fluent-plugin-encrypt 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +9 -0
  3. data/Gemfile +4 -0
  4. data/README.md +36 -0
  5. data/Rakefile +14 -0
  6. data/bin/fluent-plugin-encrypt-genkey +18 -0
  7. data/fluent-plugin-encrypt.gemspec +23 -0
  8. data/lib/fluent/plugin/filter_encrypt.rb +77 -0
  9. metadata +109 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: fee7cc24297fc5d3edaa60d93493f90aa79ebb72
4
+ data.tar.gz: 324f99c696e3dfcf5c9ec6a1c88fc5c7c1bc18a9
5
+ SHA512:
6
+ metadata.gz: befaad082eb596f63a949d586d17c62def86e9a4fcd908f60ac868250c34306240792ee170a8fcaf21779cd8d2826f68099e602cfe60f1b600bd8587331d1e1a
7
+ data.tar.gz: aa3a3845ac854f3bb5d439f0a139d54fb40ea16a1b9d373e83c92466de42fca1f73f426627c1c31b4b9bf313e3a2fae5a3f5d080f0456b69c656b4d518fe7457
data/.gitignore ADDED
@@ -0,0 +1,9 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in fluent-plugin-encrypt.gemspec
4
+ gemspec
data/README.md ADDED
@@ -0,0 +1,36 @@
1
+ # Fluent::Plugin::Encrypt
2
+
3
+ Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/fluent/plugin/encrypt`. To experiment with that code, run `bin/console` for an interactive prompt.
4
+
5
+ TODO: Delete this and the text above, and describe your gem
6
+
7
+ ## Installation
8
+
9
+ Add this line to your application's Gemfile:
10
+
11
+ ```ruby
12
+ gem 'fluent-plugin-encrypt'
13
+ ```
14
+
15
+ And then execute:
16
+
17
+ $ bundle
18
+
19
+ Or install it yourself as:
20
+
21
+ $ gem install fluent-plugin-encrypt
22
+
23
+ ## Usage
24
+
25
+ TODO: Write usage instructions here
26
+
27
+ ## Development
28
+
29
+ After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
30
+
31
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
32
+
33
+ ## Contributing
34
+
35
+ Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/fluent-plugin-encrypt.
36
+
data/Rakefile ADDED
@@ -0,0 +1,14 @@
1
+
2
+ require 'bundler'
3
+ Bundler::GemHelper.install_tasks
4
+
5
+ require 'rake/testtask'
6
+
7
+ Rake::TestTask.new(:test) do |test|
8
+ test.libs << 'lib' << 'test'
9
+ test.test_files = FileList['test/**/test_*.rb']
10
+ test.verbose = true
11
+ end
12
+
13
+ task :default => [:test]
14
+
data/bin/fluent-plugin-encrypt-genkey ADDED
@@ -0,0 +1,18 @@
1
+ #/usr/bin/env ruby
2
+ require 'openssl'
3
+
4
+ if ARGV.length != 2
5
+ puts "Usage: #{$0} <algorithm> <password>"
6
+ exit 1
7
+ end
8
+
9
+ cipher = OpenSSL::Cipher.new ARGV[0]
10
+ password = ARGV[1]
11
+
12
+ cipher.encrypt
13
+ iv = cipher.random_iv
14
+ salt = OpenSSL::Random.random_bytes(16)
15
+ key = OpenSSL::PKCS5.pbkdf2_hmac(password, salt, 20000, cipher.key_len, OpenSSL::Digest::SHA256.new)
16
+
17
+ puts "key=#{key.unpack('H*')[0].upcase}"
18
+ puts "iv =#{iv.unpack('H*')[0].upcase}"
data/fluent-plugin-encrypt.gemspec ADDED
@@ -0,0 +1,23 @@
1
+ # coding: utf-8
2
+
3
+ Gem::Specification.new do |spec|
4
+ spec.name = "fluent-plugin-encrypt"
5
+ spec.version = "0.1.1"
6
+ spec.authors = ["TAGOMORI Satoshi"]
7
+ spec.email = ["tagomoris@gmail.com"]
8
+
9
+ spec.summary = %q{Fluentd filter plugin to encrypt fields}
10
+ spec.description = %q{This plugin converts data of specified fields, by encrypting using AES and base64 encoding for encrypted values}
11
+ spec.homepage = "https://github.com/tagomoris/fluent-plugin-encrypt"
12
+
13
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
14
+ spec.bindir = "bin"
15
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
16
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
17
+ spec.require_paths = ["lib"]
18
+
19
+ spec.add_runtime_dependency "fluentd", "~> 0.12.0"
20
+ spec.add_development_dependency "bundler", "~> 1.11"
21
+ spec.add_development_dependency "rake", "~> 10.0"
22
+ spec.add_development_dependency "test-unit", "~> 3.0"
23
+ end
data/lib/fluent/plugin/filter_encrypt.rb ADDED
@@ -0,0 +1,77 @@
1
+ require 'fluent/filter'
2
+ require 'openssl'
3
+ require 'base64'
4
+
5
+ module Fluent
6
+ class EncryptFilter < Filter
7
+ Fluent::Plugin.register_filter('encrypt', self)
8
+
9
+ SUPPORTED_ALGORITHMS = {
10
+ aes_256_cbc: { name: "AES-256-CBC", use_iv: true },
11
+ aes_192_cbc: { name: "AES-192-CBC", use_iv: true },
12
+ aes_128_cbc: { name: "AES-128-CBC", use_iv: true },
13
+ aes_256_ecb: { name: "AES-256-ECB", use_iv: false },
14
+ aes_192_ecb: { name: "AES-192-ECB", use_iv: false },
15
+ aes_128_ecb: { name: "AES-128-ECB", use_iv: false },
16
+ }
17
+
18
+ config_param :algorithm, :enum, list: SUPPORTED_ALGORITHMS.keys, default: :aes_256_cbc
19
+ config_param :encrypt_key_hex, :string
20
+ config_param :encrypt_iv_hex, :string, default: nil
21
+
22
+ config_param :key, :string, default: nil
23
+ config_param :keys, :array, default: []
24
+
25
+ attr_reader :target_keys
26
+
27
+ def configure(conf)
28
+ super
29
+
30
+ @target_keys = @keys + [@key]
31
+ if @target_keys.empty?
32
+ raise Fluent::ConfigError, "no keys specified to be encrypted"
33
+ end
34
+
35
+ algorithm = SUPPORTED_ALGORITHMS[@algorithm]
36
+ if algorithm[:use_iv] && !@encrypt_iv_hex
37
+ raise Fluent::ConfigError, "Encryption algorithm #{@algorithm} requires 'encrypt_iv_hex'"
38
+ end
39
+
40
+ @enc_key = Base64.decode64(@encrypt_key_hex)
41
+ @enc_iv = if @encrypt_iv_hex
42
+ Base64.decode64(@encrypt_iv_hex)
43
+ else
44
+ nil
45
+ end
46
+ @enc_generator = ->(){
47
+ enc = OpenSSL::Cipher.new(algorithm[:name])
48
+ enc.encrypt
49
+ enc.key = @enc_key
50
+ enc.iv = @enc_iv if @enc_iv
51
+ enc
52
+ }
53
+ end
54
+
55
+ def filter_stream(tag, es)
56
+ new_es = MultiEventStream.new
57
+ es.each do |time, record|
58
+ r = record.dup
59
+ record.each_pair do |key, value|
60
+ if @target_keys.include?(key)
61
+ r[key] = encrypt(value)
62
+ end
63
+ end
64
+ new_es.add(time, r)
65
+ end
66
+ new_es
67
+ end
68
+
69
+ def encrypt(value)
70
+ encrypted = ""
71
+ enc = @enc_generator.call()
72
+ encrypted << enc.update(value)
73
+ encrypted << enc.final
74
+ Base64.encode64(encrypted)
75
+ end
76
+ end
77
+ end
metadata ADDED
@@ -0,0 +1,109 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: fluent-plugin-encrypt
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.1
5
+ platform: ruby
6
+ authors:
7
+ - TAGOMORI Satoshi
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2016-03-04 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: fluentd
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: 0.12.0
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: 0.12.0
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.11'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.11'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '10.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '10.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: test-unit
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '3.0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '3.0'
69
+ description: This plugin converts data of specified fields, by encrypting using AES
70
+ and base64 encoding for encrypted values
71
+ email:
72
+ - tagomoris@gmail.com
73
+ executables:
74
+ - fluent-plugin-encrypt-genkey
75
+ extensions: []
76
+ extra_rdoc_files: []
77
+ files:
78
+ - ".gitignore"
79
+ - Gemfile
80
+ - README.md
81
+ - Rakefile
82
+ - bin/fluent-plugin-encrypt-genkey
83
+ - fluent-plugin-encrypt.gemspec
84
+ - lib/fluent/plugin/filter_encrypt.rb
85
+ homepage: https://github.com/tagomoris/fluent-plugin-encrypt
86
+ licenses: []
87
+ metadata: {}
88
+ post_install_message:
89
+ rdoc_options: []
90
+ require_paths:
91
+ - lib
92
+ required_ruby_version: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
97
+ required_rubygems_version: !ruby/object:Gem::Requirement
98
+ requirements:
99
+ - - ">="
100
+ - !ruby/object:Gem::Version
101
+ version: '0'
102
+ requirements: []
103
+ rubyforge_project:
104
+ rubygems_version: 2.5.1
105
+ signing_key:
106
+ specification_version: 4
107
+ summary: Fluentd filter plugin to encrypt fields
108
+ test_files: []
109
+ has_rdoc: