RubyGems - encrypt_env - Versions diffs - 0.0.0 - Mend

encrypt_env 0.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: d2e5975e1531956cbfed23c4941007447ea37e1be9665f2d3918f23905edda0d
+  data.tar.gz: b9aa751c784ed18b7191a128b262630e57ea0c8c748eca0429ce87de83fdcbb3
+SHA512:
+  metadata.gz: 75b384706fec3025c57d6ca4e856d5615e059ed3760eaa4a7c966235ebcabd55a7b0c9b812fa6693ff040593bbc635471a250077bb2ddfd7ab6a5288070aa432
+  data.tar.gz: 2ea4150d0f108e0806490b4cf19c778c71b892ace09d2ba3afe2812f30cb5e87d1d8bf85fbe6a339c563a2cf9389efaad2bb10d4d110d6772c293007398a303e

data/bin/encrypt_env ADDED Viewed

@@ -0,0 +1,40 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+require 'encrypt_env'
+COMMANDS = {
+  'setup' => EncryptEnv.setup,
+  'secrets' => EncryptEnv.secrets,
+  'secrets_all' => EncryptEnv.secrets_all,
+  'edit' => EncryptEnv.edit
+}.freeze
+argv = ARGV
+action = argv.shift
+command_class = COMMANDS[action]
+unless command_class
+  if ['help', '--help', '-h'].include?(action)
+    puts <<~HELP
+      Usage:
+        encrypt_env setup
+        encrypt_env secrets
+        encrypt_env secrets_all
+        encrypt_env edit
+    HELP
+    exit 0
+  else
+    puts "Unknown action: #{action}"
+    exit 1
+  end
+end
+begin
+  command = command_class.new(argv)
+  command.run!
+rescue ArgumentError => e
+  puts e.message
+  exit 1
+end

data/lib/encrypt_env.rb ADDED Viewed

@@ -0,0 +1,110 @@
+# frozen_string_literal: true
+require 'securerandom'
+require 'openssl'
+require 'yaml'
+require 'active_support/core_ext/hash/indifferent_access'
+# gem 'encrypt_env'
+class EncryptEnv
+  private_class_method def self.master_key
+    key = File.read("#{@path_root}/config/master.key")
+    [key].pack('H*')
+  end
+  private_class_method def self.data_decrypt(raw_data)
+    encrypted = raw_data.slice(0, raw_data.length - 28)
+    iv = raw_data.slice(raw_data.length - 28, 12)
+    tag = raw_data.slice(raw_data.length - 16, 16)
+    { encrypted: encrypted, iv: iv, tag: tag }
+  end
+  private_class_method def self.encrypt(content)
+    cipher = OpenSSL::Cipher.new('aes-128-gcm')
+    cipher.encrypt
+    cipher.key = master_key
+    iv = cipher.random_iv
+    encrypted = cipher.update(content) + cipher.final
+    tag = cipher.auth_tag
+    hex_string = (encrypted + iv + tag).unpack1('H*')
+    File.open("#{@path_root}/config/secrets.yml.enc", 'w') { |file| file.write(hex_string) }
+  end
+  private_class_method def self.decrypt
+    decipher = OpenSSL::Cipher.new('aes-128-gcm')
+    decipher.decrypt
+    hex_string = File.read("#{@path_root}/config/secrets.yml.enc")
+    data_decrypt = self.data_decrypt([hex_string].pack('H*'))
+    decipher.iv = data_decrypt[:iv]
+    decipher.key = master_key
+    decipher.auth_tag = data_decrypt[:tag]
+    decipher.update(data_decrypt[:encrypted]) + decipher.final
+  end
+  private_class_method def self.path_root
+    @path_root = if defined?(Rails)
+                   Rails.root.to_s
+                 elsif defined?(Bundler)
+                   Bundler.root.to_s
+                 else
+                   Dir.pwd
+                 end
+  end
+  def self.setup
+    path_root
+    @secret_file = File.expand_path("#{@path_root}/config/secrets.yml")
+    key = OpenSSL::Random.random_bytes(16)
+    # save key in master.key file
+    File.open("#{@path_root}/config/master.key", 'w') { |file| file.write(key.unpack1('H*')) }
+    encrypt(File.read(@secret_file))
+  end
+  def self.edit
+    path_root unless @path_root
+    secrets unless @decrypted
+    Tempfile.create do |f|
+      f.write(decrypt)
+      f.flush
+      f.rewind
+      system("vim #{f.path}")
+      encrypt(File.read(f.path))
+      @decrypted = nil
+    end
+  end
+  def self.secrets_all
+    path_root unless @path_root
+    secrets unless @decrypted
+    @decrypted
+  end
+  def self.secrets
+    path_root unless @path_root
+    @decrypted = HashWithIndifferentAccess.new(YAML.safe_load(
+                                                 decrypt, aliases: true
+                                               ))
+    @decrypted[Rails.env.to_sym] || @decrypted[:default]
+  end
+  def self.secrets_production
+    secrets unless @decrypted
+    @decrypted[:production]
+  end
+  def self.secrets_development
+    secrets unless @decrypted
+    @decrypted[:development]
+  end
+  def self.secrets_test
+    secrets unless @decrypted
+    @decrypted[:test]
+  end
+  def self.secrets_staging
+    secrets unless @decrypted
+    @decrypted[:staging]
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,45 @@
+--- !ruby/object:Gem::Specification
+name: encrypt_env
+version: !ruby/object:Gem::Version
+  version: 0.0.0
+platform: ruby
+authors:
+- Nhu Tan
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2022-07-18 00:00:00.000000000 Z
+dependencies: []
+description: Encrypts and decrypts environment variables
+email: nhutan2001@gmail.com
+executables:
+- encrypt_env
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/encrypt_env
+- lib/encrypt_env.rb
+homepage: https://rubygems.org/gems/encrypt_env
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.6.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.7
+signing_key:
+specification_version: 4
+summary: Ecrypt secrets.yml file
+test_files: []