encrypt_data_bag 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +0 -1
- data/README.md +9 -0
- data/Rakefile +7 -0
- data/bin/encrypt_data_bag +8 -1
- data/lib/encrypt_data_bag.rb +10 -6
- data/lib/encrypt_data_bag/version.rb +1 -1
- data/test/assets/data_bags/aws/development.json +27 -0
- data/test/assets/data_bags/aws/production.json +3 -3
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f8ea87eabfbbcff5517623ea56a6531ffbadab0a
|
4
|
+
data.tar.gz: 1590c1490522c18848ae23bd6a5e206b72df867b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 76bcdb3446508045873fa850e9bb5f1e86ae96cf1fbd19d5bd40ddc7c5975b9235645b2419fc4a692f013b743aea729ceaaad78e08adb532d2e5d1f5371d12c0
|
7
|
+
data.tar.gz: 6b000d0da70a970903d85753f05e10b1915e9ea11258d932939bd955c5af2ee87adcdf437307cd7dd93c074226f8ab1322776c92b4007de117a1ba1778b7df9a
|
data/.travis.yml
CHANGED
data/README.md
CHANGED
@@ -9,6 +9,15 @@ $ gem install encrypt_data_bag
|
|
9
9
|
## Usage
|
10
10
|
|
11
11
|
```
|
12
|
+
$ encrypt_data_bag -h
|
13
|
+
Usage: encrypt_data_bag [options]
|
14
|
+
-h, --help Display this message
|
15
|
+
-v, --version Display version
|
16
|
+
-s, --secret-file FILE Secret key FILE
|
17
|
+
-i, --input-file FILE Input FILE (plain-text data bag item)
|
18
|
+
-o, --output-file FILE Output FILE (encrypted data bag item)
|
19
|
+
-d, --decrypt Decrypt the data bag item
|
20
|
+
|
12
21
|
$ encrypt_data_bag -s ~/.chef/encrypted_data_bag_secret -i plain_text_item.rb -o encrypted_item.json
|
13
22
|
```
|
14
23
|
|
data/Rakefile
CHANGED
@@ -16,6 +16,13 @@ task :test do
|
|
16
16
|
system(command.join(" "))
|
17
17
|
puts IO.read("test/tmp/staging.json")
|
18
18
|
puts IO.read("test/tmp/production.rb")
|
19
|
+
command = ["bundle exec ./bin/encrypt_data_bag"]
|
20
|
+
command << "-s test/assets/encrypted_data_bag_secret"
|
21
|
+
command << "-i test/assets/data_bags/aws/development.json"
|
22
|
+
command << "-o test/tmp/development.rb"
|
23
|
+
command << "-d"
|
24
|
+
system(command.join(" "))
|
25
|
+
puts IO.read("test/tmp/development.rb")
|
19
26
|
end
|
20
27
|
|
21
28
|
task :default => :test
|
data/bin/encrypt_data_bag
CHANGED
@@ -24,10 +24,17 @@ OptionParser.new { |options|
|
|
24
24
|
options.on("-o", "--output-file FILE", "Output FILE (encrypted data bag item)") do |file|
|
25
25
|
config[:output_file] = file
|
26
26
|
end
|
27
|
+
options.on("-d", "--decrypt", "Decrypt the data bag item") do
|
28
|
+
config[:decrypt] = true
|
29
|
+
end
|
27
30
|
}.parse!
|
28
31
|
|
29
32
|
raise "You must provide a Secret key FILE (-s)" unless config[:secret_file]
|
30
33
|
raise "You must provide an input FILE (-i)" unless config[:input_file]
|
31
34
|
raise "You must provide an output FILE (-o)" unless config[:output_file]
|
32
35
|
|
33
|
-
EncryptDataBag.from_file(
|
36
|
+
EncryptDataBag.from_file(
|
37
|
+
config[:secret_file],
|
38
|
+
config[:input_file],
|
39
|
+
config[:output_file],
|
40
|
+
:decrypt => config[:decrypt])
|
data/lib/encrypt_data_bag.rb
CHANGED
@@ -7,17 +7,21 @@ module EncryptDataBag
|
|
7
7
|
File.extname(file) == ".json"
|
8
8
|
end
|
9
9
|
|
10
|
-
def from_file(secret_file, input_file, output_file)
|
10
|
+
def from_file(secret_file, input_file, output_file, options={})
|
11
11
|
secret = Chef::EncryptedDataBagItem.load_secret(secret_file)
|
12
|
-
|
13
|
-
item = is_json_file?(input_file) ? JSON.parse(
|
12
|
+
input = IO.read(input_file)
|
13
|
+
item = is_json_file?(input_file) ? JSON.parse(input) : eval(input)
|
14
14
|
item = Hash[item.map { |k, v| [k.to_s, v] }]
|
15
|
-
|
15
|
+
output = if options[:decrypt]
|
16
|
+
Chef::EncryptedDataBagItem.new(item, secret).to_hash
|
17
|
+
else
|
18
|
+
Chef::EncryptedDataBagItem.encrypt_data_bag_item(item, secret)
|
19
|
+
end
|
16
20
|
File.open(output_file, "w") do |file|
|
17
21
|
if is_json_file?(output_file)
|
18
|
-
file.print(JSON.pretty_generate(
|
22
|
+
file.print(JSON.pretty_generate(output))
|
19
23
|
else
|
20
|
-
file.write(
|
24
|
+
file.write(output.pretty_inspect)
|
21
25
|
end
|
22
26
|
end
|
23
27
|
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
{
|
2
|
+
"id": "development",
|
3
|
+
"aws_access_key_id": {
|
4
|
+
"encrypted_data": "OrX9/3urkoVg90nNBKZo9Yli/L62xugOcnZBUeWmHAY=\n",
|
5
|
+
"iv": "0PkVPxoHU8ABsyvb7LL5gw==\n",
|
6
|
+
"version": 1,
|
7
|
+
"cipher": "aes-256-cbc"
|
8
|
+
},
|
9
|
+
"aws_secret_access_key": {
|
10
|
+
"encrypted_data": "iFG6wvUEwQAH5cSNdXolHwWZac4yt3iyDrIuIq20QlA=\n",
|
11
|
+
"iv": "y5VDMAh6+XZMBR/tnr8kqQ==\n",
|
12
|
+
"version": 1,
|
13
|
+
"cipher": "aes-256-cbc"
|
14
|
+
},
|
15
|
+
"aws_x509_certificate": {
|
16
|
+
"encrypted_data": "8wkLFODJV6CLMnS3hS0H75I4nEAM3PkVtfG/LIUS9NI=\n",
|
17
|
+
"iv": "tOa9uKSYSf71Okh6Jipeew==\n",
|
18
|
+
"version": 1,
|
19
|
+
"cipher": "aes-256-cbc"
|
20
|
+
},
|
21
|
+
"aws_private_key": {
|
22
|
+
"encrypted_data": "xn9dVwhYGpk7C4sc7LmVBR6O1HZwlpr2gv6UUtFkpoQ=\n",
|
23
|
+
"iv": "T5Fp7pTJSrlftmauY6Baeg==\n",
|
24
|
+
"version": 1,
|
25
|
+
"cipher": "aes-256-cbc"
|
26
|
+
}
|
27
|
+
}
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: encrypt_data_bag
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sean Porter
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-01-
|
11
|
+
date: 2014-01-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: chef
|
@@ -72,6 +72,7 @@ files:
|
|
72
72
|
- lib/encrypt_data_bag/version.rb
|
73
73
|
- test/assets/aws_private_key.pem
|
74
74
|
- test/assets/aws_x509_certificate.crt
|
75
|
+
- test/assets/data_bags/aws/development.json
|
75
76
|
- test/assets/data_bags/aws/production.json
|
76
77
|
- test/assets/data_bags/aws/staging.rb
|
77
78
|
- test/assets/encrypted_data_bag_secret
|
@@ -103,6 +104,7 @@ summary: CLI tool for encrypting Chef data bag items
|
|
103
104
|
test_files:
|
104
105
|
- test/assets/aws_private_key.pem
|
105
106
|
- test/assets/aws_x509_certificate.crt
|
107
|
+
- test/assets/data_bags/aws/development.json
|
106
108
|
- test/assets/data_bags/aws/production.json
|
107
109
|
- test/assets/data_bags/aws/staging.rb
|
108
110
|
- test/assets/encrypted_data_bag_secret
|