eyaml 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: e589d4929a268cf0c2d783b52e67da11a5ddea2a471f826f5d440de02b39f56e
+  data.tar.gz: 1f94b57be40ec52893b62aea8f16ee0a81a997b69672852c3430553e2aa24f5f
+SHA512:
+  metadata.gz: 6a1ba5c9640edbe938325c02290405c102ba10f7a68f01c7701740944a208cf531abdc95b94f3ed730e9db90ebf89db848eedf6ad45eec7ddf6b39c362b4480f
+  data.tar.gz: 4e3490d63c5319fa6855a4257fe848663709ecc4e1d54105332f9b2a30352edf0a9221999f58a1a5ba61165721ef0d3627a5c166204a533ac55c6a6c4b6b29c1

data/.github/workflows/test.yml

@@ -0,0 +1,21 @@
+name: ruby
+on: push
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Run with fresh bundle
+        run: rm Gemfile.lock
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+
+      - name: Run tests
+        run: bundle exec rake spec

data/.gitignore

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.ruby-version

@@ -0,0 +1 @@
+3.0.0

data/Gemfile

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gemspec
+
+gem "ffi", github: "cheddar-me/ffi", branch: "apple-m1", submodules: true
+gem "rbnacl"
+
+gem "railties"
+
+gem "pry"
+gem "fakefs"

data/Gemfile.lock

@@ -0,0 +1,107 @@
+GIT
+  remote: https://github.com/cheddar-me/ffi.git
+  revision: 6d091e74c04c4bae9680c47595d58e879469790c
+  branch: apple-m1
+  submodules: true
+  specs:
+    ffi (1.15.0)
+
+PATH
+  remote: .
+  specs:
+    eyaml (0.1.0)
+      rbnacl (~> 7.1)
+      thor (~> 1.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionpack (6.1.3.1)
+      actionview (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
+      rack (~> 2.0, >= 2.0.9)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actionview (6.1.3.1)
+      activesupport (= 6.1.3.1)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activesupport (6.1.3.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
+    builder (3.2.4)
+    coderay (1.1.3)
+    concurrent-ruby (1.1.8)
+    crass (1.0.6)
+    diff-lcs (1.4.4)
+    erubi (1.10.0)
+    fakefs (1.3.2)
+    i18n (1.8.10)
+      concurrent-ruby (~> 1.0)
+    loofah (2.9.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    method_source (1.0.0)
+    minitest (5.14.4)
+    nokogiri (1.11.2-arm64-darwin)
+      racc (~> 1.4)
+    pry (0.14.0)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    racc (1.5.2)
+    rack (2.2.3)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    railties (6.1.3.1)
+      actionpack (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
+      method_source
+      rake (>= 0.8.7)
+      thor (~> 1.0)
+    rake (13.0.3)
+    rbnacl (7.1.1)
+      ffi
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.2)
+    thor (1.1.0)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    zeitwerk (2.4.2)
+
+PLATFORMS
+  arm64-darwin-20
+
+DEPENDENCIES
+  eyaml!
+  fakefs
+  ffi!
+  pry
+  railties
+  rake (~> 13.0)
+  rbnacl
+  rspec (~> 3.0)
+
+BUNDLED WITH
+   2.2.15

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2021 Emil Stolarsky
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,107 @@
+# eyaml
+
+`eyaml` is a tool for asymmetric encryption of YAML and JSON files. It's largely based on [`ejson`](https://github.com/Shopify/ejson) and backwards compatible with any `*.ejson` file.
+
+Assymetric encryption is handled by [RubyCrypto/rbnacl](https://github.com/RubyCrypto/rbnacl/wiki) using a [sealed box](https://github.com/RubyCrypto/rbnacl/wiki/Public-Key-Encryption).
+
+## Installation
+
+To install `eyaml`, run:
+
+```shell
+gem install eyaml
+```
+
+Or alternatively, you can add it to your Gemfile:
+```ruby
+gem 'eyaml'
+```
+
+### Dependencies
+
+`eyaml` depends on [libsodium](https://github.com/jedisct1/libsodium). At least `1.0.0` is required.
+
+For MacOS users, libsodium is available via homebrew and can be installed with:
+```shell
+brew install libsodium
+```
+
+## Usage
+
+`eyaml` requires that a file has a `_public_key` attribute that corresponds to the value generated by running `eyaml keygen`. Adding a plaintext value into the file and running `eyaml encrypt secrets.eyaml` (for a file called `secrets.eyaml`) will encrypt the value using the public key in the same file. To decrypt, ensure a private key is accessible and run `eyaml decrypt secrets.eyaml`
+
+`eyaml` supports both JSON and YAML with the extensions `eyaml`, `eyml`, and `ejson`. It will using the extension to determine the format of its output.
+
+### CLI
+
+`eyaml` is primarily interacted through its CLI.
+
+```
+-> % eyaml help
+Commands:
+  eyaml decrypt         # Decrypt an EYAML file
+  eyaml encrypt         # (Re-)encrypt one or more EYAML files
+  eyaml help [COMMAND]  # Describe available commands or one specific command
+  eyaml keygen          # Generate a new EYAML keypair
+
+Options:
+  -k, [--keydir=KEYDIR]  # Directory containing EYAML keys
+```
+
+#### `eyaml encrypt`
+
+(Re-)encrypt one or more EYAML files. This is used whenever you add a new value to the config file.
+
+```shell
+-> % eyaml encrypt config/secrets.production.eyaml
+Wrote 517 bytes to config/secrets.production.eyaml.
+```
+
+
+#### `eyaml decrypt`
+
+Decrypts the provided EYAML file.
+
+```shell
+-> % eyaml decrypt config/secrets.production.eyaml
+_public_key: d1c7ba73c520445c5ba14984da8119f2f7b8df7bcdb3f37f5afe9613b118936a
+secret: password
+```
+
+#### `eyaml keygen`
+
+Generates the keypair for the encryption flow to work. The public key must be placed into the file at `_public_key` and the private key must be saved in the default key directory (`/opt/ejson/keys`) with the filename being the public key and the contents, the private key, a key directory you'll provide later, or just pass the `--write` flag for `eyaml` to handle it for you.
+
+```shell
+-> % eyaml keygen
+Public Key: a3dbdef9efd1e52a34588de56a6cf9b03bbc2aaf0edda145cfbd9a6370a0a849
+Private Key: b01592942ba10f152bcf7c6b6734f6392554c578ff24cebcc62f9e3da6fcf302
+
+# Or by using the --write flag
+
+-> % eyaml keygen --write
+Public Key: a3dbdef9efd1e52a34588de56a6cf9b03bbc2aaf0edda145cfbd9a6370a0a849
+
+-> % cat /opt/ejson/keys/a3dbdef9efd1e52a34588de56a6cf9b03bbc2aaf0edda145cfbd9a6370a0a849
+b01592942ba10f152bcf7c6b6734f6392554c578ff24cebcc62f9e3da6fcf302
+```
+
+### Rails
+
+`eyaml` comes with baked in Rails support. It will search for a secrets file in `config/`, decrypt, and load the first valid one it finds.
+`secrets.{eyaml|eyml|ejson}` (e.g. `config/secrets.eyaml`) then `secrets.$env.{eyaml|eyml|ejson}` (e.g. `secrets.production.eyml`).
+
+Instead of needing a private key locally, you can provide it to EYAML by setting `EJSON_PRIVATE_KEY` and it'll be automatically used for decrypting the secrets file.
+
+### Apple M1 Support
+
+If you're using the new Apple M1, you need to ensure that you're using a `ffi` that is working. We've temporarily been including a fork with a fix in any `Gemfile` where we've included `eyaml`:
+
+```ruby
+gem "ffi", github: "cheddar-me/ffi", branch: "apple-m1", submodules: true
+```
+
+## Development
+
+To get started, make sure you have a working version of Ruby locally. Then clone the repo, and run `bin/setup` (this will install `libsodium` if you're on a Mac and setup bundler). Running `bundle exec rake` or `bundle exec rake spec` will run the test suite.
+

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/console

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "eyaml"
+
+require "pry"
+Pry.start

data/bin/eyaml

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "eyaml"
+
+EYAML::CLI.start(ARGV)

data/bin/setup

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+if [ -e "/opt/homebrew/bin/brew" ]; then
+  /opt/homebrew/bin/brew install libsodium
+fi
+
+bundle install

data/eyaml.gemspec

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require_relative "lib/eyaml/version"
+
+Gem::Specification.new do |spec|
+  spec.name = "eyaml"
+  spec.version = EYAML::VERSION
+  spec.authors = ["Emil Stolarsky"]
+  spec.email = ["emil@cheddar.me"]
+
+  spec.summary = "Asymmetric keywise encryption for YAML"
+  spec.description = "Secret management by encrypting values in a YAML file with a public/private keypair"
+  spec.homepage = "https://github.com/cheddar-me/eyaml"
+  spec.license = "MIT"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.5.1")
+
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{\A(?:test|spec|features)/}) }
+  end
+  spec.bindir = "bin"
+  spec.executables = "eyaml"
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "thor", "~> 1.1"
+  spec.add_dependency "rbnacl", "~> 7.1"
+
+  spec.add_development_dependency("rake", "~> 13.0")
+  spec.add_development_dependency("rspec", "~> 3.0")
+end

data/lib/eyaml.rb

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+require "thor"
+require "rbnacl"
+require "base64"
+require "yaml"
+require "json"
+require "pathname"
+
+module EYAML
+  class MissingPublicKey < StandardError; end
+
+  DEFAULT_KEYDIR = "/opt/ejson/keys"
+  INTERNAL_PUB_KEY = "_public_key"
+  SUPPORTED_EXTENSIONS = %w[eyaml eyml ejson]
+
+  class << self
+    def generate_keypair(save: false, keydir: nil)
+      public_key, private_key = EncryptionManager.new_keypair
+
+      if save
+        keypair_file_path = File.expand_path(public_key, ensure_keydir(keydir))
+        File.write(keypair_file_path, private_key)
+      end
+
+      [public_key, private_key]
+    end
+
+    def encrypt(plaindata, keydir: nil)
+      public_key = load_public_key(plaindata)
+      private_key = load_private_key_from(public_key: public_key, keydir: keydir)
+
+      encryption_manager = EncryptionManager.new(plaindata, public_key, private_key)
+      encryption_manager.encrypt
+    end
+
+    def encrypt_file_in_place(file_path, keydir: nil)
+      plaindata = YAML.load_file(file_path)
+      cipherdata = encrypt(plaindata, keydir: keydir)
+
+      eyaml = format_for_file(cipherdata, file_path)
+
+      File.write(file_path, eyaml)
+      eyaml.bytesize
+    end
+
+    def decrypt(cipherdata, **key_options)
+      public_key = load_public_key(cipherdata)
+      private_key = load_private_key_from(public_key: public_key, **key_options)
+
+      encryption_manager = EncryptionManager.new(cipherdata, public_key, private_key)
+      encryption_manager.decrypt
+    end
+
+    def decrypt_file(file_path, **key_options)
+      cipherdata = YAML.load_file(file_path)
+      plaindata = decrypt(cipherdata, **key_options)
+      format_for_file(plaindata, file_path)
+    end
+
+    private
+
+    def load_public_key(data)
+      raise EYAML::MissingPublicKey unless data.has_key?(INTERNAL_PUB_KEY)
+      data.fetch(INTERNAL_PUB_KEY)
+    end
+
+    def load_private_key_from(public_key:, keydir: nil, private_key: nil)
+      return private_key unless private_key.nil?
+      File.read(File.expand_path(public_key, ensure_keydir(keydir)))
+    end
+
+    def ensure_keydir(keydir)
+      keydir || ENV["EJSON_KEYDIR"] || DEFAULT_KEYDIR
+    end
+
+    def format_for_file(data, file_path)
+      case File.extname(file_path)
+      when ".eyaml", ".eyml"
+        EYAML::Util.pretty_yaml(data)
+      when ".ejson"
+        JSON.pretty_generate(data)
+      else
+        raise EYAML::InvalidFormatError, "Unsupported file type"
+      end
+    end
+  end
+end
+
+require_relative "eyaml/version"
+require_relative "eyaml/util"
+require_relative "eyaml/cli"
+require_relative "eyaml/encryption_manager"
+require_relative "eyaml/railtie" if defined?(Rails)

data/lib/eyaml/cli.rb

@@ -0,0 +1,70 @@
+module EYAML
+  class InvalidFormatError < StandardError; end
+
+  class CLI < Thor
+    class_option :keydir, aliases: "-k", type: :string, desc: "Directory containing EYAML keys"
+
+    desc "encrypt", "(Re-)encrypt one or more EYAML files"
+    def encrypt(*files)
+      files.each do |file|
+        file_path = Pathname.new(file)
+        next unless file_path.exist?
+
+        bytes_written = EYAML.encrypt_file_in_place(
+          file_path,
+          keydir: options.fetch(:keydir, nil)
+        )
+
+        puts "Wrote #{bytes_written} bytes to #{file_path}."
+      end
+    end
+
+    method_option :output, type: :string, desc: "print output to the provided file, rather than stdout", aliases: "-o"
+    method_option :"key-from-stdin", type: :boolean, desc: "read the private key from STDIN", default: false
+    desc "decrypt", "Decrypt an EYAML file"
+    def decrypt(file)
+      file_path = Pathname.new(file)
+      unless file_path.exist?
+        puts "#{file} doesn't exist"
+        return
+      end
+
+      key_options = if options.fetch(:"key-from-stdin")
+        # Read key from STDIN
+        {private_key: $stdin.gets}
+      else
+        {keydir: options.fetch(:keydir, nil)}
+      end
+
+      eyaml = EYAML.decrypt_file(file, **key_options)
+
+      if options.has_key?("output")
+        output_file = Pathname.new(options.fetch(:output))
+        File.write(output_file, eyaml)
+        return
+      end
+
+      puts eyaml
+    end
+
+    method_option :write, type: :boolean, aliases: "-w", desc: "rather than printing both keys, print the public and write the private into the keydir", default: false
+    desc "keygen", "Generate a new EYAML keypair"
+    def keygen
+      public_key, private_key = EYAML.generate_keypair(
+        save: options.fetch(:write),
+        keydir: options.fetch(:keydir, nil)
+      )
+
+      puts "Public Key: #{public_key}"
+      puts "Private Key: #{private_key}" unless options.fetch(:write)
+    end
+
+    map e: :encrypt
+    map d: :decrypt
+    map g: :keygen
+
+    def self.exit_on_failure?
+      true
+    end
+  end
+end

data/lib/eyaml/encryption_manager.rb

@@ -0,0 +1,99 @@
+module EYAML
+  class UnsupportedVersionError < StandardError; end
+
+  class EncryptionManager
+    FORMAT_REGEX = /\AEJ\[(?<version>[^:]+):(?<session_public_key>[^:]+):(?<nonce>[^:]+):(?<text>[^\]]+)\]\z/
+    FORMAT_VERSION = "1"
+
+    class << self
+      def new_keypair
+        private_key = RbNaCl::PrivateKey.generate
+
+        [
+          RbNaCl::Util.bin2hex(private_key.public_key),
+          RbNaCl::Util.bin2hex(private_key)
+        ]
+      end
+    end
+
+    def initialize(yaml, public_key, private_key)
+      @tree = yaml
+      @public_key = EYAML::Util.ensure_binary_encoding(public_key)
+      @private_key = EYAML::Util.ensure_binary_encoding(private_key)
+    end
+
+    def decrypt
+      traverse(@tree) do |text|
+        encrypted?(text) ? decrypt_text(text) : text
+      end
+    end
+
+    def encrypt
+      traverse(@tree) do |text|
+        encrypted?(text) ? text : encrypt_text(text)
+      end
+    end
+
+    private
+
+    def encrypt_text(plaintext)
+      nonce = RbNaCl::Random.random_bytes(encryption_box.nonce_bytes)
+      ciphertext = encryption_box.encrypt(nonce, plaintext)
+
+      [
+        "EJ[#{FORMAT_VERSION}",
+        Base64.strict_encode64(session_public_key),
+        Base64.strict_encode64(nonce),
+        "#{Base64.strict_encode64(ciphertext)}]"
+      ].join(":")
+    end
+
+    def decrypt_text(ciphertext)
+      captures = ciphertext.match(FORMAT_REGEX).named_captures
+      wire_version = captures.fetch("version")
+      old_session_public_key = Base64.decode64(captures.fetch("session_public_key"))
+      nonce = Base64.decode64(captures.fetch("nonce"))
+      text = Base64.decode64(captures.fetch("text"))
+
+      raise UnsupportedVersionError, "EYAML only supports version 1" unless wire_version == FORMAT_VERSION
+
+      box = decryption_box(old_session_public_key)
+      box.decrypt(nonce, text)
+    end
+
+    def encryption_box
+      @encryption_box ||= RbNaCl::Box.new(@public_key, session_private_key)
+    end
+
+    def decryption_box(public_key_encrypted_with)
+      @decryption_box ||= {}
+      @decryption_box[public_key_encrypted_with] ||= RbNaCl::Box.new(public_key_encrypted_with, @private_key)
+    end
+
+    def session_private_key
+      @session_private_key ||= RbNaCl::PrivateKey.generate
+    end
+
+    def session_public_key
+      @session_public_key ||= session_private_key.public_key
+    end
+
+    def encrypted?(text)
+      FORMAT_REGEX.match?(text)
+    end
+
+    def traverse(tree, &block)
+      tree.map do |key, value|
+        if value.is_a?(Hash)
+          next [key, traverse(value, &block)]
+        end
+        # TODO(es): Add tests for keys with an underscore prefix not doing a nested skip
+        if key.start_with?("_")
+          next [key, value]
+        end
+
+        [key, block.call(value)]
+      end.to_h
+    end
+  end
+end

data/lib/eyaml/railtie.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module EYAML
+  module Rails
+    Rails = ::Rails
+    private_constant :Rails
+
+    class Railtie < Rails::Railtie
+      PRIVATE_KEY_ENV_VAR = "EJSON_PRIVATE_KEY"
+
+      config.before_configuration do
+        secrets_files.each do |file|
+          next unless valid?(file)
+
+          # If private_key is nil (i.e. when $EJSON_PRIVATE_KEY is not set), EYAML will search
+          # for a public/private key in the key directory (either $EJSON_KEYDIR, if set, or /opt/ejson/keys)
+          cipherdata = YAML.load_file(file)
+          secrets = EYAML.decrypt(cipherdata, private_key: ENV[PRIVATE_KEY_ENV_VAR])
+            .deep_symbolize_keys
+            .except(:_public_key)
+
+          break Rails.application.secrets.deep_merge!(secrets)
+        end
+      end
+
+      class << self
+        private
+
+        def valid?(pathname)
+          pathname.exist?
+        end
+
+        def secrets_files
+          EYAML::SUPPORTED_EXTENSIONS.map do |ext|
+            [
+              Rails.root.join("config", "secrets.#{ext}"),
+              Rails.root.join("config", "secrets.#{Rails.env}.#{ext}")
+            ]
+          end.flatten
+        end
+      end
+    end
+  end
+end

data/lib/eyaml/util.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module EYAML
+  class Util
+    class << self
+      def pretty_yaml(some_hash)
+        some_hash.to_yaml.delete_prefix("---\n")
+      end
+
+      def ensure_binary_encoding(str)
+        if str.encoding == Encoding::BINARY
+          return str
+        end
+
+        RbNaCl::Util.hex2bin(str)
+      end
+    end
+  end
+end

data/lib/eyaml/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module EYAML
+  VERSION = "0.1.0"
+end

metadata

@@ -0,0 +1,120 @@
+--- !ruby/object:Gem::Specification
+name: eyaml
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Emil Stolarsky
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2021-04-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: rbnacl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.1'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: Secret management by encrypting values in a YAML file with a public/private
+  keypair
+email:
+- emil@cheddar.me
+executables:
+- eyaml
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/workflows/test.yml"
+- ".gitignore"
+- ".rspec"
+- ".ruby-version"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/eyaml
+- bin/setup
+- eyaml.gemspec
+- lib/eyaml.rb
+- lib/eyaml/cli.rb
+- lib/eyaml/encryption_manager.rb
+- lib/eyaml/railtie.rb
+- lib/eyaml/util.rb
+- lib/eyaml/version.rb
+homepage: https://github.com/cheddar-me/eyaml
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.5.1
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.3
+signing_key:
+specification_version: 4
+summary: Asymmetric keywise encryption for YAML
+test_files: []