encrypt_data_bag 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (16) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +17 -0
  3. data/Gemfile +4 -0
  4. data/LICENSE.txt +22 -0
  5. data/README.md +19 -0
  6. data/Rakefile +21 -0
  7. data/bin/encrypt_data_bag +33 -0
  8. data/encrypt_data_bag.gemspec +25 -0
  9. data/lib/encrypt_data_bag.rb +24 -0
  10. data/lib/encrypt_data_bag/version.rb +3 -0
  11. data/test/assets/aws_private_key.pem +1 -0
  12. data/test/assets/aws_x509_certificate.crt +1 -0
  13. data/test/assets/data_bags/aws/production.json +7 -0
  14. data/test/assets/data_bags/aws/staging.rb +7 -0
  15. data/test/assets/encrypted_data_bag_secret +1 -0
  16. metadata +108 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 581fd50260f2e855664e1b3419c608cfd4dec7e4
4
+ data.tar.gz: 0cf25149d77aa69c70b4f797b4b3bc9c5bb448fb
5
+ SHA512:
6
+ metadata.gz: e9354b859e9c79e312d75211eaa76dbb01a113f54d59d3a6b866ee8f64de92444ce4355e5834271c44b3e1e9316b042f27d3f7b3de53e66a82dd4400a35380b3
7
+ data.tar.gz: a478fe74ffd77d0972d3d80f4cc9dbfdd3fed0d3118017a31c4ecbc648c463a0bd152633565bc973fcd76039144f12db1e3862a896a9d57f225a69598028b627
data/.gitignore ADDED
@@ -0,0 +1,17 @@
1
+ *.gem
2
+ *.rbc
3
+ .bundle
4
+ .config
5
+ .yardoc
6
+ Gemfile.lock
7
+ InstalledFiles
8
+ _yardoc
9
+ coverage
10
+ doc/
11
+ lib/bundler/man
12
+ pkg
13
+ rdoc
14
+ spec/reports
15
+ test/tmp
16
+ test/version_tmp
17
+ tmp
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in encrypt_data_bag.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2014 Sean Porter
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,19 @@
1
+ ## Installation
2
+
3
+ ```
4
+ $ gem install encrypt_data_bag
5
+ ```
6
+
7
+ ## Usage
8
+
9
+ ```
10
+ $ encrypt_data_bag -s ~/.chef/encrypted_data_bag_secret -i plain_text_item.rb -o encrypted_item.json
11
+ ```
12
+
13
+ ## Contributing
14
+
15
+ 1. Fork it ( http://github.com/<my-github-username>/encrypt_data_bag/fork )
16
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
17
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
18
+ 4. Push to the branch (`git push origin my-new-feature`)
19
+ 5. Create new Pull Request
data/Rakefile ADDED
@@ -0,0 +1,21 @@
1
+ require "bundler/gem_tasks"
2
+ require "fileutils"
3
+
4
+ task :test do
5
+ FileUtils.rm_f(Dir.glob("test/tmp/*.{rb,json}"))
6
+ timestamp = Time.now.to_i
7
+ command = ["bundle exec ./bin/encrypt_data_bag"]
8
+ command << "-s test/assets/encrypted_data_bag_secret"
9
+ command << "-i test/assets/data_bags/aws/staging.rb"
10
+ command << "-o test/tmp/staging.json"
11
+ system(command.join(" "))
12
+ command = ["bundle exec ./bin/encrypt_data_bag"]
13
+ command << "-s test/assets/encrypted_data_bag_secret"
14
+ command << "-i test/assets/data_bags/aws/production.json"
15
+ command << "-o test/tmp/production.rb"
16
+ system(command.join(" "))
17
+ puts IO.read("test/tmp/staging.json")
18
+ puts IO.read("test/tmp/production.rb")
19
+ end
20
+
21
+ task :default => :test
data/bin/encrypt_data_bag ADDED
@@ -0,0 +1,33 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "rubygems"
4
+ require "optparse"
5
+ require "encrypt_data_bag"
6
+
7
+ config = Hash.new
8
+
9
+ OptionParser.new { |options|
10
+ options.on("-h", "--help", "Display this message") do
11
+ puts options
12
+ exit
13
+ end
14
+ options.on("-v", "--version", "Display version") do
15
+ puts EncryptDataBag::VERSION
16
+ exit
17
+ end
18
+ options.on("-s", "--secret-file FILE", "Secret key FILE") do |file|
19
+ config[:secret_file] = file
20
+ end
21
+ options.on("-i", "--input-file FILE", "Input FILE (plain-text data bag item)") do |file|
22
+ config[:input_file] = file
23
+ end
24
+ options.on("-o", "--output-file FILE", "Output FILE (encrypted data bag item)") do |file|
25
+ config[:output_file] = file
26
+ end
27
+ }.parse!
28
+
29
+ raise "You must provide a Secret key FILE (-s)" unless config[:secret_file]
30
+ raise "You must provide an input FILE (-i)" unless config[:input_file]
31
+ raise "You must provide an output FILE (-o)" unless config[:output_file]
32
+
33
+ EncryptDataBag.from_file(config[:secret_file], config[:input_file], config[:output_file])
data/encrypt_data_bag.gemspec ADDED
@@ -0,0 +1,25 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'encrypt_data_bag/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "encrypt_data_bag"
8
+ spec.version = EncryptDataBag::VERSION
9
+ spec.authors = ["Sean Porter"]
10
+ spec.email = ["portertech@gmail.com"]
11
+ spec.summary = "CLI tool for encrypting Chef data bag items"
12
+ spec.description = "CLI tool for encrypting Chef data bag items"
13
+ spec.homepage = "https://github.com/portertech/encrypt_data_bag"
14
+ spec.license = "MIT"
15
+
16
+ spec.files = `git ls-files`.split($/)
17
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
18
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
19
+ spec.require_paths = ["lib"]
20
+
21
+ spec.add_dependency "chef"
22
+
23
+ spec.add_development_dependency "bundler"
24
+ spec.add_development_dependency "rake"
25
+ end
data/lib/encrypt_data_bag.rb ADDED
@@ -0,0 +1,24 @@
1
+ require "encrypt_data_bag/version"
2
+ require "chef/encrypted_data_bag_item"
3
+
4
+ module EncryptDataBag
5
+ class << self
6
+ def is_json_file?(file)
7
+ File.extname(file) == ".json"
8
+ end
9
+
10
+ def from_file(secret_file, input_file, output_file)
11
+ secret = Chef::EncryptedDataBagItem.load_secret(secret_file)
12
+ raw_item = IO.read(input_file)
13
+ item = is_json_file?(input_file) ? JSON.parse(raw_item) : eval(raw_item)
14
+ encrypted_item = Chef::EncryptedDataBagItem.encrypt_data_bag_item(item, secret)
15
+ File.open(output_file, "w") do |file|
16
+ if is_json_file?(output_file)
17
+ file.print(JSON.pretty_generate(encrypted_item))
18
+ else
19
+ file.write(encrypted_item.pretty_inspect)
20
+ end
21
+ end
22
+ end
23
+ end
24
+ end
data/lib/encrypt_data_bag/version.rb ADDED
@@ -0,0 +1,3 @@
1
+ module EncryptDataBag
2
+ VERSION = "0.0.1"
3
+ end
data/test/assets/aws_private_key.pem ADDED
@@ -0,0 +1 @@
1
+ bar
data/test/assets/data_bags/aws/production.json ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "id": "staging",
3
+ "aws_access_key_id": "foo",
4
+ "aws_secret_access_key": "bar",
5
+ "aws_x509_certificate": "foo",
6
+ "aws_private_key": "bar"
7
+ }
data/test/assets/data_bags/aws/staging.rb ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ :id => "staging",
3
+ :aws_access_key_id => "foo",
4
+ :aws_secret_access_key => "bar",
5
+ :aws_x509_certificate => IO.read("test/assets/aws_x509_certificate.crt"),
6
+ :aws_private_key => IO.read("test/assets/aws_private_key.pem")
7
+ }
data/test/assets/encrypted_data_bag_secret ADDED
@@ -0,0 +1 @@
1
+ om3aNcptW0TEz5vYK3K7lN7p691En0SDImfPB7MvjkoBlubhyCTWvvPcdxOjXvrHu3s2uOp0RBPhpvFOur9VlWgnpbnLtRRJeaJ2252SsVEEvhDiV6C4tmUJB0JVYeHMKvZvgZrgvDGlSGBbLUF1qEOzqky8d9q+7ScDh4NB6NXxqsIbFVIEzQpQbxbNNFOmN0hGEOWLnzX5KIAr1kg3AMqo+5+ABzLOOs3E1XNqifd3eEKSY8Ar9HhJ6c2gbg1qSRrAZ7rE7Gl0xfKLz4CuTHGDFPQnN1+3nYHkHlAUPIlmJ554YrT3nHcfut+9tqJPQiMB/mu23zk5+gpsYAKgN70jodkS2VwbL54xNKDU6C4Q63+SXTUot2Jtr038oH2pH6lJ8m5If0JeGsM8buuxTjWtvEeJRwTqdxkfeGoySyYYqyVBxrFi27myJ19kO0TOArksxb2nyxBOhz26g4VQx1Q51C/Xlq7oX4x09MFesLl++LxIeCccNV1+enb6B8DtQ4daxCopVs4r+cBVmTATfuqA34Zi3dt67TsArfyvzDoMj+yciNgVKOuV46aajK8H8d/aTIDGMqBN5IbtoOIr3dJcXiasOEUYRdl4CM5eeoxSA5L57boLYTsTndzrV2l2m8PNd0KbHKF0GlRbFWSQK4egZ9aD7oKgLt87LdNIdFc=
metadata ADDED
@@ -0,0 +1,108 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: encrypt_data_bag
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Sean Porter
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2014-01-15 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: chef
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ description: CLI tool for encrypting Chef data bag items
56
+ email:
57
+ - portertech@gmail.com
58
+ executables:
59
+ - encrypt_data_bag
60
+ extensions: []
61
+ extra_rdoc_files: []
62
+ files:
63
+ - ".gitignore"
64
+ - Gemfile
65
+ - LICENSE.txt
66
+ - README.md
67
+ - Rakefile
68
+ - bin/encrypt_data_bag
69
+ - encrypt_data_bag.gemspec
70
+ - lib/encrypt_data_bag.rb
71
+ - lib/encrypt_data_bag/version.rb
72
+ - test/assets/aws_private_key.pem
73
+ - test/assets/aws_x509_certificate.crt
74
+ - test/assets/data_bags/aws/production.json
75
+ - test/assets/data_bags/aws/staging.rb
76
+ - test/assets/encrypted_data_bag_secret
77
+ - test/tmp/.gitkeep
78
+ homepage: https://github.com/portertech/encrypt_data_bag
79
+ licenses:
80
+ - MIT
81
+ metadata: {}
82
+ post_install_message:
83
+ rdoc_options: []
84
+ require_paths:
85
+ - lib
86
+ required_ruby_version: !ruby/object:Gem::Requirement
87
+ requirements:
88
+ - - ">="
89
+ - !ruby/object:Gem::Version
90
+ version: '0'
91
+ required_rubygems_version: !ruby/object:Gem::Requirement
92
+ requirements:
93
+ - - ">="
94
+ - !ruby/object:Gem::Version
95
+ version: '0'
96
+ requirements: []
97
+ rubyforge_project:
98
+ rubygems_version: 2.2.0
99
+ signing_key:
100
+ specification_version: 4
101
+ summary: CLI tool for encrypting Chef data bag items
102
+ test_files:
103
+ - test/assets/aws_private_key.pem
104
+ - test/assets/aws_x509_certificate.crt
105
+ - test/assets/data_bags/aws/production.json
106
+ - test/assets/data_bags/aws/staging.rb
107
+ - test/assets/encrypted_data_bag_secret
108
+ - test/tmp/.gitkeep