RubyGems - encrypt_env - Versions diffs - 1.1.6 → 1.2.1 - Mend

encrypt_env 1.1.6 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c832448cf2b0a36f7c9670495393c18b1fa3210bee11ff4218327bae0ff0caf6
-  data.tar.gz: a692c2b86a27381592355ceb78521f46d2a3b73389b51ea4b3dc1b19dd8b5de8
+  metadata.gz: 6d696c60bf3a51762a466ccae6de5a7fea2a18b9e5c9ee744708e9541e097f2c
+  data.tar.gz: 36d4248ccbcf1c5121c28248dd045f40f3806c23be0519a3f01624148bb7c172
 SHA512:
-  metadata.gz: 5a20fa7185459b94ce647ca1222da11d667b4ad8fdb8436c6c755d34c568fc3a52cff4b82a75770faf5d00e76ffbade05f6bfb061bd924d83c0a6c345c319458
-  data.tar.gz: 52375f8d2461d89ded146e7b678e60d2dfc38389f6da2401a731e812290a784df2a2b1cf6163589d10eb50158f1a3b6e87974e81d2efb40b7e17cc0fb187c7c9
+  metadata.gz: ebb16a54fda48f54342a9d2987dcdf95d37b2c32b20ee304428e4d435d794d1b6e5a303233e2c26104c3534756d37c1f1dc554025becb72ef55e3a6b9f62fa69
+  data.tar.gz: 3add45fbf64eef00a7f0d131229bb9dab796f99bf43d0529d9f34b8dbd635a5e198d32afaed210cfd3c356dcfa7184215bfda83fca47b145d6cf6d1371fad1a9

data/bin/encrypt_env CHANGED Viewed

@@ -11,13 +11,21 @@ if action == 'setup'
   EncryptEnv.setup
   exit 0
 elsif action == 'show'
-  EncryptEnv.show
+  if argv[0]
+    EncryptEnv.show(argv[0])
+  else
+    EncryptEnv.show
+  end
   exit 0
 elsif action == 'all'
-  EncryptEnv.show_all
+  EncryptEnv.show('all')
   exit 0
 elsif action == 'edit'
-  EncryptEnv.edit
+  if argv[0]
+    EncryptEnv.edit(argv[0])
+  else
+    EncryptEnv.edit
+  end
   exit 0
 elsif ['help', '--help', '-h'].include?(action)
   puts <<~HELP

data/lib/encrypt_env.rb CHANGED Viewed

@@ -8,32 +8,96 @@ require 'tempfile'
 require 'json'
 # gem 'encrypt_env'
+# rubocop:disable Metrics/ClassLength
+# rubocop:disable Metrics/MethodLength
 class EncryptEnv
-  private_class_method def self.master_key
-    if File.file?("#{@path_root}/config/master.key")
-      key = File.read("#{@path_root}/config/master.key").strip
-      @master_key = [key].pack('H*')
-      puts 'Get master key success!'
-      true
-    elsif ENV.key?('MASTER_KEY')
-      @master_key = [ENV['MASTER_KEY']].pack('H*')
-      puts 'Get master key success!'
-      true
+  private_class_method def self.define_option
+    puts "Options to 'encrypt secrets.yml' file"
+    puts '1. Generate only one master.key and one encrypted file for all environment'
+    puts '2. Generate master.key and encrypted file for each environment'
+    loop do
+      @opt = gets.chomp.to_i
+      break if @opt == 1 || @opt == 2
+      puts "Please enter '1' or '2'!"
+    end
+    puts "Your option is #{@opt}"
+  end
+  private_class_method def self.load_curr_opt
+    if File.file?("#{Dir.pwd}/config/secrets.yml.enc")
+      @opt = 1
+    elsif Dir["#{Dir.pwd}/config/secrets_*.yml.enc"].length.positive?
+      @opt = 2
     else
-      puts 'Get master key fail!'
-      false
+      puts 'You must setup first to encrypt file!'
+      exit
+    end
+  end
+  private_class_method def self.current_env
+    unless defined?(Rails)
+      env = `rails r "print Rails.env"`
+      return env
     end
+    Rails.env
   end
-  private_class_method def self.data_decrypt(raw_data)
+  private_class_method def self.check_key_existence(env = nil)
+    file_name = env.nil? ? 'master.key' : "master_#{env}.key"
+    return if File.file?("#{Dir.pwd}/config/#{file_name}")
+    # return if Dir["#{Dir.pwd}/config/master_*.key"].length.positive? && @opt == 2
+    return if ENV.key?('MASTER_KEY')
+    puts 'Please provide master key!'
+    exit
+  end
+  private_class_method def self.load_master_key(env = nil)
+    check_key_existence(env)
+    file_path = env ? "#{Dir.pwd}/config/master_#{env}.key" : "#{Dir.pwd}/config/master.key"
+    key = File.file?(file_path) ? File.read(file_path).strip : ENV['MASTER_KEY']
+    @master_key = [key].pack('H*')
+  end
+  private_class_method def self.generate_keys
+    if @opt == 1
+      key = OpenSSL::Random.random_bytes(16)
+      File.open("#{Dir.pwd}/config/master.key", 'w') { |file| file.write(key.unpack('H*')[0]) }
+    else
+      to_hash_type(@content_to_encrypt).each_key do |env|
+        next if env == 'default'
+        key = OpenSSL::Random.random_bytes(16)
+        File.open("#{Dir.pwd}/config/master_#{env}.key", 'w') { |file| file.write(key.unpack('H*')[0]) }
+      end
+    end
+  end
+  private_class_method def self.load_content_to_encrypt
+    secret_file = File.expand_path("#{Dir.pwd}/config/secrets.yml")
+    @content_to_encrypt = File.read(secret_file)
+  end
+  private_class_method def self.to_hash_type(raw_data)
+    HashWithIndifferentAccess.new(YAML.load(raw_data, aliases: true))
+  end
+  private_class_method def self.load_encrypted_data(env = nil)
+    file_path = env ? "#{Dir.pwd}/config/secrets_#{env}.yml.enc" : "#{Dir.pwd}/config/secrets.yml.enc"
+    hex_string = File.read(file_path)
+    raw_data = [hex_string].pack('H*')
     encrypted = raw_data.slice(0, raw_data.length - 28)
     iv = raw_data.slice(raw_data.length - 28, 12)
     tag = raw_data.slice(raw_data.length - 16, 16)
     { encrypted: encrypted, iv: iv, tag: tag }
   end
-  private_class_method def self.encrypt(content)
-    master_key unless @master_key
+  private_class_method def self.encrypt(content, typ = nil)
+    file_path = typ ? "#{Dir.pwd}/config/secrets_#{typ}.yml.enc" : "#{Dir.pwd}/config/secrets.yml.enc"
     cipher = OpenSSL::Cipher.new('aes-128-gcm')
     cipher.encrypt
     cipher.key = @master_key
@@ -42,20 +106,15 @@ class EncryptEnv
     encrypted = cipher.update(content) + cipher.final
     tag = cipher.auth_tag
     hex_string = (encrypted + iv + tag).unpack('H*')[0]
-    File.open("#{@path_root}/config/secrets.yml.enc", 'w') { |file| file.write(hex_string) }
+    File.open(file_path, 'w') { |file| file.write(hex_string) }
   end
-  private_class_method def self.decrypt
-    path_root unless @path_root
-    if @master_key.nil? && !master_key
-      puts "master key not found in 'config/master.key' file and 'MASTER_KEY' environment variable!"
-      @raw_decrypted = ''
-      return false
-    end
+  private_class_method def self.decrypt(env = nil)
+    load_master_key(env)
     decipher = OpenSSL::Cipher.new('aes-128-gcm')
     decipher.decrypt
-    hex_string = File.read("#{@path_root}/config/secrets.yml.enc")
-    data = data_decrypt([hex_string].pack('H*'))
+    data = load_encrypted_data(env)
     encrypted = data[:encrypted]
     decipher.key = @master_key
     decipher.iv = data[:iv]
@@ -63,69 +122,86 @@ class EncryptEnv
     decipher.auth_data = ''
     @raw_decrypted = decipher.update(encrypted) + decipher.final
-    @decrypted = HashWithIndifferentAccess.new(YAML.load(@raw_decrypted, aliases: true))
-    true
+    @decrypted = to_hash_type(@raw_decrypted)
+  # Catch error if master key is wrong
+  rescue OpenSSL::Cipher::CipherError
+    puts 'Master key is wrong!'
+    exit
   end
-  private_class_method def self.path_root
-    @path_root = if defined?(Rails)
-                   Rails.root.to_s
-                 elsif defined?(Bundler)
-                   Bundler.root.to_s
-                 else
-                   Dir.pwd
-                 end
+  private_class_method def self.all_decrypted_object
+    obj = {}
+    env_lst = Dir["#{Dir.pwd}/config/secrets_*.yml.enc"].map do |path|
+      path.scan(/secrets_(.*)\.yml\.enc/).flatten.first
+    end
+    env_lst.each do |e|
+      decrypt(e)
+      obj[e] = @decrypted
+    end
+    obj
   end
-  def self.setup
-    path_root
-    @secret_file = File.expand_path("#{@path_root}/config/secrets.yml")
-    key = OpenSSL::Random.random_bytes(16)
-    # save key in master.key file
-    File.open("#{@path_root}/config/master.key", 'w') { |file| file.write(key.unpack('H*')[0]) }
-    encrypt(File.read(@secret_file))
-    File.rename(@secret_file, "#{@path_root}/config/secrets.yml.old")
-    system("echo '/config/master.key' >> #{@path_root}/.gitignore")
-    system("echo '/config/secrets.yml.old' >> #{@path_root}/.gitignore")
-    system("echo 'Set up complete!'")
+  def self.secrets_all
+    return all_decrypted_object if @opt == 2
+    decrypt
+    @decrypted
   end
-  def self.edit
-    return unless decrypt
+  def self.secrets(env = nil)
+    load_curr_opt unless @opt
+    return secrets_all if env == 'all'
-    Tempfile.create('secrets.yml') do |f|
-      f.write(@raw_decrypted)
-      f.flush
-      f.rewind
-      system("vim #{f.path}")
-      encrypt(File.read(f.path))
-      @decrypted = nil
+    if @opt == 1
+      decrypt
+      @decrypted[env || current_env]
+    else
+      decrypt(env || current_env)
+      @decrypted
     end
   end
-  def self.secrets_all
-    return @decrypted if @decrypted
+  def self.setup
+    define_option
+    load_content_to_encrypt
+    generate_keys
+    if @opt == 1
+      load_master_key
+      encrypt(@content_to_encrypt)
+    else
+      to_hash_type(@content_to_encrypt).each do |env, value|
+        next if env == 'default'
-    return @decrypted if decrypt
+        load_master_key(env)
+        encrypt(value.to_hash.to_yaml, env)
+      end
+    end
-    {}
+    File.rename("#{Dir.pwd}/config/secrets.yml", "#{Dir.pwd}/config/secrets.yml.old")
+    system("echo '/config/master*.key' >> #{Dir.pwd}/.gitignore")
+    system("echo '/config/secrets.yml.old' >> #{Dir.pwd}/.gitignore")
+    system("echo 'Set up complete!'")
   end
-  def self.secrets
-    return {} if !@decrypted && !decrypt
+  def self.edit(env = nil)
+    load_curr_opt unless @opt
+    env ||= current_env if @opt == 2
+    return unless decrypt(env)
-    unless defined?(Rails)
-      env = `rails r "print Rails.env"`.to_sym
-      return @decrypted[env]
+    Tempfile.create("secrets_#{env}.yml") do |f|
+      f.write(@raw_decrypted)
+      f.flush
+      f.rewind
+      system("vim #{f.path}")
+      encrypt(File.read(f.path), env)
+      @decrypted = nil
     end
-    @decrypted[Rails.env.to_sym]
-  end
-  def self.show
-    jj secrets
   end
-  def self.show_all
-    jj secrets_all
+  def self.show(env = nil)
+    jj secrets(env)
   end
 end
+# rubocop:enable Metrics/ClassLength
+# rubocop:enable Metrics/MethodLength

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: encrypt_env
 version: !ruby/object:Gem::Version
-  version: 1.1.6
+  version: 1.2.1
 platform: ruby
 authors:
 - Nhu Tan
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-08-08 00:00:00.000000000 Z
+date: 2022-08-10 00:00:00.000000000 Z
 dependencies: []
 description: Encrypts and decrypts environment variables
 email: nhutan2001@gmail.com