for use with key rotation
|
|
127
|
+
# example: DOTENV_KEY="dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=prod,dotenv://:key_7890@dotenv.org/vault/.env.vault?environment=prod"
|
|
128
|
+
keys = dotenv_key.split(',')
|
|
129
129
|
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
130
|
+
decrypted = nil
|
|
131
|
+
keys.each_with_index do |split_dotenv_key, index|
|
|
132
|
+
begin
|
|
133
|
+
# Get full key
|
|
134
|
+
key = split_dotenv_key.strip
|
|
134
135
|
|
|
135
|
-
|
|
136
|
-
|
|
136
|
+
# Get instructions for decrypt
|
|
137
|
+
attrs = instructions(parsed, key)
|
|
137
138
|
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
ciphertext = parsed[environment_key] # DOTENV_VAULT_PRODUCTION
|
|
141
|
-
raise NotFoundDotenvEnvironment, "NOT_FOUND_DOTENV_ENVIRONMENT: Cannot locate #{environment_key} in .env.vault" unless ciphertext
|
|
139
|
+
# Decrypt
|
|
140
|
+
decrypted = decrypt(attrs[:ciphertext], attrs[:key])
|
|
142
141
|
|
|
143
|
-
|
|
144
|
-
|
|
142
|
+
break
|
|
143
|
+
rescue => error
|
|
144
|
+
# last key
|
|
145
|
+
raise error if index >= keys.length - 1
|
|
146
|
+
# try next key
|
|
147
|
+
end
|
|
148
|
+
end
|
|
145
149
|
|
|
146
150
|
# Parse decrypted .env string
|
|
147
151
|
Dotenv::Parser.call(decrypted, true)
|
|
@@ -152,7 +156,13 @@ module DotenvVault
|
|
|
152
156
|
end
|
|
153
157
|
|
|
154
158
|
def dotenv_key_present?
|
|
155
|
-
present?(
|
|
159
|
+
present?(dotenv_key) && dotenv_vault_present?
|
|
160
|
+
end
|
|
161
|
+
|
|
162
|
+
def dotenv_key
|
|
163
|
+
return ENV["DOTENV_KEY"] if present?(ENV["DOTENV_KEY"])
|
|
164
|
+
|
|
165
|
+
""
|
|
156
166
|
end
|
|
157
167
|
|
|
158
168
|
def dotenv_vault_present?
|
|
@@ -170,7 +180,7 @@ module DotenvVault
|
|
|
170
180
|
def decrypt(ciphertext, key)
|
|
171
181
|
key = key[-64..-1] # last 64 characters. allows for passing keys with preface like key_*****
|
|
172
182
|
|
|
173
|
-
raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Key part must be 64 characters long (or more)" unless key.bytesize == 64
|
|
183
|
+
raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Key part must be 64 characters long (or more)" unless key && key.bytesize == 64
|
|
174
184
|
|
|
175
185
|
lockbox = Lockbox.new(key: key, encode: true)
|
|
176
186
|
begin
|
|
@@ -179,4 +189,28 @@ module DotenvVault
|
|
|
179
189
|
raise DecryptionFailed, "DECRYPTION_FAILED: Please check your DOTENV_KEY"
|
|
180
190
|
end
|
|
181
191
|
end
|
|
192
|
+
|
|
193
|
+
def instructions(parsed, split_dotenv_key)
|
|
194
|
+
# Parse DOTENV_KEY. Format is a URI
|
|
195
|
+
uri = URI.parse(split_dotenv_key) # dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=production
|
|
196
|
+
|
|
197
|
+
# Get decrypt key
|
|
198
|
+
key = uri.password
|
|
199
|
+
raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Missing key part" unless present?(key)
|
|
200
|
+
|
|
201
|
+
# Get environment
|
|
202
|
+
params = Hash[URI::decode_www_form(uri.query.to_s)]
|
|
203
|
+
environment = params["environment"]
|
|
204
|
+
raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Missing environment part" unless present?(environment)
|
|
205
|
+
|
|
206
|
+
# Get ciphertext payload
|
|
207
|
+
environment_key = "DOTENV_VAULT_#{environment.upcase}"
|
|
208
|
+
ciphertext = parsed[environment_key] # DOTENV_VAULT_PRODUCTION
|
|
209
|
+
raise NotFoundDotenvEnvironment, "NOT_FOUND_DOTENV_ENVIRONMENT: Cannot locate #{environment_key} in .env.vault" unless ciphertext
|
|
210
|
+
|
|
211
|
+
{
|
|
212
|
+
ciphertext: ciphertext,
|
|
213
|
+
key: key
|
|
214
|
+
}
|
|
215
|
+
end
|
|
182
216
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dotenv-vault-rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- motdotla
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-11-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dotenv-rails
|
|
@@ -30,14 +30,14 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - '='
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.
|
|
33
|
+
version: 0.10.0
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - '='
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.
|
|
40
|
+
version: 0.10.0
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: spring
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -66,7 +66,7 @@ dependencies:
|
|
|
66
66
|
- - ">="
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '0'
|
|
69
|
-
description:
|
|
69
|
+
description: Decrypt .env.vault file.
|
|
70
70
|
email:
|
|
71
71
|
- mot@mot.la
|
|
72
72
|
executables: []
|
|
@@ -117,5 +117,5 @@ requirements: []
|
|
|
117
117
|
rubygems_version: 3.1.6
|
|
118
118
|
signing_key:
|
|
119
119
|
specification_version: 4
|
|
120
|
-
summary:
|
|
120
|
+
summary: Decrypt .env.vault file.
|
|
121
121
|
test_files: []
|