eyaml 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/test.yml +1 -1
  3. data/.ruby-version +1 -1
  4. data/Gemfile.lock +87 -52
  5. data/README.md +15 -2
  6. data/lib/eyaml/railtie.rb +20 -7
  7. data/lib/eyaml/version.rb +1 -1
  8. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1e4b127ccafc6ab14c9da7266669041481c0403b562d95bb7cc672daab58c48b
4
- data.tar.gz: 2489ecf885a7fbb225b4c50da2fe99cdea277c548268cd81df372d149585e0ac
3
+ metadata.gz: 99ad0ac7614ce464c44623e271371bad722452f5e0fc1d8fd1e0c60d7516b715
4
+ data.tar.gz: 83e6571f04e5552ef626466dcad9deb8201c091225867ba1e5bd7807473948de
5
5
  SHA512:
6
- metadata.gz: 974db15344c1a5ba71d3691b6e99f70d39aeb2d74f71c9bd0e9ee372b8ccac392af538e7516457c692a824385348cea3102e4e5100f57814136d234d598e2793
7
- data.tar.gz: dbcaf11b7dfdf87276f4e9a70f13132d7910b2f69544f16238d6f51354ea03ac2994def24251aec36dd7b37fbe822c5c1a8cb6ded423572191e7e15f7433b701
6
+ metadata.gz: 8bed58a4aff4c38b7282528cf39bc34446e4c9c203ebc14ce690a5b265c4bc9dff737c4ad5af73997fdec15c75413a38bc84d6b40a15bf8f254f942084585b29
7
+ data.tar.gz: b220b9015b016ce95411304ad702ba618893deaed0a3c5eca9ee98c2e7a6166823df1127d457af9ec28a160fdde9a1bfc79b074ca7bca2e9955ec1c7e0846912
data/.github/workflows/test.yml CHANGED
@@ -7,7 +7,7 @@ jobs:
7
7
 
8
8
  steps:
9
9
  - name: Checkout code
10
- uses: actions/checkout@v2
10
+ uses: actions/checkout@v3.1.0
11
11
 
12
12
  - name: Run with fresh bundle
13
13
  run: rm Gemfile.lock
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 3.0.0
1
+ 3.2.2
data/Gemfile.lock CHANGED
@@ -1,89 +1,124 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- eyaml (0.3.0)
4
+ eyaml (0.4.0)
5
5
  rbnacl (~> 7.1)
6
6
  thor (~> 1.1)
7
7
 
8
8
  GEM
9
9
  remote: https://rubygems.org/
10
10
  specs:
11
- actionpack (7.0.1)
12
- actionview (= 7.0.1)
13
- activesupport (= 7.0.1)
14
- rack (~> 2.0, >= 2.2.0)
11
+ actionpack (7.1.3)
12
+ actionview (= 7.1.3)
13
+ activesupport (= 7.1.3)
14
+ nokogiri (>= 1.8.5)
15
+ racc
16
+ rack (>= 2.2.4)
17
+ rack-session (>= 1.0.1)
15
18
  rack-test (>= 0.6.3)
16
- rails-dom-testing (~> 2.0)
17
- rails-html-sanitizer (~> 1.0, >= 1.2.0)
18
- actionview (7.0.1)
19
- activesupport (= 7.0.1)
19
+ rails-dom-testing (~> 2.2)
20
+ rails-html-sanitizer (~> 1.6)
21
+ actionview (7.1.3)
22
+ activesupport (= 7.1.3)
20
23
  builder (~> 3.1)
21
- erubi (~> 1.4)
22
- rails-dom-testing (~> 2.0)
23
- rails-html-sanitizer (~> 1.1, >= 1.2.0)
24
- activesupport (7.0.1)
24
+ erubi (~> 1.11)
25
+ rails-dom-testing (~> 2.2)
26
+ rails-html-sanitizer (~> 1.6)
27
+ activesupport (7.1.3)
28
+ base64
29
+ bigdecimal
25
30
  concurrent-ruby (~> 1.0, >= 1.0.2)
31
+ connection_pool (>= 2.2.5)
32
+ drb
26
33
  i18n (>= 1.6, < 2)
27
34
  minitest (>= 5.1)
35
+ mutex_m
28
36
  tzinfo (~> 2.0)
37
+ base64 (0.2.0)
38
+ bigdecimal (3.1.6)
29
39
  builder (3.2.4)
30
40
  coderay (1.1.3)
31
- concurrent-ruby (1.1.9)
41
+ concurrent-ruby (1.2.3)
42
+ connection_pool (2.4.1)
32
43
  crass (1.0.6)
33
44
  diff-lcs (1.5.0)
34
- erubi (1.10.0)
35
- fakefs (1.4.0)
45
+ drb (2.2.0)
46
+ ruby2_keywords
47
+ erubi (1.12.0)
48
+ fakefs (1.8.0)
36
49
  ffi (1.15.5)
37
- i18n (1.8.11)
50
+ i18n (1.14.1)
38
51
  concurrent-ruby (~> 1.0)
39
- loofah (2.13.0)
52
+ io-console (0.7.2)
53
+ irb (1.11.1)
54
+ rdoc
55
+ reline (>= 0.4.2)
56
+ loofah (2.22.0)
40
57
  crass (~> 1.0.2)
41
- nokogiri (>= 1.5.9)
58
+ nokogiri (>= 1.12.0)
42
59
  method_source (1.0.0)
43
- minitest (5.15.0)
44
- nokogiri (1.13.4-arm64-darwin)
60
+ minitest (5.21.2)
61
+ mutex_m (0.2.0)
62
+ nokogiri (1.16.0-arm64-darwin)
45
63
  racc (~> 1.4)
46
- nokogiri (1.13.4-x86_64-linux)
64
+ nokogiri (1.16.0-x86_64-linux)
47
65
  racc (~> 1.4)
48
- pry (0.14.1)
66
+ pry (0.14.2)
49
67
  coderay (~> 1.1)
50
68
  method_source (~> 1.0)
51
- racc (1.6.0)
52
- rack (2.2.3)
53
- rack-test (1.1.0)
54
- rack (>= 1.0, < 3)
55
- rails-dom-testing (2.0.3)
56
- activesupport (>= 4.2.0)
69
+ psych (5.1.2)
70
+ stringio
71
+ racc (1.7.3)
72
+ rack (3.0.8)
73
+ rack-session (2.0.0)
74
+ rack (>= 3.0.0)
75
+ rack-test (2.1.0)
76
+ rack (>= 1.3)
77
+ rackup (2.1.0)
78
+ rack (>= 3)
79
+ webrick (~> 1.8)
80
+ rails-dom-testing (2.2.0)
81
+ activesupport (>= 5.0.0)
82
+ minitest
57
83
  nokogiri (>= 1.6)
58
- rails-html-sanitizer (1.4.2)
59
- loofah (~> 2.3)
60
- railties (7.0.1)
61
- actionpack (= 7.0.1)
62
- activesupport (= 7.0.1)
63
- method_source
84
+ rails-html-sanitizer (1.6.0)
85
+ loofah (~> 2.21)
86
+ nokogiri (~> 1.14)
87
+ railties (7.1.3)
88
+ actionpack (= 7.1.3)
89
+ activesupport (= 7.1.3)
90
+ irb
91
+ rackup (>= 1.0.0)
64
92
  rake (>= 12.2)
65
- thor (~> 1.0)
66
- zeitwerk (~> 2.5)
67
- rake (13.0.6)
93
+ thor (~> 1.0, >= 1.2.2)
94
+ zeitwerk (~> 2.6)
95
+ rake (13.1.0)
68
96
  rbnacl (7.1.1)
69
97
  ffi
70
- rspec (3.10.0)
71
- rspec-core (~> 3.10.0)
72
- rspec-expectations (~> 3.10.0)
73
- rspec-mocks (~> 3.10.0)
74
- rspec-core (3.10.1)
75
- rspec-support (~> 3.10.0)
76
- rspec-expectations (3.10.1)
98
+ rdoc (6.6.2)
99
+ psych (>= 4.0.0)
100
+ reline (0.4.2)
101
+ io-console (~> 0.5)
102
+ rspec (3.12.0)
103
+ rspec-core (~> 3.12.0)
104
+ rspec-expectations (~> 3.12.0)
105
+ rspec-mocks (~> 3.12.0)
106
+ rspec-core (3.12.2)
107
+ rspec-support (~> 3.12.0)
108
+ rspec-expectations (3.12.3)
77
109
  diff-lcs (>= 1.2.0, < 2.0)
78
- rspec-support (~> 3.10.0)
79
- rspec-mocks (3.10.2)
110
+ rspec-support (~> 3.12.0)
111
+ rspec-mocks (3.12.6)
80
112
  diff-lcs (>= 1.2.0, < 2.0)
81
- rspec-support (~> 3.10.0)
82
- rspec-support (3.10.3)
83
- thor (1.2.1)
84
- tzinfo (2.0.4)
113
+ rspec-support (~> 3.12.0)
114
+ rspec-support (3.12.1)
115
+ ruby2_keywords (0.0.5)
116
+ stringio (3.1.0)
117
+ thor (1.3.0)
118
+ tzinfo (2.0.6)
85
119
  concurrent-ruby (~> 1.0)
86
- zeitwerk (2.5.3)
120
+ webrick (1.8.1)
121
+ zeitwerk (2.6.12)
87
122
 
88
123
  PLATFORMS
89
124
  arm64-darwin-20
data/README.md CHANGED
@@ -70,7 +70,15 @@ secret: password
70
70
 
71
71
  #### `eyaml keygen`
72
72
 
73
- Generates the keypair for the encryption flow to work. The public key must be placed into the file at `_public_key` and the private key must be saved in the default key directory (`/opt/ejson/keys`) with the filename being the public key and the contents, the private key, a key directory you'll provide later, or just pass the `--write` flag for `eyaml` to handle it for you.
73
+ Generates the keypair for the encryption flow to work. The public key must be placed into the file at `_public_key` like this:
74
+ e.g.
75
+ ```shell
76
+ -> % cat config/credentials.development.eyaml
77
+ _public_key: a3dbdef9efd1e52a34588de56a6cf9b03bbc2aaf0edda145cfbd9a6370a0a849
78
+ my_secret: 85d1fca99d98c4e7b83b868f75f809e1e33346317b0c354b593cdcdc8793ad4e
79
+ ```
80
+
81
+ The private key must be saved in the default key directory (`/opt/ejson/keys`) with the filename being the public key and the contents, the private key, a key directory you'll provide later, or just pass the `--write` flag for `eyaml` to handle it for you.
74
82
 
75
83
  ```shell
76
84
  -> % eyaml keygen
@@ -88,9 +96,14 @@ b01592942ba10f152bcf7c6b6734f6392554c578ff24cebcc62f9e3da6fcf302
88
96
 
89
97
  ### Rails
90
98
 
91
- `eyaml` comes with baked in Rails support. It will search for a secrets file in `config/`, decrypt, and load the first valid one it finds.
99
+ `eyaml` comes with baked in Rails support. It will search for a secrets or credentials file in `config/`, decrypt, and load the first valid one it finds.
100
+ Credential files have priority over secrets before rails 7.2:
101
+ `credentials.{eyaml|eyml|ejson}` (e.g. `config/credentials.eyaml`) then `credentials.$env.{eyaml|eyml|ejson}` (e.g. `credentials.production.eyml`).
102
+ Then if no credentials are found it will look for a secrets file:
92
103
  `secrets.{eyaml|eyml|ejson}` (e.g. `config/secrets.eyaml`) then `secrets.$env.{eyaml|eyml|ejson}` (e.g. `secrets.production.eyml`).
93
104
 
105
+ Note: From rails 7.2 onwards secrets are deprecated and eyaml will only look for credential files.
106
+
94
107
  Instead of needing a private key locally, you can provide it to EYAML by setting `EJSON_PRIVATE_KEY` and it'll be automatically used for decrypting the secrets file.
95
108
 
96
109
  ### Apple M1 Support
data/lib/eyaml/railtie.rb CHANGED
@@ -9,7 +9,20 @@ module EYAML
9
9
  PRIVATE_KEY_ENV_VAR = "EJSON_PRIVATE_KEY"
10
10
 
11
11
  config.before_configuration do
12
- secrets_files.each do |file|
12
+ secret_files_present = Dir.glob(auth_files(:secrets)).any?
13
+ credential_files_present = Dir.glob(auth_files(:credentials)).any?
14
+
15
+ secrets_or_credentials = if Rails.version >= "7.2"
16
+ :credentials
17
+ else
18
+ if credential_files_present
19
+ :credentials
20
+ elsif secret_files_present
21
+ :secrets
22
+ end
23
+ end
24
+
25
+ auth_files(secrets_or_credentials).each do |file|
13
26
  next unless valid?(file)
14
27
 
15
28
  # If private_key is nil (i.e. when $EJSON_PRIVATE_KEY is not set), EYAML will search
@@ -19,7 +32,7 @@ module EYAML
19
32
  .deep_symbolize_keys
20
33
  .except(:_public_key)
21
34
 
22
- break Rails.application.secrets.deep_merge!(secrets)
35
+ break Rails.application.send(secrets_or_credentials).deep_merge!(secrets)
23
36
  end
24
37
  end
25
38
 
@@ -30,13 +43,13 @@ module EYAML
30
43
  pathname.exist?
31
44
  end
32
45
 
33
- def secrets_files
34
- EYAML::SUPPORTED_EXTENSIONS.map do |ext|
46
+ def auth_files(secrets_or_credentials)
47
+ EYAML::SUPPORTED_EXTENSIONS.flat_map do |ext|
35
48
  [
36
- Rails.root.join("config", "secrets.#{ext}"),
37
- Rails.root.join("config", "secrets.#{Rails.env}.#{ext}")
49
+ Rails.root.join("config", "#{secrets_or_credentials}.#{ext}"),
50
+ Rails.root.join("config", "#{secrets_or_credentials}.#{Rails.env}.#{ext}")
38
51
  ]
39
- end.flatten
52
+ end
40
53
  end
41
54
  end
42
55
  end
data/lib/eyaml/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module EYAML
4
- VERSION = "0.3.0"
4
+ VERSION = "0.4.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: eyaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Emil Stolarsky
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-04-25 00:00:00.000000000 Z
11
+ date: 2024-02-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thor
@@ -115,7 +115,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
115
115
  - !ruby/object:Gem::Version
116
116
  version: '0'
117
117
  requirements: []
118
- rubygems_version: 3.2.3
118
+ rubygems_version: 3.4.21
119
119
  signing_key:
120
120
  specification_version: 4
121
121
  summary: Asymmetric keywise encryption for YAML