envcrypt 0.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/Gemfile +2 -0
- data/LICENSE +21 -0
- data/README.md +66 -0
- data/envcrypt.gemspec +23 -0
- metadata +48 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 7670f789a389fdc05ec8478eeb4072aea8de5b01
|
4
|
+
data.tar.gz: cbd4f2c8a1c0a10f7b3be10bc7f9a9f9efa1faee
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 9a09fd0621123f10b47f68103b0ab5a2b7fba8700a8f3ebda98f549d893dc092946da69f8a9f6b579ad9c0d52f93764be333b6229ad96ac4f73a8f8acc88f548
|
7
|
+
data.tar.gz: 5f86edbfb5f91ed7fea2eadb629761e048e705c198357d23676190c85023efa2fb7120a78ef972543034b42007365885dd2e24fd2e941d58d5fe4863f4da04e9
|
data/Gemfile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2014 Sterling Paramore
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
13
|
+
copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
21
|
+
SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,66 @@
|
|
1
|
+
Envcrypt
|
2
|
+
=========
|
3
|
+
|
4
|
+
Encryptor provides an easy way to securely encrypt and decrypt secrets
|
5
|
+
(passwords) that need to be stored for use in automated processes.
|
6
|
+
|
7
|
+
**Status:** Just have a README! Working on the rest.
|
8
|
+
|
9
|
+
## Use
|
10
|
+
|
11
|
+
Encrypt a secret
|
12
|
+
````ruby
|
13
|
+
$ envcrypt -p mypassword
|
14
|
+
|
15
|
+
encrypted: xxx
|
16
|
+
key: xxx
|
17
|
+
````
|
18
|
+
|
19
|
+
Set the key as an environment variable (bash example)
|
20
|
+
````bash
|
21
|
+
export ENVCRYPT_KEY=xxx
|
22
|
+
````
|
23
|
+
|
24
|
+
Decrypt the password in Ruby code
|
25
|
+
````ruby
|
26
|
+
require 'envcrypt'
|
27
|
+
|
28
|
+
encrypted_pwd = "xxx"
|
29
|
+
decrypted_pwd = Envcrypt::decrypt(encrypted_pwd, key: ENV['ENVCRYPT_KEY'])
|
30
|
+
````
|
31
|
+
|
32
|
+
The second argument to decrypt is **optional**. The default `key` is
|
33
|
+
`ENV['ENVCRYPT_KEY']`, but you have to option to set it explicitly if you want to
|
34
|
+
get it from somewhere else.
|
35
|
+
|
36
|
+
##### Optional
|
37
|
+
|
38
|
+
**Need to be able to set a mode so we can use this with Heroku's version of OpenSSL.
|
39
|
+
Not sure exactly how this will work**
|
40
|
+
|
41
|
+
##### Using existing keys to encrypt secrets
|
42
|
+
|
43
|
+
Secrets can also be encrypted using existing keys if you want to use
|
44
|
+
one key to encrypt multiple secrets.
|
45
|
+
|
46
|
+
````ruby
|
47
|
+
$ envcrypt -p mypassword -k xxx
|
48
|
+
````
|
49
|
+
|
50
|
+
|
51
|
+
## Use case
|
52
|
+
|
53
|
+
Suppose I've got a web API that only accepts plaintext passwords. I
|
54
|
+
need to store that password in a database or in a file somewhere to
|
55
|
+
automate an interface with the web API. If an attacker somehow gains
|
56
|
+
access to the database or file, I'm screwed if I store the password as
|
57
|
+
plaintext or use some simple obfuscation. Envcrypt allows me to store
|
58
|
+
an encrypted version of the password and decrypt it only when needed.
|
59
|
+
The trick is to access the decryption key from an environment
|
60
|
+
variable. These can be set from the command line before launching the
|
61
|
+
automated process, in a locked down .bashrc file, or as Heroku config
|
62
|
+
variables.
|
63
|
+
|
64
|
+
Of course, if an attacker was able to get a hold of *both* the password
|
65
|
+
and the decryption keys, you're screwed, but security is all about making
|
66
|
+
it difficult for attackers.
|
data/envcrypt.gemspec
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
$:.push File.expand_path("../lib", __FILE__)
|
3
|
+
|
4
|
+
#require 'envcrypt/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |s|
|
7
|
+
s.name = "envcrypt"
|
8
|
+
s.version = "0.0.0" #Birst_Command::VERSION
|
9
|
+
s.authors = ["Sterling Paramore"]
|
10
|
+
s.email = ["gnilrets@gmail.com"]
|
11
|
+
s.homepage = "https://github.com/gnilrets"
|
12
|
+
s.license = "MIT"
|
13
|
+
s.summary = "Simple secure encryption/decryption of secret data"
|
14
|
+
s.description = "Simple secure encryption/decryption of secret data (passwords)"
|
15
|
+
s.rubyforge_project = "envcrypt"
|
16
|
+
|
17
|
+
s.required_ruby_version = '~> 2'
|
18
|
+
|
19
|
+
s.files = `git ls-files`.split("\n")
|
20
|
+
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
21
|
+
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
22
|
+
s.require_paths = ["lib"]
|
23
|
+
end
|
metadata
ADDED
@@ -0,0 +1,48 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: envcrypt
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Sterling Paramore
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2014-05-30 00:00:00.000000000 Z
|
12
|
+
dependencies: []
|
13
|
+
description: Simple secure encryption/decryption of secret data (passwords)
|
14
|
+
email:
|
15
|
+
- gnilrets@gmail.com
|
16
|
+
executables: []
|
17
|
+
extensions: []
|
18
|
+
extra_rdoc_files: []
|
19
|
+
files:
|
20
|
+
- Gemfile
|
21
|
+
- LICENSE
|
22
|
+
- README.md
|
23
|
+
- envcrypt.gemspec
|
24
|
+
homepage: https://github.com/gnilrets
|
25
|
+
licenses:
|
26
|
+
- MIT
|
27
|
+
metadata: {}
|
28
|
+
post_install_message:
|
29
|
+
rdoc_options: []
|
30
|
+
require_paths:
|
31
|
+
- lib
|
32
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
33
|
+
requirements:
|
34
|
+
- - ~>
|
35
|
+
- !ruby/object:Gem::Version
|
36
|
+
version: '2'
|
37
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
38
|
+
requirements:
|
39
|
+
- - '>='
|
40
|
+
- !ruby/object:Gem::Version
|
41
|
+
version: '0'
|
42
|
+
requirements: []
|
43
|
+
rubyforge_project: envcrypt
|
44
|
+
rubygems_version: 2.2.2
|
45
|
+
signing_key:
|
46
|
+
specification_version: 4
|
47
|
+
summary: Simple secure encryption/decryption of secret data
|
48
|
+
test_files: []
|