RubyGems - dotenvcrypt - Versions diffs - 0.6.0 → 0.7.0 - Mend

dotenvcrypt 0.6.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/README.md +56 -14
data/bin/dotenvcrypt +6 -4
data/lib/dotenvcrypt/cli/commands.rb +87 -0
data/lib/dotenvcrypt/cli/key_manager.rb +31 -0
data/lib/dotenvcrypt/version.rb +13 -1
data/lib/dotenvcrypt.rb +25 -3
metadata +18 -4
data/lib/dotenvcrypt/encryptor.rb +0 -65
data/lib/dotenvcrypt/manager.rb +0 -90

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1ead91de7add08540af64e47ff6f32f8c0a3e0f552fdd6b5a04a0485dc618909
-  data.tar.gz: fef0232606440a15f36b5f9e3ab39588df74780cd110697e53c4cfc1a5ca1f48
+  metadata.gz: 111cda13c2044b722ef62e9fb14425ad5c02476934d81a65708e1c72e031a11c
+  data.tar.gz: '0084c2763785031c2bf4806d03dcad28c31a9480953c66438dfcf1e18729f5db'
 SHA512:
-  metadata.gz: 64aa077f96823950f7c354f9a08f61c671e042d2fefd17df84c5776f53cbc21c590b6716c22d3d696baa2cf67804142b6a44cef5fc7acde87c5fc182f4ffbbea
-  data.tar.gz: 2600fa1f56ae93551ad6649f7dca32cebb2dbfd3bec63c5501a5c836162110d4aa2eff7efaccde382a0044c312ac0dce44cb890dc54c9e0b1bde9eea9b02249d
+  metadata.gz: 04c1dbfae62eebd97256f895692ba7cac8f55214cdebea571a2157bf9108848c49c5359c1e46ce73fcc950840f6bb30e3306c9f00e4b187b3c6338d0c7f81a5b
+  data.tar.gz: 43a7f64f3487e7787cfab7bb13937937fb8fee32552c4b1898233c3d5b6f4f21e9c7ba254f8742b8420e05097eac591d87ce2039ea572a285f0c412f8ed817ae

data/README.md CHANGED Viewed

@@ -1,4 +1,4 @@
-# dotenvcrypt 🛡️🔐
+# dotenvcrypt
 **Securely encrypt, manage, and load your `.env` files in public repositories.**
@@ -6,15 +6,16 @@
 ---
-## 🚀 Features
+## Features
-- ✅ Encrypt `.env` files into `.env.enc` for safe storage in Git.
-- ✅ Decrypt and load environment variables securely into the shell.
-- ✅ Edit encrypted `.env.enc`, then re-encrypt after saving.
+- Encrypt `.env` files into `.env.enc` for safe storage in Git
+- Decrypt and load environment variables securely into the shell
+- Edit encrypted `.env.enc`, then re-encrypt after saving
+- Use as a CLI tool or as a Ruby library
 ---
-## 📦 Installation
+## Installation
 ### Using Homebrew (recommended)
@@ -22,7 +23,15 @@
 brew install namolnad/formulae/dotenvcrypt
 ```
-## 🔧 Usage
+### Using RubyGems
+```bash
+gem install dotenvcrypt
+```
+---
+## CLI Usage
 ### Basic Commands
@@ -45,13 +54,13 @@ eval "$(dotenvcrypt decrypt .env.enc)"
 dotenvcrypt looks for your encryption key in these locations (in order):
 1. Command line argument: `--key YOUR_SECRET_KEY`
-1. Environment variable: `DOTENVCRYPT_KEY`
-1. File: `./.dotenvcrypt.key` (in the current directory)
-1. File: `$XDG_CONFIG_HOME/dotenvcrypt/secret.key` (or `$HOME/.config/dotenvcrypt/secret.key`)
-1. File: `$HOME/.dotenvcrypt.key`
-1. Interactive prompt (if no key is found)
+2. Environment variable: `DOTENVCRYPT_KEY`
+3. File: `./.dotenvcrypt.key` (in the current directory)
+4. File: `$XDG_CONFIG_HOME/dotenvcrypt/secret.key` (or `$HOME/.config/dotenvcrypt/secret.key`)
+5. File: `$HOME/.dotenvcrypt.key`
+6. Interactive prompt (if no key is found)
-### Real-World Example
+### Shell Integration Example
 Add this to your shell profile (`.zshrc`, `.bashrc`, etc.) to automatically load variables:
@@ -65,10 +74,43 @@ if [[ ! -f $dotenvcrypt_key_path || ! -s $dotenvcrypt_key_path ]]; then
   chmod 600 $dotenvcrypt_key_path
 fi
-# Load encrypted environment variables if envcrypt is installed
+# Load encrypted environment variables if dotenvcrypt is installed
 if command -v dotenvcrypt &> /dev/null; then
   set -a  # automatically export all variables
   eval "$(dotenvcrypt decrypt $HOME/.env.enc)"
   set +a  # stop automatically exporting
 fi
 ```
+---
+## Library Usage
+You can also use dotenvcrypt as a Ruby library in your applications:
+```ruby
+require 'dotenvcrypt'
+# Load encrypted .env file directly into ENV
+Dotenvcrypt.load_env('.env.enc', key: 'your-secret-key')
+# Now your environment variables are available
+puts ENV['DATABASE_URL']
+```
+For more advanced library usage, see the [dotenvcrypt-core](https://github.com/namolnad/dotenvcrypt/tree/main/core) documentation.
+---
+## Security
+- Uses AES-256 in GCM (Galois/Counter Mode) for authenticated encryption
+- Generates secure random initialization vectors (IV) for each encryption
+- Provides tamper detection via authentication tags
+- Keys are hashed with SHA256 before use
+---
+## License
+MIT

data/bin/dotenvcrypt CHANGED Viewed

@@ -49,17 +49,19 @@ if command.nil?
   exit 1
 end
-dotenvcrypt = Dotenvcrypt::Manager.new(options[:key])
+# Fetch encryption key
+key = Dotenvcrypt::CLI::KeyManager.fetch_key(options[:key])
+commands = Dotenvcrypt::CLI::Commands.new(key: key)
 case command
 when 'encrypt'
   input_file = ARGV[0] || UNENCRYPTED_FILE
   output_file = ARGV[1] || ENCRYPTED_FILE
-  dotenvcrypt.encrypt_file(input_file, output_file)
+  commands.encrypt_file(input_file, output_file)
 when 'decrypt'
-  dotenvcrypt.decrypt_file(ARGV[0] || ENCRYPTED_FILE)
+  commands.decrypt_file(ARGV[0] || ENCRYPTED_FILE)
 when 'edit'
-  dotenvcrypt.edit_file(ARGV[0] || ENCRYPTED_FILE)
+  commands.edit_file(ARGV[0] || ENCRYPTED_FILE)
 else
   puts "Unknown command: #{command}"
   puts opt_parser

data/lib/dotenvcrypt/cli/commands.rb ADDED Viewed

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+require 'tempfile'
+module Dotenvcrypt
+  module CLI
+    class Commands
+      def initialize(key:)
+        @key = key
+        @encryptor = Dotenvcrypt::Core::Encryptor.new(key)
+      end
+      # Encrypt an existing `.env` file
+      def encrypt_file(unencrypted_file, encrypted_file)
+        unless File.exist?(unencrypted_file)
+          puts "❌ File not found: #{unencrypted_file}"
+          exit(1)
+        end
+        encrypted_data = @encryptor.encrypt(File.read(unencrypted_file))
+        File.write(encrypted_file, encrypted_data)
+        puts "🔒 Encrypted #{unencrypted_file} → #{encrypted_file}"
+      rescue Dotenvcrypt::Core::EncryptionError => e
+        puts "❌ Encryption failed: #{e.message}"
+        exit(1)
+      end
+      # Decrypt an encrypted `.env` file and print to stdout
+      def decrypt_file(encrypted_file)
+        unless File.exist?(encrypted_file)
+          puts "❌ File not found: #{encrypted_file}"
+          exit(1)
+        end
+        decrypted_content = @encryptor.decrypt(File.read(encrypted_file))
+        puts decrypted_content
+      rescue Dotenvcrypt::Core::DecryptionError => e
+        puts "❌ Decryption failed: #{e.message}"
+        exit(1)
+      rescue Dotenvcrypt::Core::InvalidFormatError => e
+        puts "❌ #{e.message}"
+        exit(1)
+      end
+      # Edit decrypted env, then re-encrypt
+      def edit_file(encrypted_file)
+        unless File.exist?(encrypted_file)
+          puts "❌ File not found: #{encrypted_file}"
+          exit(1)
+        end
+        temp_file = Tempfile.new('dotenvcrypt')
+        begin
+          original_content = @encryptor.decrypt(File.read(encrypted_file))
+          File.write(temp_file.path, original_content)
+          puts "Waiting for file to be saved. Abort with Ctrl-C."
+          system("#{ENV['EDITOR'] || 'vim'} #{temp_file.path}")
+          updated_content = File.read(temp_file.path)
+          if updated_content != original_content
+            encrypted_data = @encryptor.encrypt(updated_content)
+            File.write(encrypted_file, encrypted_data)
+          end
+          puts "🔒 Encrypted and saved #{encrypted_file}"
+        rescue Dotenvcrypt::Core::DecryptionError => e
+          puts "❌ Decryption failed: #{e.message}"
+          exit(1)
+        rescue Dotenvcrypt::Core::EncryptionError => e
+          puts "❌ Encryption failed: #{e.message}"
+          exit(1)
+        rescue Dotenvcrypt::Core::InvalidFormatError => e
+          puts "❌ #{e.message}"
+          exit(1)
+        ensure
+          temp_file.unlink if temp_file
+        end
+      end
+    end
+  end
+end

data/lib/dotenvcrypt/cli/key_manager.rb ADDED Viewed

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+require 'tty-prompt'
+module Dotenvcrypt
+  module CLI
+    class KeyManager
+      # Determine config directory following XDG Base Directory Specification
+      CONFIG_HOME = ENV['XDG_CONFIG_HOME'] || "#{ENV['HOME']}/.config"
+      CONFIG_DIR = "#{CONFIG_HOME}/dotenvcrypt".freeze
+      # Check multiple locations in order of preference
+      ENCRYPTION_KEY_LOCATIONS = [
+        "#{Dir.pwd}/.dotenvcrypt.key",             # Project-specific key (current directory)
+        "#{CONFIG_DIR}/secret.key",                # XDG standard location
+        "#{ENV['HOME']}/.dotenvcrypt.key"          # Legacy location (for backward compatibility)
+      ].freeze
+      def self.fetch_key(cli_key = nil)
+        return cli_key if cli_key && !cli_key.empty?
+        return ENV['DOTENVCRYPT_KEY'] if ENV['DOTENVCRYPT_KEY'] && !ENV['DOTENVCRYPT_KEY'].empty?
+        ENCRYPTION_KEY_LOCATIONS.each do |key_file|
+          return File.read(key_file).strip if File.exist?(key_file)
+        end
+        TTY::Prompt.new.ask("Enter encryption key:", echo: false)
+      end
+    end
+  end
+end

data/lib/dotenvcrypt/version.rb CHANGED Viewed

@@ -1,3 +1,15 @@
+# frozen_string_literal: true
+# During gem build or in monorepo: read version from core directly
+core_version_file = File.expand_path('../../core/lib/dotenvcrypt/core/version.rb', __dir__)
+if File.exist?(core_version_file)
+  # Load from monorepo structure
+  require_relative '../../core/lib/dotenvcrypt/core/version'
+else
+  # For gem installation: load from installed dotenvcrypt-core gem
+  require 'dotenvcrypt/core/version'
+end
 module Dotenvcrypt
-  VERSION = "0.6.0"
+  VERSION = Core::VERSION
 end

data/lib/dotenvcrypt.rb CHANGED Viewed

@@ -1,3 +1,25 @@
-require_relative "dotenvcrypt/encryptor"
-require_relative "dotenvcrypt/manager"
-require_relative "dotenvcrypt/version"
+# frozen_string_literal: true
+# For development/monorepo: try to load from relative path first
+begin
+  require_relative '../../core/lib/dotenvcrypt-core'
+rescue LoadError
+  # For gem installation: load from installed dotenvcrypt-core gem
+  require 'dotenvcrypt-core'
+end
+require 'tty-prompt'
+require 'tty-command'
+require_relative 'dotenvcrypt/version'
+require_relative 'dotenvcrypt/cli/key_manager'
+require_relative 'dotenvcrypt/cli/commands'
+module Dotenvcrypt
+  # Re-export core functionality (if not already defined)
+  Core = Dotenvcrypt::Core unless defined?(Core)
+  # Convenience method for library usage
+  def self.load_env(encrypted_file_path, key:)
+    Core.load_env(encrypted_file_path, key: key)
+  end
+end

metadata CHANGED Viewed

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: dotenvcrypt
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.7.0
 platform: ruby
 authors:
 - Dan Loman
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-03-15 00:00:00.000000000 Z
+date: 2025-12-30 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: dotenvcrypt-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.7.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.7.0
 - !ruby/object:Gem::Dependency
   name: tty-prompt
   requirement: !ruby/object:Gem::Requirement
@@ -51,8 +65,8 @@ files:
 - README.md
 - bin/dotenvcrypt
 - lib/dotenvcrypt.rb
-- lib/dotenvcrypt/encryptor.rb
-- lib/dotenvcrypt/manager.rb
+- lib/dotenvcrypt/cli/commands.rb
+- lib/dotenvcrypt/cli/key_manager.rb
 - lib/dotenvcrypt/version.rb
 homepage: https://github.com/namolnad/dotenvcrypt
 licenses:

data/lib/dotenvcrypt/encryptor.rb DELETED Viewed

@@ -1,65 +0,0 @@
-module Dotenvcrypt
-  class Encryptor
-    def initialize(encryption_key)
-      @encryption_key = encryption_key
-    end
-    # Encrypt file
-    def encrypt(data)
-      cipher = OpenSSL::Cipher::AES256.new(:GCM)
-      cipher.encrypt
-      key = OpenSSL::Digest::SHA256.digest(encryption_key)
-      cipher.key = key
-      # Generate a secure random IV (12 bytes is recommended for GCM)
-      iv = cipher.random_iv
-      encrypted = cipher.update(data) + cipher.final
-      # Get the authentication tag (16 bytes)
-      auth_tag = cipher.auth_tag
-      # Combine IV, encrypted data, and auth tag
-      combined = iv + auth_tag + encrypted
-      # Convert to base64 for readability
-      Base64.strict_encode64(combined)
-    end
-    # Decrypt file
-    def decrypt(encoded_data)
-      begin
-        data = Base64.strict_decode64(encoded_data)
-      rescue ArgumentError
-        puts "❌ Decryption failed. File is not in valid base64 format."
-        exit(1)
-      end
-      # For GCM mode:
-      # - IV is 12 bytes
-      # - Auth tag is 16 bytes
-      iv_size = 12
-      auth_tag_size = 16
-      # Extract the components
-      iv = data[0...iv_size]
-      auth_tag = data[iv_size...(iv_size + auth_tag_size)]
-      encrypted_data = data[(iv_size + auth_tag_size)..-1]
-      cipher = OpenSSL::Cipher::AES256.new(:GCM)
-      cipher.decrypt
-      cipher.key = OpenSSL::Digest::SHA256.digest(encryption_key)
-      cipher.iv = iv
-      cipher.auth_tag = auth_tag
-      cipher.update(encrypted_data) + cipher.final
-    rescue OpenSSL::Cipher::CipherError
-      puts "❌ Decryption failed. Invalid key, corrupted file, or tampering detected."
-      exit(1)
-    end
-    private
-    attr_reader :encryption_key
-  end
-end

data/lib/dotenvcrypt/manager.rb DELETED Viewed

@@ -1,90 +0,0 @@
-# frozen_string_literal: true
-require 'base64'
-require 'openssl'
-require 'tempfile'
-require 'tty-prompt'
-require 'tty-command'
-require_relative 'encryptor'
-module Dotenvcrypt
-  class Manager
-    # Determine config directory following XDG Base Directory Specification
-    CONFIG_HOME = ENV['XDG_CONFIG_HOME'] || "#{ENV['HOME']}/.config"
-    CONFIG_DIR = "#{CONFIG_HOME}/dotenvcrypt".freeze
-    # Check multiple locations in order of preference
-    ENCRYPTION_KEY_LOCATIONS = [
-      "#{Dir.pwd}/.dotenvcrypt.key",             # Project-specific key (current directory)
-      "#{CONFIG_DIR}/secret.key",                # XDG standard location
-      "#{ENV['HOME']}/.dotenvcrypt.key"          # Legacy location (for backward compatibility)
-    ].freeze
-    def initialize(encryption_key = nil)
-      @encryption_key = encryption_key
-      @encryptor = Encryptor.new(fetch_key)
-    end
-    # Encrypt an existing `.env` file
-    def encrypt_file(unencrypted_file, encrypted_file)
-      unless File.exist?(unencrypted_file)
-        puts "❌ File not found: #{unencrypted_file}"
-        exit(1)
-      end
-      File.open(encrypted_file, 'w') do |f|
-        f.write encryptor.encrypt(File.read(unencrypted_file))
-      end
-      puts "🔒 Encrypted #{unencrypted_file} → #{encrypted_file}"
-    end
-    # Decrypt an encrypted `.env` file and print to stdout
-    def decrypt_file(encrypted_file)
-      puts encryptor.decrypt(File.read(encrypted_file))
-    end
-    # Edit decrypted env, then re-encrypt
-    def edit_file(encrypted_file)
-      temp_file = Tempfile.new('dotenvcrypt')
-      original_content = encryptor.decrypt(File.read(encrypted_file))
-      File.open(temp_file.path, 'w') do |f|
-        f.write original_content
-      end
-      puts "Waiting for file to be saved. Abort with Ctrl-C."
-      system("#{ENV['EDITOR'] || 'vim'} #{temp_file.path}")
-      updated_content = File.read(temp_file.path)
-      if updated_content != original_content
-        File.open(encrypted_file, 'w') do |f|
-          f.write encryptor.encrypt(updated_content)
-        end
-      end
-      puts "🔒 Encrypted and saved #{encrypted_file}"
-    ensure
-      temp_file.unlink if temp_file
-    end
-    private
-    attr_reader :encryption_key, :encryptor
-    # Get encryption key: From CLI arg OR encryption-key file OR securely prompt from stdin
-    def fetch_key
-      return encryption_key if encryption_key && !encryption_key.empty?
-      return ENV['DOTENVCRYPT_KEY'] if ENV['DOTENVCRYPT_KEY'] && !ENV['DOTENVCRYPT_KEY'].empty?
-      ENCRYPTION_KEY_LOCATIONS.each do |key_file|
-        return File.read(key_file).strip if File.exist?(key_file)
-      end
-      TTY::Prompt.new.ask("Enter encryption key:", echo: false)
-    end
-  end
-end