encrypt_data_bag 1.0.0 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +0 -1
  3. data/README.md +9 -0
  4. data/Rakefile +7 -0
  5. data/bin/encrypt_data_bag +8 -1
  6. data/lib/encrypt_data_bag.rb +10 -6
  7. data/lib/encrypt_data_bag/version.rb +1 -1
  8. data/test/assets/data_bags/aws/development.json +27 -0
  9. data/test/assets/data_bags/aws/production.json +3 -3
  10. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 413b98798a8cb500fbbfa811231d594e91bc3eb5
4
- data.tar.gz: d0c6ea4d7f7a59cdec437e70a77c74c30d3dd071
3
+ metadata.gz: f8ea87eabfbbcff5517623ea56a6531ffbadab0a
4
+ data.tar.gz: 1590c1490522c18848ae23bd6a5e206b72df867b
5
5
  SHA512:
6
- metadata.gz: c327d46a71e83f0eedda9b6cc90f2c3d738f013a2330003e5c3f93840bdabfd1dcf933503f9e70c20c0b664ac7ac6d7917e988c970dbeb31bb3e1a78eec441ef
7
- data.tar.gz: fc5f24df1ac67f5cffcc70aa977dbe4a67f2cc18099c387c449d3ca17325ffcfe98e3ba3fbba8409fc79922e706d42a76d899d0eeaba0ff36e0fc9749ed6ef92
6
+ metadata.gz: 76bcdb3446508045873fa850e9bb5f1e86ae96cf1fbd19d5bd40ddc7c5975b9235645b2419fc4a692f013b743aea729ceaaad78e08adb532d2e5d1f5371d12c0
7
+ data.tar.gz: 6b000d0da70a970903d85753f05e10b1915e9ea11258d932939bd955c5af2ee87adcdf437307cd7dd93c074226f8ab1322776c92b4007de117a1ba1778b7df9a
data/.travis.yml CHANGED
@@ -1,6 +1,5 @@
1
1
  language: ruby
2
2
  rvm:
3
- - 1.8.7
4
3
  - 1.9.2
5
4
  - 1.9.3
6
5
  - 2.0.0
data/README.md CHANGED
@@ -9,6 +9,15 @@ $ gem install encrypt_data_bag
9
9
  ## Usage
10
10
 
11
11
  ```
12
+ $ encrypt_data_bag -h
13
+ Usage: encrypt_data_bag [options]
14
+ -h, --help Display this message
15
+ -v, --version Display version
16
+ -s, --secret-file FILE Secret key FILE
17
+ -i, --input-file FILE Input FILE (plain-text data bag item)
18
+ -o, --output-file FILE Output FILE (encrypted data bag item)
19
+ -d, --decrypt Decrypt the data bag item
20
+
12
21
  $ encrypt_data_bag -s ~/.chef/encrypted_data_bag_secret -i plain_text_item.rb -o encrypted_item.json
13
22
  ```
14
23
 
data/Rakefile CHANGED
@@ -16,6 +16,13 @@ task :test do
16
16
  system(command.join(" "))
17
17
  puts IO.read("test/tmp/staging.json")
18
18
  puts IO.read("test/tmp/production.rb")
19
+ command = ["bundle exec ./bin/encrypt_data_bag"]
20
+ command << "-s test/assets/encrypted_data_bag_secret"
21
+ command << "-i test/assets/data_bags/aws/development.json"
22
+ command << "-o test/tmp/development.rb"
23
+ command << "-d"
24
+ system(command.join(" "))
25
+ puts IO.read("test/tmp/development.rb")
19
26
  end
20
27
 
21
28
  task :default => :test
data/bin/encrypt_data_bag CHANGED
@@ -24,10 +24,17 @@ OptionParser.new { |options|
24
24
  options.on("-o", "--output-file FILE", "Output FILE (encrypted data bag item)") do |file|
25
25
  config[:output_file] = file
26
26
  end
27
+ options.on("-d", "--decrypt", "Decrypt the data bag item") do
28
+ config[:decrypt] = true
29
+ end
27
30
  }.parse!
28
31
 
29
32
  raise "You must provide a Secret key FILE (-s)" unless config[:secret_file]
30
33
  raise "You must provide an input FILE (-i)" unless config[:input_file]
31
34
  raise "You must provide an output FILE (-o)" unless config[:output_file]
32
35
 
33
- EncryptDataBag.from_file(config[:secret_file], config[:input_file], config[:output_file])
36
+ EncryptDataBag.from_file(
37
+ config[:secret_file],
38
+ config[:input_file],
39
+ config[:output_file],
40
+ :decrypt => config[:decrypt])
data/lib/encrypt_data_bag.rb CHANGED
@@ -7,17 +7,21 @@ module EncryptDataBag
7
7
  File.extname(file) == ".json"
8
8
  end
9
9
 
10
- def from_file(secret_file, input_file, output_file)
10
+ def from_file(secret_file, input_file, output_file, options={})
11
11
  secret = Chef::EncryptedDataBagItem.load_secret(secret_file)
12
- raw_item = IO.read(input_file)
13
- item = is_json_file?(input_file) ? JSON.parse(raw_item) : eval(raw_item)
12
+ input = IO.read(input_file)
13
+ item = is_json_file?(input_file) ? JSON.parse(input) : eval(input)
14
14
  item = Hash[item.map { |k, v| [k.to_s, v] }]
15
- encrypted_item = Chef::EncryptedDataBagItem.encrypt_data_bag_item(item, secret)
15
+ output = if options[:decrypt]
16
+ Chef::EncryptedDataBagItem.new(item, secret).to_hash
17
+ else
18
+ Chef::EncryptedDataBagItem.encrypt_data_bag_item(item, secret)
19
+ end
16
20
  File.open(output_file, "w") do |file|
17
21
  if is_json_file?(output_file)
18
- file.print(JSON.pretty_generate(encrypted_item))
22
+ file.print(JSON.pretty_generate(output))
19
23
  else
20
- file.write(encrypted_item.pretty_inspect)
24
+ file.write(output.pretty_inspect)
21
25
  end
22
26
  end
23
27
  end
data/lib/encrypt_data_bag/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module EncryptDataBag
2
- VERSION = "1.0.0"
2
+ VERSION = "1.1.0"
3
3
  end
data/test/assets/data_bags/aws/development.json ADDED
@@ -0,0 +1,27 @@
1
+ {
2
+ "id": "development",
3
+ "aws_access_key_id": {
4
+ "encrypted_data": "OrX9/3urkoVg90nNBKZo9Yli/L62xugOcnZBUeWmHAY=\n",
5
+ "iv": "0PkVPxoHU8ABsyvb7LL5gw==\n",
6
+ "version": 1,
7
+ "cipher": "aes-256-cbc"
8
+ },
9
+ "aws_secret_access_key": {
10
+ "encrypted_data": "iFG6wvUEwQAH5cSNdXolHwWZac4yt3iyDrIuIq20QlA=\n",
11
+ "iv": "y5VDMAh6+XZMBR/tnr8kqQ==\n",
12
+ "version": 1,
13
+ "cipher": "aes-256-cbc"
14
+ },
15
+ "aws_x509_certificate": {
16
+ "encrypted_data": "8wkLFODJV6CLMnS3hS0H75I4nEAM3PkVtfG/LIUS9NI=\n",
17
+ "iv": "tOa9uKSYSf71Okh6Jipeew==\n",
18
+ "version": 1,
19
+ "cipher": "aes-256-cbc"
20
+ },
21
+ "aws_private_key": {
22
+ "encrypted_data": "xn9dVwhYGpk7C4sc7LmVBR6O1HZwlpr2gv6UUtFkpoQ=\n",
23
+ "iv": "T5Fp7pTJSrlftmauY6Baeg==\n",
24
+ "version": 1,
25
+ "cipher": "aes-256-cbc"
26
+ }
27
+ }
data/test/assets/data_bags/aws/production.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
- "id": "staging",
2
+ "id": "production",
3
3
  "aws_access_key_id": "foo",
4
4
  "aws_secret_access_key": "bar",
5
- "aws_x509_certificate": "foo",
6
- "aws_private_key": "bar"
5
+ "aws_x509_certificate": "foo\n",
6
+ "aws_private_key": "bar\n"
7
7
  }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: encrypt_data_bag
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sean Porter
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-01-16 00:00:00.000000000 Z
11
+ date: 2014-01-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef
@@ -72,6 +72,7 @@ files:
72
72
  - lib/encrypt_data_bag/version.rb
73
73
  - test/assets/aws_private_key.pem
74
74
  - test/assets/aws_x509_certificate.crt
75
+ - test/assets/data_bags/aws/development.json
75
76
  - test/assets/data_bags/aws/production.json
76
77
  - test/assets/data_bags/aws/staging.rb
77
78
  - test/assets/encrypted_data_bag_secret
@@ -103,6 +104,7 @@ summary: CLI tool for encrypting Chef data bag items
103
104
  test_files:
104
105
  - test/assets/aws_private_key.pem
105
106
  - test/assets/aws_x509_certificate.crt
107
+ - test/assets/data_bags/aws/development.json
106
108
  - test/assets/data_bags/aws/production.json
107
109
  - test/assets/data_bags/aws/staging.rb
108
110
  - test/assets/encrypted_data_bag_secret