dotgpg 0.4 → 0.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 87111bf33ea3e0cc8590a7157a8a24b0e8c89c7c
-  data.tar.gz: 58317e91ceba614715f2d491bb4933c659704372
+  metadata.gz: 2cd64108df8b8d580aefe29d8e5f51486fac2899
+  data.tar.gz: ee061407adc7a15e53fbfc84d2dcffc233d91a52
 SHA512:
-  metadata.gz: 8110b06e560b447d23c417896bb2870e2ecb02e1c95ec80445a33aeb3e2992a62d1f2551f45f09aadd9a50c256eab26b2db9b8e6056f3c2d31de98657a0f46c8
-  data.tar.gz: 6eef5bfadeaa3881284f294eb4115ed73e0d263f0a796bca39294f55c3964762d17139d4df0e9592b2720519384bf03e2a402b7cc1d1884c1714141d2f3c2b70
+  metadata.gz: a686c103fae37e1254aa9e6318190d6cba68b9d06da510f562a1020e7d13aaa2ec15b322563cb708a790c671dbb5cca5d0a81dc3ee12aafe2ee8659fcf947f98
+  data.tar.gz: 54b912d0a9db5e21ef34b3939a2da4509e9e39ce0872c2e568fcec8ec83fe18924f763b540ed527aca66cfafe2ab7d1aad121267c86e70e1ec9ff020cadf99d7

checksums.yaml.gz.sig

@@ -0,0 +1,2 @@
+5zC�*ʌͭGoFs�6���y^��&��]�DS`t*��w���&��P���������{��3�/�ܸ>�`r��#�_,�L�8i>���M^�E��Ӑ�$�<fh�o��}�j#w�������݁0	�Bۦ���9�w���S�Ŀ3
+s\����� 9մ;��mGl%Q�`��A��x��	�>- ��c
�

data/README.md

@@ -1,13 +1,6 @@
-dotgpg is a tool for backing up and versioning your production secrets securely and easily.
+dotgpg is a tool for backing up and versioning your [production secrets](#deploying) or [shared passwords](#shared-passwords) securely and easily. ([Why?](#why))
 
-Production secrets are things like your cookie encryption keys, database passwords and AWS access keys. All of them have two things in common: your app needs them to runs and no-one else should be able to get to them.
-
-Most people do not look after their production secrets well. If you've got them in your source-code, or unencrypted in Dropbox or Google docs you are betraying your users trust. It's too easy for someone else to get at them.
-
-Dotgpg aims to be as easy to use as your current solution, but with added encryption. It manages a shared directory of GPG-encrypted files that you can check into git or put in Dropbox. When you deploy the secrets to your servers they are decrypted so that your app can boot without intervention.
-
-Getting started
----------------
+## Getting started
 
 If you're a ruby developer, you know the drill. Either `gem install dotgpg` or add `gem "dotgpg"` to your Gemfile.
 
@@ -41,7 +34,7 @@ Passphrase confirmation:
 To create or edit files, just use `dotgpg edit`. I recommend you use the `.gpg` suffix so that other tools know what these files contain.
 
 ```
-$ dotgpg edit production.env.gpg
+$ dotgpg edit production.gpg
 [ opens your $EDITOR ]
 ```
 
@@ -50,7 +43,7 @@ $ dotgpg edit production.env.gpg
 To read encrypted files, `dotgpg cat` them.
 
 ```
-$ dotgpg cat prodution.env.gpg
+$ dotgpg cat prodution.gpg
 GPG passphrase for conrad.irwin@gmail.com:
 ```
 
@@ -87,6 +80,48 @@ leJCaaNJQBbIOj4QOjFWiZ8ATqLH9nkgawSwOV3xp0MWayCJ3MVnibt4CaI=
 -----END PGP PUBLIC KEY BLOCK-----
 ```
 
+## Why
+
+Production secrets are the keys that your app needs to run. For example the session cookie encryption key, or the database password. These are critical to the running of your app, so it's essential to have a backup that is version controlled. Then if anything goes wrong, you can find the previous values and go back to running happily.
+
+Unfortunately it's also essential that your production secrets are kept secret. This means that traditional solutions to storing them, like putting them unenecrypted in git or in a shared google doc or in Dropbox are not sufficiently secure. Anyone who gets access to your source code, or to someone's Dropbox password, gets the keys to the kingdom for free.
+
+Dotgpg aims to be as easy to use as "just store them in git/Dropbox", but because it uses [gpg encryption](#security) is less vulnerable. If someone gets access to your source code, or someone's Google Apps account, they won't be able to get to your production database.
+
+## Deploying
+
+### dotenv
+
+I recommend using [dotenv](https://github.com/bkeepers/dotenv) for production secrets, then storing your production `.env` file as `config/dotgpg/production.gpg` in your web repository (after doing `dotgpg init config/dotgpg`).
+
+You can do this manually with ssh:
+
+```shell
+dotgpg cat config/dotgpg/production.gpg |\
+    ssh host1.example.com 'cat > /apps/website/shared/.env'
+```
+
+Or use Capistrano's `put` helper:
+
+```ruby
+file = `dotgpg cat config/dotgpg/production.gpg`
+put file, "/apps/website/shared/.env"
+```
+
+### Heroku
+
+We store a dump of `heroku config -s` in `dotgpg` with added comments. The dotgpg version is considered the master version, so if we make a mistake configuring Heroku (I've done that before...) we can restore easily.
+
+### Other
+
+You're kind of on your own for now :). Just store secrets in dotgpg and nowhere else, and you'll be fine!
+
+If you've got a setup that you think is common enough, please send a pull request to add docs.
+
+## Shared passwords
+
+You can also use `dotgpg` to share passwords for things that you log into manually with the rest of your team. This works particularly well if you put the `dotgpg` directory into Dropbox so that it syncs magically.
+
 ## Use without ruby
 
 The only person who really needs to use the `dotgpg` executable is the one responsible for adding and removing users from the directory. If you want to use `dotgpg` without requiring everyone to install ruby you can give them these instructions:

data/certs/gem-public_cert.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDcDCCAligAwIBAgIBATANBgkqhkiG9w0BAQUFADA/MQ8wDQYDVQQDDAZjb25y
+YWQxFzAVBgoJkiaJk/IsZAEZFgdidWdzbmFnMRMwEQYKCZImiZPyLGQBGRYDY29t
+MB4XDTE0MDEwNjAwNTgwOFoXDTE1MDEwNjAwNTgwOFowPzEPMA0GA1UEAwwGY29u
+cmFkMRcwFQYKCZImiZPyLGQBGRYHYnVnc25hZzETMBEGCgmSJomT8ixkARkWA2Nv
+bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ8R/LqhyRlJnNyvAYz
+vg6Yo9HEu4rVEdTvenfHJvKB8VKXsn5kr30cJRqR1ZlDiwCbja9iGZGO40ZLVoFZ
+n+RIwyBrp4P+0o8dogD7V/bx4rCM82rxsxvJ90sC0u2k9F564qBgbITIiFSb6Tis
+9f3uiACQxDaNGV438mOvugij4nlbOxRz9YGlrfrHEYZIGUGBW819/+7cPC8sP/AT
+begKdnO9Op6ocH70xFfwveALzVV88uLzcOA4GDMY9kFDjxt7IP5BHvUugOSK2fI9
+QygrFuBBx03rLzsjaXWhGFvO9JBhZgSHpDdxHvVnSuFhx+GtJbKXbGikLtJr1QZ7
+6TsCAwEAAaN3MHUwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFKl9
+0oXcR31RG+RsK0pVFsRGwANGMB0GA1UdEQQWMBSBEmNvbnJhZEBidWdzbmFnLmNv
+bTAdBgNVHRIEFjAUgRJjb25yYWRAYnVnc25hZy5jb20wDQYJKoZIhvcNAQEFBQAD
+ggEBAKzZ9TzlTNo2nhZQukoNsvWSEqamyN0NHdt/0bySRWWruKrNotABsKduzy68
+u72JQsSuKo1UFCkmydiMPgfvB9rihs5e5evMqUzJMV6X83KmPmJJmlFeZtc30+TK
+b09/9meErmiPDAaSn6fI9ByMH3MxejmzaOYNOd46en7ZozE7+TV1Raki7z02mVLf
+GOPiw6pc9L3aCuOiBZpuQ7tvOnz7uC5UJoqQCGw1raH8iRKYA/i/vmm8PGoljEPp
+gLyWHKGlzF8V2keVvIruAi8wnK4W1JPnwyhkpXEt9/opM8rSAwAkXkt9AW2hBQsj
+ADrXAGfMsGRlN0pKG0siBZBhm8c=
+-----END CERTIFICATE-----

data/dotgpg.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |gem|
   gem.name = 'dotgpg'
-  gem.version = '0.4'
+  gem.version = '0.4.1'
 
   gem.summary = 'gpg-encrypted backup for your dotenv files'
   gem.description = "Easy management of gpg-encrypted backup files"
@@ -17,6 +17,9 @@ Gem::Specification.new do |gem|
   gem.add_development_dependency 'pry'
   gem.add_development_dependency 'pry-stack_explorer'
 
+  gem.cert_chain = `git ls-files certs`.split("\n")
+  gem.signing_key = File.expand_path("~/.ssh/dotgpg-private_key.pem")
+
   gem.executables = 'dotgpg'
   gem.files = `git ls-files`.split("\n")
 end

metadata

@@ -1,14 +1,36 @@
 --- !ruby/object:Gem::Specification
 name: dotgpg
 version: !ruby/object:Gem::Version
-  version: '0.4'
+  version: 0.4.1
 platform: ruby
 authors:
 - Conrad Irwin
 autorequire: 
 bindir: bin
-cert_chain: []
-date: 2013-12-24 00:00:00.000000000 Z
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDcDCCAligAwIBAgIBATANBgkqhkiG9w0BAQUFADA/MQ8wDQYDVQQDDAZjb25y
+  YWQxFzAVBgoJkiaJk/IsZAEZFgdidWdzbmFnMRMwEQYKCZImiZPyLGQBGRYDY29t
+  MB4XDTE0MDEwNjAwNTgwOFoXDTE1MDEwNjAwNTgwOFowPzEPMA0GA1UEAwwGY29u
+  cmFkMRcwFQYKCZImiZPyLGQBGRYHYnVnc25hZzETMBEGCgmSJomT8ixkARkWA2Nv
+  bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ8R/LqhyRlJnNyvAYz
+  vg6Yo9HEu4rVEdTvenfHJvKB8VKXsn5kr30cJRqR1ZlDiwCbja9iGZGO40ZLVoFZ
+  n+RIwyBrp4P+0o8dogD7V/bx4rCM82rxsxvJ90sC0u2k9F564qBgbITIiFSb6Tis
+  9f3uiACQxDaNGV438mOvugij4nlbOxRz9YGlrfrHEYZIGUGBW819/+7cPC8sP/AT
+  begKdnO9Op6ocH70xFfwveALzVV88uLzcOA4GDMY9kFDjxt7IP5BHvUugOSK2fI9
+  QygrFuBBx03rLzsjaXWhGFvO9JBhZgSHpDdxHvVnSuFhx+GtJbKXbGikLtJr1QZ7
+  6TsCAwEAAaN3MHUwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFKl9
+  0oXcR31RG+RsK0pVFsRGwANGMB0GA1UdEQQWMBSBEmNvbnJhZEBidWdzbmFnLmNv
+  bTAdBgNVHRIEFjAUgRJjb25yYWRAYnVnc25hZy5jb20wDQYJKoZIhvcNAQEFBQAD
+  ggEBAKzZ9TzlTNo2nhZQukoNsvWSEqamyN0NHdt/0bySRWWruKrNotABsKduzy68
+  u72JQsSuKo1UFCkmydiMPgfvB9rihs5e5evMqUzJMV6X83KmPmJJmlFeZtc30+TK
+  b09/9meErmiPDAaSn6fI9ByMH3MxejmzaOYNOd46en7ZozE7+TV1Raki7z02mVLf
+  GOPiw6pc9L3aCuOiBZpuQ7tvOnz7uC5UJoqQCGw1raH8iRKYA/i/vmm8PGoljEPp
+  gLyWHKGlzF8V2keVvIruAi8wnK4W1JPnwyhkpXEt9/opM8rSAwAkXkt9AW2hBQsj
+  ADrXAGfMsGRlN0pKG0siBZBhm8c=
+  -----END CERTIFICATE-----
+date: 2014-01-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -80,6 +102,7 @@ files:
 - README.md
 - Rakefile
 - bin/dotgpg
+- certs/gem-public_cert.pem
 - dotgpg.gemspec
 - lib/dotgpg.rb
 - lib/dotgpg/cli.rb

metadata.gz.sig

@@ -0,0 +1,2 @@
+��r�b
6;�xJ��Z�W���
+�}�