encrypt_env 1.1.3 → 1.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/encrypt_env.rb +39 -40
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c832448cf2b0a36f7c9670495393c18b1fa3210bee11ff4218327bae0ff0caf6
|
|
4
|
+
data.tar.gz: a692c2b86a27381592355ceb78521f46d2a3b73389b51ea4b3dc1b19dd8b5de8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5a20fa7185459b94ce647ca1222da11d667b4ad8fdb8436c6c755d34c568fc3a52cff4b82a75770faf5d00e76ffbade05f6bfb061bd924d83c0a6c345c319458
|
|
7
|
+
data.tar.gz: 52375f8d2461d89ded146e7b678e60d2dfc38389f6da2401a731e812290a784df2a2b1cf6163589d10eb50158f1a3b6e87974e81d2efb40b7e17cc0fb187c7c9
|
data/lib/encrypt_env.rb
CHANGED
|
@@ -10,8 +10,19 @@ require 'json'
|
|
|
10
10
|
# gem 'encrypt_env'
|
|
11
11
|
class EncryptEnv
|
|
12
12
|
private_class_method def self.master_key
|
|
13
|
-
|
|
14
|
-
|
|
13
|
+
if File.file?("#{@path_root}/config/master.key")
|
|
14
|
+
key = File.read("#{@path_root}/config/master.key").strip
|
|
15
|
+
@master_key = [key].pack('H*')
|
|
16
|
+
puts 'Get master key success!'
|
|
17
|
+
true
|
|
18
|
+
elsif ENV.key?('MASTER_KEY')
|
|
19
|
+
@master_key = [ENV['MASTER_KEY']].pack('H*')
|
|
20
|
+
puts 'Get master key success!'
|
|
21
|
+
true
|
|
22
|
+
else
|
|
23
|
+
puts 'Get master key fail!'
|
|
24
|
+
false
|
|
25
|
+
end
|
|
15
26
|
end
|
|
16
27
|
|
|
17
28
|
private_class_method def self.data_decrypt(raw_data)
|
|
@@ -22,9 +33,10 @@ class EncryptEnv
|
|
|
22
33
|
end
|
|
23
34
|
|
|
24
35
|
private_class_method def self.encrypt(content)
|
|
36
|
+
master_key unless @master_key
|
|
25
37
|
cipher = OpenSSL::Cipher.new('aes-128-gcm')
|
|
26
38
|
cipher.encrypt
|
|
27
|
-
cipher.key = master_key
|
|
39
|
+
cipher.key = @master_key
|
|
28
40
|
iv = cipher.random_iv
|
|
29
41
|
cipher.auth_data = ''
|
|
30
42
|
encrypted = cipher.update(content) + cipher.final
|
|
@@ -34,17 +46,25 @@ class EncryptEnv
|
|
|
34
46
|
end
|
|
35
47
|
|
|
36
48
|
private_class_method def self.decrypt
|
|
49
|
+
path_root unless @path_root
|
|
50
|
+
if @master_key.nil? && !master_key
|
|
51
|
+
puts "master key not found in 'config/master.key' file and 'MASTER_KEY' environment variable!"
|
|
52
|
+
@raw_decrypted = ''
|
|
53
|
+
return false
|
|
54
|
+
end
|
|
37
55
|
decipher = OpenSSL::Cipher.new('aes-128-gcm')
|
|
38
56
|
decipher.decrypt
|
|
39
57
|
hex_string = File.read("#{@path_root}/config/secrets.yml.enc")
|
|
40
58
|
data = data_decrypt([hex_string].pack('H*'))
|
|
41
59
|
encrypted = data[:encrypted]
|
|
42
|
-
decipher.key = master_key
|
|
60
|
+
decipher.key = @master_key
|
|
43
61
|
decipher.iv = data[:iv]
|
|
44
62
|
decipher.auth_tag = data[:tag]
|
|
45
63
|
decipher.auth_data = ''
|
|
46
64
|
|
|
47
|
-
decipher.update(encrypted) + decipher.final
|
|
65
|
+
@raw_decrypted = decipher.update(encrypted) + decipher.final
|
|
66
|
+
@decrypted = HashWithIndifferentAccess.new(YAML.load(@raw_decrypted, aliases: true))
|
|
67
|
+
true
|
|
48
68
|
end
|
|
49
69
|
|
|
50
70
|
private_class_method def self.path_root
|
|
@@ -64,16 +84,17 @@ class EncryptEnv
|
|
|
64
84
|
# save key in master.key file
|
|
65
85
|
File.open("#{@path_root}/config/master.key", 'w') { |file| file.write(key.unpack('H*')[0]) }
|
|
66
86
|
encrypt(File.read(@secret_file))
|
|
87
|
+
File.rename(@secret_file, "#{@path_root}/config/secrets.yml.old")
|
|
67
88
|
system("echo '/config/master.key' >> #{@path_root}/.gitignore")
|
|
68
|
-
system("echo '/config/secrets.yml' >> #{@path_root}/.gitignore")
|
|
69
|
-
system("echo 'Set up complete'")
|
|
89
|
+
system("echo '/config/secrets.yml.old' >> #{@path_root}/.gitignore")
|
|
90
|
+
system("echo 'Set up complete!'")
|
|
70
91
|
end
|
|
71
92
|
|
|
72
93
|
def self.edit
|
|
73
|
-
|
|
74
|
-
|
|
94
|
+
return unless decrypt
|
|
95
|
+
|
|
75
96
|
Tempfile.create('secrets.yml') do |f|
|
|
76
|
-
f.write(
|
|
97
|
+
f.write(@raw_decrypted)
|
|
77
98
|
f.flush
|
|
78
99
|
f.rewind
|
|
79
100
|
system("vim #{f.path}")
|
|
@@ -83,50 +104,28 @@ class EncryptEnv
|
|
|
83
104
|
end
|
|
84
105
|
|
|
85
106
|
def self.secrets_all
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
@decrypted
|
|
107
|
+
return @decrypted if @decrypted
|
|
108
|
+
|
|
109
|
+
return @decrypted if decrypt
|
|
110
|
+
|
|
111
|
+
{}
|
|
89
112
|
end
|
|
90
113
|
|
|
91
114
|
def self.secrets
|
|
92
|
-
|
|
115
|
+
return {} if !@decrypted && !decrypt
|
|
93
116
|
|
|
94
|
-
path_root unless @path_root
|
|
95
|
-
@decrypted = HashWithIndifferentAccess.new(YAML.load(decrypt, aliases: true))
|
|
96
117
|
unless defined?(Rails)
|
|
97
118
|
env = `rails r "print Rails.env"`.to_sym
|
|
98
|
-
return @decrypted[env]
|
|
119
|
+
return @decrypted[env]
|
|
99
120
|
end
|
|
100
|
-
@decrypted[Rails.env.to_sym]
|
|
101
|
-
end
|
|
102
|
-
|
|
103
|
-
def self.secrets_production
|
|
104
|
-
secrets unless @decrypted
|
|
105
|
-
@decrypted[:production]
|
|
106
|
-
end
|
|
107
|
-
|
|
108
|
-
def self.secrets_development
|
|
109
|
-
secrets unless @decrypted
|
|
110
|
-
@decrypted[:development]
|
|
111
|
-
end
|
|
112
|
-
|
|
113
|
-
def self.secrets_test
|
|
114
|
-
secrets unless @decrypted
|
|
115
|
-
@decrypted[:test]
|
|
116
|
-
end
|
|
117
|
-
|
|
118
|
-
def self.secrets_staging
|
|
119
|
-
secrets unless @decrypted
|
|
120
|
-
@decrypted[:staging]
|
|
121
|
+
@decrypted[Rails.env.to_sym]
|
|
121
122
|
end
|
|
122
123
|
|
|
123
124
|
def self.show
|
|
124
|
-
# Pry::ColorPrinter.pp(secrets)
|
|
125
125
|
jj secrets
|
|
126
126
|
end
|
|
127
127
|
|
|
128
128
|
def self.show_all
|
|
129
|
-
# Pry::ColorPrinter.pp(secrets_all)
|
|
130
129
|
jj secrets_all
|
|
131
130
|
end
|
|
132
131
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: encrypt_env
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nhu Tan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-08-
|
|
11
|
+
date: 2022-08-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: Encrypts and decrypts environment variables
|
|
14
14
|
email: nhutan2001@gmail.com
|