RubyGems - ejson - Versions diffs - 0.2.2 → 0.3.0 - Mend

ejson 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 45c8c29f86387553314be3e8738a55173944bdf1
-  data.tar.gz: 3353be24350564b401c3cfc631bd09d7ab98d1d1
+  metadata.gz: 9e7a3d4927ceae8e72ece8df8749391e2620d683
+  data.tar.gz: d3f5c4b1c24e2d73cde70f136f3a64c6ed0abb18
 SHA512:
-  metadata.gz: 52504a192b550a1d4391617b5695a87f14e974299db5760cb845f14612b36faf54e2087b0184ce7cf3556a7c5ec1d2d75ad569cc6ea18cc501c70b8a26d3145c
-  data.tar.gz: bb65c77a6500b0d550337e51fe7af6704c9c6c81b022e86dee2e968706100318427aea9f872895d0efc328bc38d4c3364299f1e496a8ddbce597dfbe2cd88904
+  metadata.gz: 8925b554189010a94fe8760c184c92ab3ab72771ef3cd217192f9a04067f4a650e086d3d3e9ed77c83e21f20ceb34fc63ef52d05965982e747706e3c72c7f490
+  data.tar.gz: 7b14d361b4e9b0398208205de262d9c360aeb82a6828e8e324ec0322258b18a2a3cb1a05544425c70d13f758c5ac421f2e3f6561e5903b95615efbc19339b391

data/LICENSE.txt CHANGED Viewed

@@ -1,4 +1,4 @@
-Copyright (c) 2014 Burke Libbey
+Copyright (c) 2014 Shopify
 MIT License

data/README.md CHANGED Viewed

@@ -24,13 +24,21 @@ It can be arbitrarily nested.
 This updates `config/secrets.ejson` in place, encrypting any newly-added or
 modified values that are not yet encrypted. `ejson` is short-hand for `ejson encrypt`.
+By default, it uses a public key that you won't be able to decrypt (and
+shouldn't use because we *can* decrypt it!). You can use your own by following
+the "Custom keypair" directions below. Feel free to fork the gem to reference
+your own keypair by default.
 #### 3) Decrypt the file:
      ejson decrypt -k ~/.keys/ejson.priv.pem -p config/ejson.pub.pem secrets.production.ejson > secrets.production.json
+     # OR
+     ejson decrypt -i -k ~/.keys/ejson.priv.pem -p config/ejson.pub.pem secrets.production.ejson
 Unlike encrypt, decrypt doesn't update the file in-place; it prints the
 decrypted contents to stdout. It also requires access to the private key
-created in step 1.
+created in step 1. By default, the secrets will be decrypted to stdout,
+but passing the `-i` flag causes them to be overwritten to the input file.
 #### See `ejson help` for more information.
@@ -39,16 +47,15 @@ created in step 1.
 We use a single keypair internally; the default public key is fetched from S3
 on each run. However, you can generate your own keypair like so:
-    mkdir config && cd config
     openssl req -x509 -nodes -days 100000 -newkey rsa:2048 -keyout privatekey.pem -out publickey.pem -subj '/'
 `publickey.pem` and `privatekey.pem` are created. Move `privatekey.pem`
-somewhere more secure.
-    mkdir -p ~/.keys
-    mv config/privatekey.pem ~/.keys/ejson.pem
+somewhere more private, and move `publickey.pem` somewhere more public.
 Then you can encrypt like:
-    ejson encrypt -p config/publickey.pem secrets.ejson
+    ejson encrypt -p publickey.pem secrets.ejson
+If you'd like to fork the gem to reference your own public key, that
+information lives around line 10 of `lib/ejson/cli.rb`.

data/ejson.gemspec CHANGED Viewed

@@ -5,7 +5,7 @@ require 'ejson/version'
 Gem::Specification.new do |spec|
   spec.name          = "ejson"
-  spec.version       = Ejson::VERSION
+  spec.version       = EJSON::VERSION
   spec.authors       = ["Burke Libbey"]
   spec.email         = ["burke.libbey@shopify.com"]
   spec.summary       = %q{Asymmetric keywise encryption for JSON}
@@ -19,4 +19,5 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
   spec.add_runtime_dependency "thor", "~> 0.18"
+  spec.add_development_dependency "rake", "~> 10.3.2"
 end

data/lib/ejson.rb CHANGED Viewed

@@ -6,8 +6,8 @@ class EJSON
   extend Forwardable
   def_delegators :@encryption, :load_string, :dump_string
-  def initialize(public_key_file, private_key_file = nil)
-    @encryption = Encryption.new(public_key_file, private_key_file)
+  def initialize(public_key, private_key = nil)
+    @encryption = Encryption.new(public_key, private_key)
   end
   def load(json_text)

data/lib/ejson/cli.rb CHANGED Viewed

@@ -12,10 +12,17 @@ class EJSON
     default_task :encrypt
     desc "decrypt [file]", "decrypt some data from file to stdout"
+    method_option :inplace, type: :boolean, default: false, aliases: "-i", desc: "Overwrite input file rather than dumping to stdout"
     def decrypt(file)
       ciphertext = File.read(file)
       ej = EJSON.new(pubkey, options[:privkey])
-      puts JSON.pretty_generate(ej.load(ciphertext).decrypt_all)
+      output = JSON.pretty_generate(ej.load(ciphertext).decrypt_all)
+      if options[:inplace]
+        File.open(file, "w") { |f| f.puts output }
+        puts "Wrote #{output.size} bytes to #{file}"
+      else
+        puts output
+      end
     rescue EJSON::Encryption::PrivateKeyMissing => e
       fatal("can't decrypt data without private key (specify path with -k)", e)
     rescue EJSON::Encryption::ExpectedEncryptedString => e
@@ -41,6 +48,7 @@ class EJSON
     desc "version", "show version information"
     def version
+      require 'ejson/version'
       puts "ejson version #{EJSON::VERSION}"
     end

data/lib/ejson/encryption.rb CHANGED Viewed

@@ -7,10 +7,10 @@ class EJSON
     PrivateKeyMissing = Class.new(StandardError)
     ExpectedEncryptedString = Class.new(StandardError)
-    def initialize(public_key_file, private_key_file)
-      @public_key_x509 = load_public_key(public_key_file)
-      if private_key_file
-        @private_key_rsa = load_private_key(private_key_file)
+    def initialize(public_key, private_key)
+      @public_key_x509 = load_public_key(public_key)
+      if private_key
+        @private_key_rsa = load_private_key(private_key)
       end
     end
@@ -47,15 +47,16 @@ class EJSON
       pkcs7.decrypt(@private_key_rsa, @public_key_x509)
     end
-    def load_public_key(public_key_file)
-      public_key_pem = File.read(public_key_file)
-      OpenSSL::X509::Certificate.new(public_key_pem)
+    def load_public_key(public_key)
+      OpenSSL::X509::Certificate.new(get_pem(public_key))
     end
-    def load_private_key(private_key_file)
-      private_key_pem = File.read(private_key_file)
-      OpenSSL::PKey::RSA.new(private_key_pem)
+    def load_private_key(private_key)
+      OpenSSL::PKey::RSA.new(get_pem(private_key))
     end
+    def get_pem(string)
+      string =~ /^-----BEGIN/ ? string : File.read(string)
+    end
   end
 end

data/lib/ejson/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
-class Ejson
-  VERSION = "0.2.2"
+class EJSON
+  VERSION = "0.3.0"
 end

data/test/ejson_test.rb CHANGED Viewed

@@ -6,7 +6,7 @@ require 'ejson/cli'
 class CLITest < Minitest::Unit::TestCase
   def test_ejson
-    f = Tempfile.create("encrypt")
+    f = Tempfile.new("encrypt")
     f.puts JSON.dump({a: "b"})
     f.close
@@ -33,8 +33,25 @@ class CLITest < Minitest::Unit::TestCase
     File.unlink(f.path)
   end
+  def test_inplace
+    f = Tempfile.new("encrypt")
+    f.puts JSON.dump({a: "b"})
+    f.close
+    runcli "encrypt", "-p", pubkey, f.path
+    encrypted = JSON.load(File.read(f.path))
+    assert_match(/\AENC\[MIIB.*\]\z/, encrypted["a"])
+    runcli "decrypt", "-i", "-p", pubkey, "-k", privkey, f.path
+    decrypted = JSON.load(File.read(f.path))
+    refute_match(/\AENC\[MIIB.*\]\z/, decrypted["a"])
+  ensure
+    File.unlink(f.path)
+  end
   def test_default_key_exists
-    f = Tempfile.create("encrypt")
+    f = Tempfile.new("encrypt")
     f.puts JSON.dump({a: "b"})
     f.close
@@ -50,7 +67,7 @@ class CLITest < Minitest::Unit::TestCase
   end
   def test_library_is_picky
-    f = Tempfile.create("decrypt")
+    f = Tempfile.new("decrypt")
     f.puts JSON.dump({a: "b"})
     f.close
     assert_raises(EJSON::Encryption::ExpectedEncryptedString) {
@@ -60,6 +77,16 @@ class CLITest < Minitest::Unit::TestCase
     File.unlink(f.path)
   end
+  def test_key_strings
+    public_key = File.read(pubkey)
+    private_key = File.read(privkey)
+    @enc = EJSON::Encryption.new(public_key, private_key)
+    assert_equal public_key, @enc.instance_variable_get(:@public_key_x509).to_s
+    assert_equal private_key, @enc.instance_variable_get(:@private_key_rsa).to_s
+  end
   private
   def encrypt(path)

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ejson
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.3.0
 platform: ruby
 authors:
 - Burke Libbey
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-04-15 00:00:00.000000000 Z
+date: 2014-07-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -24,6 +24,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.18'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 10.3.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 10.3.2
 description: Secret management by encrypting values in a JSON hash with a public/private
   keypair
 email:
@@ -67,7 +81,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.2.0
+rubygems_version: 2.2.2
 signing_key:
 specification_version: 4
 summary: Asymmetric keywise encryption for JSON
@@ -75,4 +89,3 @@ test_files:
 - test/ejson_test.rb
 - test/privatekey.pem
 - test/publickey.pem
-has_rdoc: