gpgenv 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 61dc67c1d292e3bc921f5f9b339242b837343618
4
+ data.tar.gz: f7c17f198c57e38a52f82adacea4553ad2d8ea4f
5
+ SHA512:
6
+ metadata.gz: bf9163ff53362c7a6b6516ae7ec0b8278632070bf665199e965839a286bda5e27c14ccb1019fac4ae25a5a1d4ff3e9e1a81674777b3ed79860edfb2bf99a9898
7
+ data.tar.gz: c68b159231cab74e839b21de888e61294d9bc5c5d9e74b05b0010d0d4e92f00aea5fa54cf66d10ef896b7c5bf4785c124b342ad57ca9b0658f0ba09a46069435
data/.gitignore ADDED
@@ -0,0 +1,10 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
10
+ *.gem
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --format documentation
2
+ --color
data/.travis.yml ADDED
@@ -0,0 +1,3 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.1.3
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in gpgenv.gemspec
4
+ gemspec
data/LICENSE ADDED
@@ -0,0 +1,19 @@
1
+ The MIT License
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining a copy
4
+ of this software and associated documentation files (the "Software"), to deal
5
+ in the Software without restriction, including without limitation the rights
6
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7
+ copies of the Software, and to permit persons to whom the Software is
8
+ furnished to do so, subject to the following conditions:
9
+
10
+ The above copyright notice and this permission notice shall be included in
11
+ all copies or substantial portions of the Software.
12
+
13
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,64 @@
1
+ # Gpgenv
2
+
3
+ ## Wat?
4
+ Gpgenv is similar to [envdir](http://cr.yp.to/daemontools/envdir.html), but it lets you use gpg-encrypted
5
+ files. This is very useful if you want to store sensitive credentials on your machine, but you want to
6
+ keep them encrypted.
7
+
8
+ Please note that this is *not meant to run services*, despite its similarity to
9
+ envdir: When you use it, you will be required to enter the passphrase to decrypt the gpg files. Robots and
10
+ automated processes should not have this passphrase (otherwise, why encrypt at all?). The primary use case for this is to stop *you, personally*,
11
+ from storing unencrypted, sensitive credentials on disk (like in your .netrc file, your ~/.aws/credentials file, etc), but to still make it
12
+ easy for you to actually use these sensitive credentials.
13
+
14
+ Also note that gpgenv will ask you to decrypt files *repeatedly* unless you have `gpg-agent` configured, which will make it borderline unusable.
15
+
16
+ Gpgenv plays very nicely with [pass](http://www.passwordstore.org/). For example:
17
+
18
+ ```bash
19
+ # Set up a shortcut to your passwordstore home directory
20
+ export GPGENV_HOME=$HOME/.password-store
21
+
22
+ # Insert your oauth token into your password store:
23
+ pass insert myservice/OAUTH_TOKEN
24
+
25
+ # Use gpgenv to spawn a bash session:
26
+ gpgenv $GPGENV_HOME/myservice bash
27
+
28
+ # From the new bash session, use your oauth token to hit the service:
29
+ curl https://$user:$OAUTH_TOKEN@myservice.com/get_some_data
30
+ ```
31
+
32
+ ## Why?
33
+ As an admin, I am guilty of occasionally storing sensitive credentials on disk. Personal experience leads me to believe that this is
34
+ extremely common. Your .netrc file probably contains all sorts of sensitive data, and even if you use a gpg-encrypted .netrc file, many tools
35
+ simply don't understand gpg. Storing this stuff in plaintext is dangerous - but you do it anyway because the alternatives are just too painful.
36
+
37
+ I love [pass](http://www.passwordstore.org/), because it makes it easy to store passwords encrypted. But it doesn't make it easy to *use* them
38
+ (tbh, that isn't its job). I wrote `gpgenv` to bridge that gap, and make it easy for me to never store sensitive information in an unencrypted format
39
+ on my own machine. I hope that you find it useful as well, and you use it to stop yourself from committing security sins.
40
+
41
+ ## Installation
42
+ ```gem install gpgenv```
43
+
44
+ ## Usage
45
+
46
+ ### Spawn a child process
47
+ Gpgenv can spawn a child process that inherits environment variables like so:
48
+ ```bash
49
+ gpgenv /some/dir /some/other/dir "process_to_run argument1 argument2"
50
+ ```
51
+
52
+ ### Export environment variables
53
+ Gpgenv can export environment variables in your current shell session, like so:
54
+ ```bash
55
+ eval `gpgshell /some/dir /some/other/dir`
56
+ ```
57
+
58
+ ## Contributing
59
+
60
+ 1. Fork it ( https://github.com/[my-github-username]/gpgenv/fork )
61
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
62
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
63
+ 4. Push to the branch (`git push origin my-new-feature`)
64
+ 5. Create a new Pull Request
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require 'bundler/gem_tasks'
2
+ require 'rspec/core/rake_task'
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task default: :spec
data/bin/gpgenv ADDED
@@ -0,0 +1,12 @@
1
+ #!/usr/bin/env ruby
2
+ require 'gpgenv/exec_command'
3
+ begin
4
+ Gpgenv::ExecCommand.new(ARGV).run
5
+ rescue StandardError => bang
6
+ raise if ENV['DEBUG'] == 'true'
7
+ puts bang.message
8
+ exit 1
9
+ end
10
+
11
+
12
+
data/bin/gpgshell ADDED
@@ -0,0 +1,9 @@
1
+ #!/usr/bin/env ruby
2
+ require 'gpgenv/shell_command'
3
+ begin
4
+ Gpgenv::ShellCommand.new(ARGV).run
5
+ rescue StandardError => bang
6
+ raise if ENV['DEBUG'] == 'true'
7
+ puts bang.message
8
+ exit 1
9
+ end
data/gpgenv.gemspec ADDED
@@ -0,0 +1,33 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'gpgenv/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "gpgenv"
8
+ spec.version = Gpgenv::VERSION
9
+ spec.authors = ["Michael Shea"]
10
+ spec.email = ["michael.shea@heroku.com"]
11
+
12
+ spec.summary = %q{Read environment variables from gpg-encrypted files}
13
+ spec.description = %q{Plays nicely with passwordstore.org}
14
+ spec.homepage = "https://github.com/heroku/gpgenv"
15
+
16
+ # Prevent pushing this gem to RubyGems.org by setting 'allowed_push_host', or
17
+ # delete this section to allow pushing this gem to any host.
18
+ if spec.respond_to?(:metadata)
19
+ spec.metadata['allowed_push_host'] = "https://rubygems.org"
20
+ else
21
+ raise "RubyGems 2.0 or newer is required to protect against public gem pushes."
22
+ end
23
+
24
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
25
+ spec.bindir = "bin"
26
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
27
+ spec.require_paths = ["lib"]
28
+
29
+ spec.add_development_dependency "bundler", "~> 1.9"
30
+ spec.add_development_dependency "rake", "~> 10.0"
31
+ spec.add_development_dependency "rspec"
32
+ spec.add_development_dependency "simplecov"
33
+ end
@@ -0,0 +1,7 @@
1
+ module Gpgenv
2
+ module Config
3
+ def self.gpgenv_home
4
+ ENV['GPGENV_HOME']
5
+ end
6
+ end
7
+ end
@@ -0,0 +1,4 @@
1
+ module Gpgenv
2
+ class Error < StandardError
3
+ end
4
+ end
@@ -0,0 +1,22 @@
1
+ require 'gpgenv'
2
+
3
+ module Gpgenv
4
+ class ExecCommand
5
+
6
+ attr_reader :args
7
+
8
+ def initialize(args)
9
+ @args = args
10
+ end
11
+
12
+ def run
13
+ fail("Usage: gpgenv dir1 dir2 dir3 ... command") unless args.size >= 2
14
+ directories = args[0..-2]
15
+ cmd = args.last
16
+ hash = Gpgenv.read_files(directories)
17
+ hash.each{ |k,v| ENV[k]=v }
18
+ exec cmd
19
+ end
20
+
21
+ end
22
+ end
@@ -0,0 +1,22 @@
1
+ require 'gpgenv'
2
+ require 'shellwords'
3
+
4
+ module Gpgenv
5
+ class ShellCommand
6
+
7
+ attr_reader :args
8
+
9
+ def initialize(args)
10
+ @args = args
11
+ end
12
+
13
+ def run
14
+ fail("Usage: gpgshell dir1 dir2 ...") unless args.size >= 1
15
+ hash = Gpgenv.read_files(args)
16
+ hash.each do |k, v|
17
+ puts "export #{k}=#{Shellwords.escape(v)}"
18
+ end
19
+ end
20
+
21
+ end
22
+ end
@@ -0,0 +1,3 @@
1
+ module Gpgenv
2
+ VERSION = "0.1.0"
3
+ end
data/lib/gpgenv.rb ADDED
@@ -0,0 +1,47 @@
1
+ require "gpgenv/version"
2
+ require 'gpgenv/config'
3
+ require 'gpgenv/error'
4
+
5
+ module Gpgenv
6
+ def self.read_files(directories)
7
+
8
+ # Prefix relative paths that don't exist with gpgenv_home directory, if it is set.
9
+ if Config.gpgenv_home
10
+ directories = directories.map do |d|
11
+ if File.directory?(d)
12
+ d
13
+ else
14
+ gpgenv_dir = "#{Config.gpgenv_home}/#{d}"
15
+ if File.directory?(gpgenv_dir)
16
+ gpgenv_dir
17
+ else
18
+ d
19
+ end
20
+ end
21
+ end
22
+ end
23
+
24
+ # Validate existence of directories
25
+ directories.each do |d|
26
+ raise Error.new("#{d} does not exist.") unless File.exists?(d)
27
+ raise Error.new("#{d} is not a directory.") unless File.directory?(d)
28
+ end
29
+
30
+ hash = {}
31
+ directories.each do |dir|
32
+ Dir.glob("#{dir}/*").reject{|f| File.directory? f }.each do |f|
33
+ ext = File.extname(f)
34
+ var = File.basename(f, ext)
35
+ if ext == '.gpg'
36
+ data = `gpg --batch --quiet --decrypt #{f}`
37
+ raise Error.new("Decrypting #{f} failed.") unless $?.success?
38
+ else
39
+ data = File.read(f)
40
+ end
41
+ hash[var] = data.rstrip
42
+ end
43
+ end
44
+
45
+ hash
46
+ end
47
+ end
metadata ADDED
@@ -0,0 +1,118 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: gpgenv
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Michael Shea
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2015-11-10 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.9'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.9'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '10.0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '10.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: simplecov
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ description: Plays nicely with passwordstore.org
70
+ email:
71
+ - michael.shea@heroku.com
72
+ executables:
73
+ - gpgenv
74
+ - gpgshell
75
+ extensions: []
76
+ extra_rdoc_files: []
77
+ files:
78
+ - ".gitignore"
79
+ - ".rspec"
80
+ - ".travis.yml"
81
+ - Gemfile
82
+ - LICENSE
83
+ - README.md
84
+ - Rakefile
85
+ - bin/gpgenv
86
+ - bin/gpgshell
87
+ - gpgenv.gemspec
88
+ - lib/gpgenv.rb
89
+ - lib/gpgenv/config.rb
90
+ - lib/gpgenv/error.rb
91
+ - lib/gpgenv/exec_command.rb
92
+ - lib/gpgenv/shell_command.rb
93
+ - lib/gpgenv/version.rb
94
+ homepage: https://github.com/heroku/gpgenv
95
+ licenses: []
96
+ metadata:
97
+ allowed_push_host: https://rubygems.org
98
+ post_install_message:
99
+ rdoc_options: []
100
+ require_paths:
101
+ - lib
102
+ required_ruby_version: !ruby/object:Gem::Requirement
103
+ requirements:
104
+ - - ">="
105
+ - !ruby/object:Gem::Version
106
+ version: '0'
107
+ required_rubygems_version: !ruby/object:Gem::Requirement
108
+ requirements:
109
+ - - ">="
110
+ - !ruby/object:Gem::Version
111
+ version: '0'
112
+ requirements: []
113
+ rubyforge_project:
114
+ rubygems_version: 2.2.2
115
+ signing_key:
116
+ specification_version: 4
117
+ summary: Read environment variables from gpg-encrypted files
118
+ test_files: []