dotenv-vault 0.9.0 → 0.10.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/Gemfile.lock +3 -3
  4. data/README.md +10 -10
  5. data/dotenv-vault-rails.gemspec +2 -2
  6. data/dotenv-vault.gemspec +2 -2
  7. data/lib/dotenv-vault/version.rb +1 -1
  8. data/lib/dotenv-vault.rb +55 -21
  9. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 28ae7886dc467b2b1b79693a72a4d9d5cbbee538ef1ba59e3519647590d0612c
4
- data.tar.gz: 91363e287dec8d84e15a3e8cc4f64e25c5b71c5fc99f28f9adb03afb00b87473
3
+ metadata.gz: d50c70b0cdf146642c45402aced8a3a917835a08d705d12285365a52b9e42c28
4
+ data.tar.gz: 0cad8a7095928704247fd5c0cde071be993612805c67163bde7e0c79d57c450c
5
5
  SHA512:
6
- metadata.gz: 07a3671502b3e5e55450958b287b791d4859932ec51c564abaafcdf72259cf141944c4ca3b45ea093628bf062cf2b32b5cbe30643979c9d1d99d7947d3b40a5c
7
- data.tar.gz: e44a690fbf4f660049ac24ebe2e1e42ca2f907fa2b0696ee3fc652e6e6bfda04cc7130278b06083d37d3650e602ff154a51cd2cd98a5fe03da51e758a77eb1f7
6
+ metadata.gz: 71b28ee0642d01ccfcb065c32265d9352a4696e8dc16822917066039efad4e42b3155d365dcfa3780d26cc295804f72c5419d6e47360d25d45ad190c7e08c9e2
7
+ data.tar.gz: ae75c04dbad3f6a66d6b2f77eadd10a31d54de2c6e4f75a4f8a5c779fa6b70644d5bccfeb9b104e065de5abff1eade9321acce525f485bb8d75a6dcf44f55d42
data/CHANGELOG.md CHANGED
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. See [standa
4
4
 
5
5
  ## [Unreleased](https://github.com/dotenv-org/dotenv-vault-ruby/compare/v0.9.0...master)
6
6
 
7
+ ## 0.10.0
8
+
9
+ ### Added
10
+
11
+ - Support key rotation. Added comma separated capability to `DOTENV_KEY`. Add multiple keys to your DOTENV_KEY for use with decryption. Separate with a comma. [#2](https://github.com/dotenv-org/dotenv-vault-ruby/pull/2)
12
+
7
13
  ## 0.9.0
8
14
 
9
15
  ### Changed
data/Gemfile.lock CHANGED
@@ -1,12 +1,12 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- dotenv-vault (0.9.0)
4
+ dotenv-vault (0.10.0)
5
5
  dotenv
6
6
  lockbox
7
- dotenv-vault-rails (0.9.0)
7
+ dotenv-vault-rails (0.10.0)
8
8
  dotenv-rails
9
- dotenv-vault (= 0.9.0)
9
+ dotenv-vault (= 0.10.0)
10
10
 
11
11
  GEM
12
12
  remote: https://rubygems.org/
data/README.md CHANGED
@@ -2,14 +2,10 @@
2
2
 
3
3
  <img src="https://raw.githubusercontent.com/motdotla/dotenv/master/dotenv.svg" alt="dotenv-vault" align="right" width="200" />
4
4
 
5
- Dotenv Vault extends the proven & trusted foundation of [dotenv](https://github.com/bkeepers/dotenv), with a `.env.vault` file.
5
+ Extends the proven & trusted foundation of [dotenv](https://github.com/bkeepers/dotenv), with a `.env.vault` file.
6
6
 
7
7
  The extended standard lets you sync your `.env` files – quickly & securely. Stop sharing them over insecure channels like Slack and email, and never lose an important `.env` file again.
8
8
 
9
- You need a [Dotenv Account](https://dotenv.org) to use Dotenv Vault. It is free to use with premium features.
10
-
11
- **[Create your account](https://dotenv.org/signup)**
12
-
13
9
  ## Installation
14
10
 
15
11
  ### Rails
@@ -65,12 +61,12 @@ config.fog_directory = ENV['S3_BUCKET']
65
61
 
66
62
  ### `.env.vault`
67
63
 
68
- Extended usage uses a `.env.vault` file that allows you to sync your secrets across machines, team members, and environments.
64
+ The `.env.vault` extends `.env`. It facilitates syncing your `.env` file across machines, team members, and environments.
69
65
 
70
66
  Usage is similar to git. In the same directory as your `.env` file, run the command:
71
67
 
72
68
  ```shell
73
- npx dotenv-vault new
69
+ $ npx dotenv-vault new
74
70
  ```
75
71
 
76
72
  Follow those instructions and then run:
@@ -90,6 +86,8 @@ That's it!
90
86
 
91
87
  You just synced your `.env` file. Commit your `.env.vault` file to code, and tell your teammates to run `npx dotenv-vault pull`.
92
88
 
89
+ [Learn more](https://www.dotenv.org/docs/tutorials/sync)
90
+
93
91
  ## Multiple Environments
94
92
 
95
93
  Run the command:
@@ -100,7 +98,9 @@ $ npx dotenv-vault open production
100
98
 
101
99
  It will open up an interface to manage your production environment variables.
102
100
 
103
- ## Build & Deploy Anywhere
101
+ [Learn more](https://www.dotenv.org/docs/tutorials/environments)
102
+
103
+ ## Integrate Anywhere™
104
104
 
105
105
  Build your encrypted `.env.vault`:
106
106
 
@@ -131,9 +131,9 @@ All set! When your app boots, it will recognize a `DOTENV_KEY` is set, decrypt t
131
131
 
132
132
  Made a change to your production envs? Run `npx dotenv-vault build`, commit that safely to code, and deploy. It's simple and safe like that.
133
133
 
134
- ## Dotenv.org
134
+ [Learn more](https://www.dotenv.org/docs/tutorials/integrations)
135
135
 
136
- **[Create your account](https://dotenv.org/signup)**
136
+ ## Dotenv.org
137
137
 
138
138
  You need a [Dotenv Account](https://dotenv.org) to use Dotenv Vault. It is free to use with premium features.
139
139
 
data/dotenv-vault-rails.gemspec CHANGED
@@ -6,8 +6,8 @@ Gem::Specification.new "dotenv-vault-rails" do |spec|
6
6
  spec.authors = ["motdotla"]
7
7
  spec.email = ["mot@mot.la"]
8
8
 
9
- spec.summary = %q{dotenv-vault-rails}
10
- spec.description = %q{dotenv-vault-rails}
9
+ spec.summary = %q{Decrypt .env.vault file.}
10
+ spec.description = %q{Decrypt .env.vault file.}
11
11
  spec.homepage = "https://github.com/dotenv-org/dotenv-vault-ruby"
12
12
  spec.license = "MIT"
13
13
  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
data/dotenv-vault.gemspec CHANGED
@@ -6,8 +6,8 @@ Gem::Specification.new "dotenv-vault" do |spec|
6
6
  spec.authors = ["motdotla"]
7
7
  spec.email = ["mot@mot.la"]
8
8
 
9
- spec.summary = %q{dotenv-vault}
10
- spec.description = %q{dotenv-vault}
9
+ spec.summary = %q{Decrypt .env.vault file.}
10
+ spec.description = %q{Decrypt .env.vault file.}
11
11
  spec.homepage = "https://github.com/dotenv-org/dotenv-vault-ruby"
12
12
  spec.license = "MIT"
13
13
  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
data/lib/dotenv-vault/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module DotenvVault
2
- VERSION = "0.9.0"
2
+ VERSION = "0.10.0"
3
3
  end
data/lib/dotenv-vault.rb CHANGED
@@ -117,31 +117,35 @@ module DotenvVault
117
117
  def parse_vault(*filenames)
118
118
  # DOTENV_KEY=development/key_1234
119
119
  #
120
- # Warn the developer unless formatted correctly
121
- raise NotFoundDotenvKey, "NOT_FOUND_DOTENV_KEY: Cannot find ENV['DOTENV_KEY']" unless present?(ENV["DOTENV_KEY"])
120
+ # Warn the developer unless present
121
+ raise NotFoundDotenvKey, "NOT_FOUND_DOTENV_KEY: Cannot find ENV['DOTENV_KEY']" unless present?(dotenv_key)
122
122
 
123
- # Parse DOTENV_KEY. Format is a URI
124
- uri = URI.parse(ENV["DOTENV_KEY"]) # dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=production
123
+ # Parse .env.vault
124
+ parsed = Dotenv.parse(vault_path)
125
125
 
126
- # Get decrypt key
127
- key = uri.password
128
- raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Missing key part" unless present?(key)
126
+ # handle scenario for comma separated keys - for use with key rotation
127
+ # example: DOTENV_KEY="dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=prod,dotenv://:key_7890@dotenv.org/vault/.env.vault?environment=prod"
128
+ keys = dotenv_key.split(',')
129
129
 
130
- # Get environment
131
- params = Hash[URI::decode_www_form(uri.query.to_s)]
132
- environment = params["environment"]
133
- raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Missing environment part" unless present?(environment)
130
+ decrypted = nil
131
+ keys.each_with_index do |split_dotenv_key, index|
132
+ begin
133
+ # Get full key
134
+ key = split_dotenv_key.strip
134
135
 
135
- # Parse .env.vault
136
- parsed = Dotenv.parse(vault_path)
136
+ # Get instructions for decrypt
137
+ attrs = instructions(parsed, key)
137
138
 
138
- # Get ciphertext
139
- environment_key = "DOTENV_VAULT_#{environment.upcase}"
140
- ciphertext = parsed[environment_key] # DOTENV_VAULT_PRODUCTION
141
- raise NotFoundDotenvEnvironment, "NOT_FOUND_DOTENV_ENVIRONMENT: Cannot locate #{environment_key} in .env.vault" unless ciphertext
139
+ # Decrypt
140
+ decrypted = decrypt(attrs[:ciphertext], attrs[:key])
142
141
 
143
- # Decrypt ciphertext
144
- decrypted = decrypt(ciphertext, key)
142
+ break
143
+ rescue => error
144
+ # last key
145
+ raise error if index >= keys.length - 1
146
+ # try next key
147
+ end
148
+ end
145
149
 
146
150
  # Parse decrypted .env string
147
151
  Dotenv::Parser.call(decrypted, true)
@@ -152,7 +156,13 @@ module DotenvVault
152
156
  end
153
157
 
154
158
  def dotenv_key_present?
155
- present?(ENV["DOTENV_KEY"]) && dotenv_vault_present?
159
+ present?(dotenv_key) && dotenv_vault_present?
160
+ end
161
+
162
+ def dotenv_key
163
+ return ENV["DOTENV_KEY"] if present?(ENV["DOTENV_KEY"])
164
+
165
+ ""
156
166
  end
157
167
 
158
168
  def dotenv_vault_present?
@@ -170,7 +180,7 @@ module DotenvVault
170
180
  def decrypt(ciphertext, key)
171
181
  key = key[-64..-1] # last 64 characters. allows for passing keys with preface like key_*****
172
182
 
173
- raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Key part must be 64 characters long (or more)" unless key.bytesize == 64
183
+ raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Key part must be 64 characters long (or more)" unless key && key.bytesize == 64
174
184
 
175
185
  lockbox = Lockbox.new(key: key, encode: true)
176
186
  begin
@@ -179,4 +189,28 @@ module DotenvVault
179
189
  raise DecryptionFailed, "DECRYPTION_FAILED: Please check your DOTENV_KEY"
180
190
  end
181
191
  end
192
+
193
+ def instructions(parsed, split_dotenv_key)
194
+ # Parse DOTENV_KEY. Format is a URI
195
+ uri = URI.parse(split_dotenv_key) # dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=production
196
+
197
+ # Get decrypt key
198
+ key = uri.password
199
+ raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Missing key part" unless present?(key)
200
+
201
+ # Get environment
202
+ params = Hash[URI::decode_www_form(uri.query.to_s)]
203
+ environment = params["environment"]
204
+ raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Missing environment part" unless present?(environment)
205
+
206
+ # Get ciphertext payload
207
+ environment_key = "DOTENV_VAULT_#{environment.upcase}"
208
+ ciphertext = parsed[environment_key] # DOTENV_VAULT_PRODUCTION
209
+ raise NotFoundDotenvEnvironment, "NOT_FOUND_DOTENV_ENVIRONMENT: Cannot locate #{environment_key} in .env.vault" unless ciphertext
210
+
211
+ {
212
+ ciphertext: ciphertext,
213
+ key: key
214
+ }
215
+ end
182
216
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dotenv-vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.0
4
+ version: 0.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - motdotla
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-10-23 00:00:00.000000000 Z
11
+ date: 2022-11-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dotenv
@@ -80,7 +80,7 @@ dependencies:
80
80
  - - ">="
81
81
  - !ruby/object:Gem::Version
82
82
  version: '0'
83
- description: dotenv-vault
83
+ description: Decrypt .env.vault file.
84
84
  email:
85
85
  - mot@mot.la
86
86
  executables: []
@@ -131,5 +131,5 @@ requirements: []
131
131
  rubygems_version: 3.1.6
132
132
  signing_key:
133
133
  specification_version: 4
134
- summary: dotenv-vault
134
+ summary: Decrypt .env.vault file.
135
135
  test_files: []