encrypted-environment 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 487148e2ff834cf95e636cab49e5b28a6d7ffb2e2f7b646445edd785d44e8a94
+  data.tar.gz: 7927fade6cefd9af5e77281f463ea8d88d9a9cdd9618a4f55920f9b97376cee1
+SHA512:
+  metadata.gz: 5157ed09233aa078a2150e9b24f5cbb15b2aa855dd0ef5490af5c74c4303c9a341cdc135ccdf5843651a565c3f8f3a4151433c0d42ef675fe351f664b3c441cf
+  data.tar.gz: '05235139b06ca41ceaf35ff37ae3092c012a6814617f154ea09207c43b902a8113eea5bb82c62381e6442a8aa454ce964dd05e7aa914a94e3e0b89a2653ed60e'

data/.circleci/config.yml

@@ -0,0 +1,34 @@
+version: 2
+jobs:
+  build:
+    docker:
+       - image: circleci/ruby:2.4.1-node-browsers
+    working_directory: ~/repo
+
+    steps:
+      - checkout
+
+      - restore_cache:
+          keys:
+          - v1-dependencies-{{ checksum "Gemfile.lock" }}
+          - v1-dependencies-
+
+      - run:
+          name: Install dependencies
+          command: |
+            bundle install --jobs=4 --retry=3 --path vendor/bundle
+
+      - save_cache:
+          paths:
+            - ./vendor/bundle
+          key: v1-dependencies-{{ checksum "Gemfile.lock" }}
+        
+      - run:
+          name: Run tests
+          command: |
+            bundle exec rake test
+
+      - run:
+          name: Run linter
+          command: |
+            bundle exec rubocop

data/.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,11 @@
+## Context 🕵️‍♀️
+
+> Provide information that helps with understanding your issue. For example your use case that the project doesn't cover, what you were doing when you found the bug... You can also provide the version that you were using, how you integrated it with your project, the platform version...
+
+## What 🌱
+
+> Describe here your issue, a bug you found, an idea that you had, something that you think can be improved...
+
+## Proposal 🎉
+
+> Attach your own proposal _(if you have it)_. We'll discuss in on the issue to find the best one that fits into the library.

data/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,16 @@
+Resolves https://github.com/pepibumur/encrypted-environment/issues/YYY
+
+### Short description 📝
+
+> Describe here the purpose of your PR.
+
+### Solution 📦
+
+> Describe the solution you came up with and the reasons that led you to that solution. If you thought about other solutions don't forget about mentioning them.
+
+### Implementation 👩‍💻👨‍💻
+
+> Detail in a checklist the steps that you took to implement the PR.
+
+- [ ] Step 1
+- [ ] Step 2

data/.gitignore

@@ -0,0 +1,10 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+.rubocop-http---shopify-github-io-ruby-style-guide-rubocop-yml
+.byebug_history

data/.rubocop.yml

@@ -0,0 +1,16 @@
+inherit_from:
+  - http://shopify.github.io/ruby-style-guide/rubocop.yml
+
+Rails:
+  Enabled: false
+
+Style/ClassAndModuleChildren:
+  Enabled: false
+
+AllCops:
+  TargetRubyVersion: 2.5
+  DisplayCopNames: true
+  DisplayStyleGuide: true
+  Exclude:
+    - vendor/**/*
+    - bin/*

data/.ruby-version

@@ -0,0 +1 @@
+2.5.3

data/.travis.yml

@@ -0,0 +1,7 @@
+---
+sudo: false
+language: ruby
+cache: bundler
+rvm:
+  - 2.5.1
+before_install: gem install bundler -v 1.16.6

data/.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+  "editor.formatOnSave": true
+}

data/CHANGELOG.md

@@ -0,0 +1,11 @@
+# Changelog
+
+Please, check out guidelines: https://keepachangelog.com/en/1.0.0/
+
+## Next version
+
+## 1.0.0
+
+### Added
+
+- 🎉 The project was born!

data/Gemfile

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in encrypted-environment.gemspec
+gemspec
+
+gem 'codecov', require: false, group: :test

data/Gemfile.lock

@@ -0,0 +1,69 @@
+PATH
+  remote: .
+  specs:
+    encrypted-environment (0.1.0)
+      ejson (~> 1.2)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ansi (1.5.0)
+    ast (2.4.0)
+    builder (3.2.3)
+    byebug (10.0.2)
+    codecov (0.1.14)
+      json
+      simplecov
+      url
+    docile (1.3.1)
+    ejson (1.2.0)
+    jaro_winkler (1.5.1)
+    json (2.1.0)
+    metaclass (0.0.4)
+    minitest (5.11.3)
+    minitest-reporters (1.3.5)
+      ansi
+      builder
+      minitest (>= 5.0)
+      ruby-progressbar
+    mocha (1.7.0)
+      metaclass (~> 0.0.1)
+    parallel (1.12.1)
+    parser (2.5.3.0)
+      ast (~> 2.4.0)
+    powerpack (0.1.2)
+    rainbow (3.0.0)
+    rake (10.5.0)
+    rubocop (0.60.0)
+      jaro_winkler (~> 1.5.1)
+      parallel (~> 1.10)
+      parser (>= 2.5, != 2.5.1.1)
+      powerpack (~> 0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.4.0)
+    ruby-progressbar (1.10.0)
+    simplecov (0.16.1)
+      docile (~> 1.1)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.2)
+    unicode-display_width (1.4.0)
+    url (0.3.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.16)
+  byebug (~> 10.0)
+  codecov
+  encrypted-environment!
+  minitest (~> 5.0)
+  minitest-reporters (~> 1.3)
+  mocha (~> 1.7)
+  rake (~> 10.0)
+  rubocop (~> 0.60.0)
+
+BUNDLED WITH
+   1.17.1

data/LICENSE.md

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) from 2019 Pedro Piñera Buendía
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,34 @@
+# Encrypted enironment
+
+[![CircleCI](https://circleci.com/gh/pepibumur/encrypted-environment.svg?style=svg)](https://circleci.com/gh/pepibumur/encrypted-environment)
+[![codecov](https://codecov.io/gh/pepibumur/encrypted-environment/branch/master/graph/badge.svg)](https://codecov.io/gh/pepibumur/encrypted-environment)
+
+Ruby utility to load encrypted variables into the environment
+
+## Install
+
+1. Add the following line to the Gemfile:
+
+```
+gem "encrypted-environment", git: "git@github.com:pepibumur/encrypted-environment.git"
+```
+2. Run `bundle install`
+
+
+## Usage
+
+```ruby
+require "encrypted/environment"
+
+Encrypted::Environment.load_from_ejson(
+  "path/to/env.ejson", 
+  secrets_path: "secrets",
+  private_key: "key"
+)
+
+Encrypted::Environment.encrypt_ejson(
+  "path/to/env.ejson",
+  secrets_path: "secrets",
+  private_key: "key"
+)
+```

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/**/*_test.rb"]
+end
+
+task(default: :test)

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "encrypted/environment"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/encrypted-environment.gemspec

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "encrypted/environment/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "encrypted-environment"
+  spec.version       = Encrypted::Environment::VERSION
+  spec.authors       = ["Pedro Piñera"]
+  spec.email         = ["pedro@ppinera.es"]
+  spec.summary       = 'Load encrypted variables into the environment'
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    %x(git ls-files -z).split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = %w(lib)
+
+  spec.add_dependency("ejson", "~> 1.2")
+
+  spec.add_development_dependency("bundler", "~> 1.16")
+  spec.add_development_dependency("rake", "~> 10.0")
+  spec.add_development_dependency("minitest", "~> 5.0")
+  spec.add_development_dependency("rubocop", "~> 0.60.0")
+  spec.add_development_dependency("byebug", "~> 10.0")
+  spec.add_development_dependency("minitest-reporters", "~> 1.3")
+  spec.add_development_dependency("mocha", "~> 1.7")
+end

data/lib/encrypted/environment/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Encrypted
+  module Environment
+    VERSION = "0.1.0"
+  end
+end

data/lib/encrypted/environment.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+require "encrypted/environment/version"
+require 'json'
+require 'tmpdir'
+require 'fileutils'
+
+module Encrypted
+  module Environment
+    EnvironmentError = Class.new(StandardError)
+    MissingEjson = Class.new(EnvironmentError)
+    MissingSecret = Class.new(EnvironmentError)
+
+    def self.load_from_ejson(ejson_path, secrets_path: nil, private_key: nil)
+      decrypt_environment(
+        ejson_path: ejson_path,
+        secrets_path: secrets_path,
+        private_key: private_key
+      ).each do |key, value|
+        ENV[key] = value if key != "_public_key"
+      end
+    end
+
+    def self.encrypt_ejson(ejson_path, secrets_path: nil, private_key: nil)
+      with_secrets(ejson_path: ejson_path, secrets_path: secrets_path, private_key: private_key) do |path|
+        %x(EJSON_KEYDIR=#{path} bundle exec ejson encrypt #{ejson_path})
+      end
+    end
+
+    class << self
+      private
+
+      def decrypt_environment(ejson_path:, secrets_path: nil, private_key: nil)
+        with_secrets(ejson_path: ejson_path, secrets_path: secrets_path, private_key: private_key) do |path|
+          output = %x(EJSON_KEYDIR=#{path} bundle exec ejson decrypt #{ejson_path})
+          JSON.parse(output)
+        end
+      end
+
+      def with_secrets(ejson_path:, secrets_path: nil, private_key: nil)
+        raise MissingEjson unless File.exist?(ejson_path)
+
+        content = File.read(ejson_path)
+        ejson = JSON.parse(content)
+        public_key = ejson["_public_key"]
+        should_delete = false
+
+        if !secrets_path.nil? && File.exist?(secrets_path)
+          # Do nothing
+        elsif !private_key.nil?
+          secrets_path = Dir.mktmpdir
+          should_delete = true
+          File.write(File.join(secrets_path, public_key), private_key)
+        else
+          raise MissingSecret
+        end
+
+        yield(secrets_path)
+      ensure
+        FileUtils.remove_dir(secrets_path, true) if should_delete
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,174 @@
+--- !ruby/object:Gem::Specification
+name: encrypted-environment
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Pedro Piñera
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2019-01-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ejson
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.60.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.60.0
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: minitest-reporters
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+description: 
+email:
+- pedro@ppinera.es
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".circleci/config.yml"
+- ".github/ISSUE_TEMPLATE.md"
+- ".github/PULL_REQUEST_TEMPLATE.md"
+- ".gitignore"
+- ".rubocop.yml"
+- ".ruby-version"
+- ".travis.yml"
+- ".vscode/settings.json"
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.md
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- encrypted-environment.gemspec
+- lib/encrypted/environment.rb
+- lib/encrypted/environment/version.rb
+homepage: 
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: Load encrypted variables into the environment
+test_files: []