encrypt_env 1.1.4 → 1.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/encrypt_env.rb +50 -54
  3. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7a7b86cd25877c953565a830b69f69c370ad8130eef2b86ec260b8b05c30cfc6
4
- data.tar.gz: 69e8a1187b43f5b9ae2211b4240a1c6041e4727f84c1cdc72b8219e7b94c1982
3
+ metadata.gz: 2e450fae62c0ff654e9034c4b09d4f7775285c7f446bf6af24d8c99f124841e3
4
+ data.tar.gz: e83e7f84b9821f7a1790f4320ae12f3296312f3716daa57b90646f904afd787c
5
5
  SHA512:
6
- metadata.gz: 358473d96fb538fcca421abf95b48f3c78dced20ae04fca667e9c0ad93dfa82f8b94686ae8d3c0a200f7ccc4f9b9e7df3d8ebb38514a51ad15c23b33be85d426
7
- data.tar.gz: 586c6f5aff549c0e5dec9948e1a52d174c5aa1756f1b16d1f8d4c83aa7c9b544fbf8dff0130d3103e2a11797c284ebcdd145a3631f2ad07520367eed15cb7fc6
6
+ metadata.gz: 7fdbcb0834f9f34edcbbd547fa28cafe680a655e69d4320428c3bba80bf2187989cc9a0b2d58ecee61bcbee762828a27bb4754638066cc1eac174ec3fa4aea99
7
+ data.tar.gz: cca971c37af42ece717519c0b6d795c8f577ccc12e5dcff29a7bb21b1edecc3a3b7ffa95e4b15781dcf35cca67b85ba60c8db072e16c08dc82c4c9f439ec0b50
data/lib/encrypt_env.rb CHANGED
@@ -9,12 +9,35 @@ require 'json'
9
9
 
10
10
  # gem 'encrypt_env'
11
11
  class EncryptEnv
12
+ private_class_method def self.path_root
13
+ @path_root = (defined?(Rails) && Rails.root.to_s) || (defined?(Bundler) && Bundler.root.to_s) || Dir.pwd
14
+ end
15
+
12
16
  private_class_method def self.master_key
13
- key = File.read("#{@path_root}/config/master.key").strip
14
- [key].pack('H*')
17
+ if File.file?("#{@path_root}/config/master.key")
18
+ key = File.read("#{@path_root}/config/master.key").strip
19
+ elsif ENV.key?('MASTER_KEY')
20
+ key = ENV['MASTER_KEY']
21
+ else
22
+ false
23
+ end
24
+ @master_key = [key].pack('H*')
25
+ true
15
26
  end
16
27
 
17
- private_class_method def self.data_decrypt(raw_data)
28
+ private_class_method def self.master_key?
29
+ if @master_key.nil? && !master_key
30
+ puts "master key not found in 'config/master.key' file and 'MASTER_KEY' environment variable!"
31
+ @raw_decrypted = ''
32
+ return false
33
+ end
34
+ true
35
+ end
36
+
37
+ private_class_method def self.data_to_decrypt
38
+ hex_string = File.read("#{@path_root}/config/secrets.yml.enc")
39
+ raw_data = [hex_string].pack('H*')
40
+
18
41
  encrypted = raw_data.slice(0, raw_data.length - 28)
19
42
  iv = raw_data.slice(raw_data.length - 28, 12)
20
43
  tag = raw_data.slice(raw_data.length - 16, 16)
@@ -22,9 +45,10 @@ class EncryptEnv
22
45
  end
23
46
 
24
47
  private_class_method def self.encrypt(content)
48
+ master_key unless @master_key
25
49
  cipher = OpenSSL::Cipher.new('aes-128-gcm')
26
50
  cipher.encrypt
27
- cipher.key = master_key
51
+ cipher.key = @master_key
28
52
  iv = cipher.random_iv
29
53
  cipher.auth_data = ''
30
54
  encrypted = cipher.update(content) + cipher.final
@@ -34,47 +58,41 @@ class EncryptEnv
34
58
  end
35
59
 
36
60
  private_class_method def self.decrypt
61
+ path_root unless @path_root
62
+ return unless master_key?
63
+
37
64
  decipher = OpenSSL::Cipher.new('aes-128-gcm')
38
65
  decipher.decrypt
39
- hex_string = File.read("#{@path_root}/config/secrets.yml.enc")
40
- data = data_decrypt([hex_string].pack('H*'))
66
+ data = data_to_decrypt
41
67
  encrypted = data[:encrypted]
42
- decipher.key = master_key
68
+ decipher.key = @master_key
43
69
  decipher.iv = data[:iv]
44
70
  decipher.auth_tag = data[:tag]
45
71
  decipher.auth_data = ''
46
72
 
47
- decipher.update(encrypted) + decipher.final
48
- end
49
-
50
- private_class_method def self.path_root
51
- @path_root = if defined?(Rails)
52
- Rails.root.to_s
53
- elsif defined?(Bundler)
54
- Bundler.root.to_s
55
- else
56
- Dir.pwd
57
- end
73
+ @raw_decrypted = decipher.update(encrypted) + decipher.final
74
+ @decrypted = HashWithIndifferentAccess.new(YAML.load(@raw_decrypted, aliases: true))
75
+ true
58
76
  end
59
77
 
60
78
  def self.setup
61
79
  path_root
62
- @secret_file = File.expand_path("#{@path_root}/config/secrets.yml")
80
+ secret_file = File.expand_path("#{@path_root}/config/secrets.yml")
63
81
  key = OpenSSL::Random.random_bytes(16)
64
82
  # save key in master.key file
65
83
  File.open("#{@path_root}/config/master.key", 'w') { |file| file.write(key.unpack('H*')[0]) }
66
- encrypt(File.read(@secret_file))
67
- File.rename(@secret_file, 'secrets.yml.old')
84
+ encrypt(File.read(secret_file))
85
+ File.rename(secret_file, "#{@path_root}/config/secrets.yml.old")
68
86
  system("echo '/config/master.key' >> #{@path_root}/.gitignore")
69
87
  system("echo '/config/secrets.yml.old' >> #{@path_root}/.gitignore")
70
88
  system("echo 'Set up complete!'")
71
89
  end
72
90
 
73
91
  def self.edit
74
- path_root unless @path_root
75
- secrets unless @decrypted
92
+ return unless decrypt
93
+
76
94
  Tempfile.create('secrets.yml') do |f|
77
- f.write(decrypt)
95
+ f.write(@raw_decrypted)
78
96
  f.flush
79
97
  f.rewind
80
98
  system("vim #{f.path}")
@@ -84,50 +102,28 @@ class EncryptEnv
84
102
  end
85
103
 
86
104
  def self.secrets_all
87
- path_root unless @path_root
88
- secrets unless @decrypted
89
- @decrypted
105
+ return @decrypted if @decrypted
106
+
107
+ return @decrypted if decrypt
108
+
109
+ {}
90
110
  end
91
111
 
92
112
  def self.secrets
93
- @decrypted
113
+ return {} if !@decrypted && !decrypt
94
114
 
95
- path_root unless @path_root
96
- @decrypted = HashWithIndifferentAccess.new(YAML.load(decrypt, aliases: true))
97
115
  unless defined?(Rails)
98
116
  env = `rails r "print Rails.env"`.to_sym
99
- return @decrypted[env] || @decrypted[:default] || @decrypted
117
+ return @decrypted[env]
100
118
  end
101
- @decrypted[Rails.env.to_sym] || @decrypted[:default] || @decrypted
102
- end
103
-
104
- def self.secrets_production
105
- secrets unless @decrypted
106
- @decrypted[:production]
107
- end
108
-
109
- def self.secrets_development
110
- secrets unless @decrypted
111
- @decrypted[:development]
112
- end
113
-
114
- def self.secrets_test
115
- secrets unless @decrypted
116
- @decrypted[:test]
117
- end
118
-
119
- def self.secrets_staging
120
- secrets unless @decrypted
121
- @decrypted[:staging]
119
+ @decrypted[Rails.env.to_sym]
122
120
  end
123
121
 
124
122
  def self.show
125
- # Pry::ColorPrinter.pp(secrets)
126
123
  jj secrets
127
124
  end
128
125
 
129
126
  def self.show_all
130
- # Pry::ColorPrinter.pp(secrets_all)
131
127
  jj secrets_all
132
128
  end
133
129
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: encrypt_env
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.4
4
+ version: 1.1.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nhu Tan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-05 00:00:00.000000000 Z
11
+ date: 2022-08-09 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Encrypts and decrypts environment variables
14
14
  email: nhutan2001@gmail.com