envcrypt 0.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +7 -0
  2. data/Gemfile +2 -0
  3. data/LICENSE +21 -0
  4. data/README.md +66 -0
  5. data/envcrypt.gemspec +23 -0
  6. metadata +48 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 7670f789a389fdc05ec8478eeb4072aea8de5b01
4
+ data.tar.gz: cbd4f2c8a1c0a10f7b3be10bc7f9a9f9efa1faee
5
+ SHA512:
6
+ metadata.gz: 9a09fd0621123f10b47f68103b0ab5a2b7fba8700a8f3ebda98f549d893dc092946da69f8a9f6b579ad9c0d52f93764be333b6229ad96ac4f73a8f8acc88f548
7
+ data.tar.gz: 5f86edbfb5f91ed7fea2eadb629761e048e705c198357d23676190c85023efa2fb7120a78ef972543034b42007365885dd2e24fd2e941d58d5fe4863f4da04e9
data/Gemfile ADDED
@@ -0,0 +1,2 @@
1
+ source 'https://rubygems.org'
2
+ ruby '2.0.0'
data/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2014 Sterling Paramore
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,66 @@
1
+ Envcrypt
2
+ =========
3
+
4
+ Encryptor provides an easy way to securely encrypt and decrypt secrets
5
+ (passwords) that need to be stored for use in automated processes.
6
+
7
+ **Status:** Just have a README! Working on the rest.
8
+
9
+ ## Use
10
+
11
+ Encrypt a secret
12
+ ````ruby
13
+ $ envcrypt -p mypassword
14
+
15
+ encrypted: xxx
16
+ key: xxx
17
+ ````
18
+
19
+ Set the key as an environment variable (bash example)
20
+ ````bash
21
+ export ENVCRYPT_KEY=xxx
22
+ ````
23
+
24
+ Decrypt the password in Ruby code
25
+ ````ruby
26
+ require 'envcrypt'
27
+
28
+ encrypted_pwd = "xxx"
29
+ decrypted_pwd = Envcrypt::decrypt(encrypted_pwd, key: ENV['ENVCRYPT_KEY'])
30
+ ````
31
+
32
+ The second argument to decrypt is **optional**. The default `key` is
33
+ `ENV['ENVCRYPT_KEY']`, but you have to option to set it explicitly if you want to
34
+ get it from somewhere else.
35
+
36
+ ##### Optional
37
+
38
+ **Need to be able to set a mode so we can use this with Heroku's version of OpenSSL.
39
+ Not sure exactly how this will work**
40
+
41
+ ##### Using existing keys to encrypt secrets
42
+
43
+ Secrets can also be encrypted using existing keys if you want to use
44
+ one key to encrypt multiple secrets.
45
+
46
+ ````ruby
47
+ $ envcrypt -p mypassword -k xxx
48
+ ````
49
+
50
+
51
+ ## Use case
52
+
53
+ Suppose I've got a web API that only accepts plaintext passwords. I
54
+ need to store that password in a database or in a file somewhere to
55
+ automate an interface with the web API. If an attacker somehow gains
56
+ access to the database or file, I'm screwed if I store the password as
57
+ plaintext or use some simple obfuscation. Envcrypt allows me to store
58
+ an encrypted version of the password and decrypt it only when needed.
59
+ The trick is to access the decryption key from an environment
60
+ variable. These can be set from the command line before launching the
61
+ automated process, in a locked down .bashrc file, or as Heroku config
62
+ variables.
63
+
64
+ Of course, if an attacker was able to get a hold of *both* the password
65
+ and the decryption keys, you're screwed, but security is all about making
66
+ it difficult for attackers.
data/envcrypt.gemspec ADDED
@@ -0,0 +1,23 @@
1
+ # -*- encoding: utf-8 -*-
2
+ $:.push File.expand_path("../lib", __FILE__)
3
+
4
+ #require 'envcrypt/version'
5
+
6
+ Gem::Specification.new do |s|
7
+ s.name = "envcrypt"
8
+ s.version = "0.0.0" #Birst_Command::VERSION
9
+ s.authors = ["Sterling Paramore"]
10
+ s.email = ["gnilrets@gmail.com"]
11
+ s.homepage = "https://github.com/gnilrets"
12
+ s.license = "MIT"
13
+ s.summary = "Simple secure encryption/decryption of secret data"
14
+ s.description = "Simple secure encryption/decryption of secret data (passwords)"
15
+ s.rubyforge_project = "envcrypt"
16
+
17
+ s.required_ruby_version = '~> 2'
18
+
19
+ s.files = `git ls-files`.split("\n")
20
+ s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
21
+ s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
22
+ s.require_paths = ["lib"]
23
+ end
metadata ADDED
@@ -0,0 +1,48 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: envcrypt
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.0
5
+ platform: ruby
6
+ authors:
7
+ - Sterling Paramore
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2014-05-30 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: Simple secure encryption/decryption of secret data (passwords)
14
+ email:
15
+ - gnilrets@gmail.com
16
+ executables: []
17
+ extensions: []
18
+ extra_rdoc_files: []
19
+ files:
20
+ - Gemfile
21
+ - LICENSE
22
+ - README.md
23
+ - envcrypt.gemspec
24
+ homepage: https://github.com/gnilrets
25
+ licenses:
26
+ - MIT
27
+ metadata: {}
28
+ post_install_message:
29
+ rdoc_options: []
30
+ require_paths:
31
+ - lib
32
+ required_ruby_version: !ruby/object:Gem::Requirement
33
+ requirements:
34
+ - - ~>
35
+ - !ruby/object:Gem::Version
36
+ version: '2'
37
+ required_rubygems_version: !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - '>='
40
+ - !ruby/object:Gem::Version
41
+ version: '0'
42
+ requirements: []
43
+ rubyforge_project: envcrypt
44
+ rubygems_version: 2.2.2
45
+ signing_key:
46
+ specification_version: 4
47
+ summary: Simple secure encryption/decryption of secret data
48
+ test_files: []