hiera-eyaml-gcpkms 0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +7 -0
- data/Gemfile +3 -0
- data/LICENSE +20 -0
- data/README.md +1 -0
- data/Rakefile +1 -0
- data/hiera-eyaml-gcpkms.gemspec +21 -0
- data/lib/hiera/backend/eyaml/encryptors/gcpkms.rb +58 -0
- data/lib/hiera/backend/eyaml/encryptors/gcpkms/eyaml_init.rb +3 -0
- data/lib/hiera/backend/eyaml/encryptors/gcpkms/version.rb +11 -0
- data/test.rb +9 -0
- data/tools/regem.sh +6 -0
- metadata +68 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 0523b26f0e8c2d7bd615cfc09cd0399f3f42fa7ebeab8b1943b1925fca908836
|
4
|
+
data.tar.gz: c8e46e323b20503116320c224f0bb4f44bf9f2311c23dbc024d6975188e29ac6
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 8cfde4364cd8f5f29e7f9960bb31cf7ce09e822037cb0180de9536791e4d8e6665dd9ad0334b1c4dad3a834ef5dfe966dc0df68e2e18be9f342dcae50fc65d0a
|
7
|
+
data.tar.gz: 0fa5e3fa5cf380f6e2e958981ec0e9044102028a175b73479d362bfb3f62ee223c6ea30a623f118268795fd5d968158d8cf798f8c58a236248321c93fd365776
|
data/.gitignore
ADDED
data/Gemfile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2013 Simon Hildrew
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
6
|
+
this software and associated documentation files (the "Software"), to deal in
|
7
|
+
the Software without restriction, including without limitation the rights to
|
8
|
+
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
9
|
+
the Software, and to permit persons to whom the Software is furnished to do so,
|
10
|
+
subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
13
|
+
copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
17
|
+
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
18
|
+
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
19
|
+
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
20
|
+
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
Like `hiera-eyaml-gpg`, but for GCP KMS.
|
data/Rakefile
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require "bundler/gem_tasks"
|
@@ -0,0 +1,21 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'hiera/backend/eyaml/encryptors/gcpkms/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |gem|
|
7
|
+
gem.name = "hiera-eyaml-gcpkms"
|
8
|
+
gem.version = Hiera::Backend::Eyaml::Encryptors::GcpKms::VERSION
|
9
|
+
gem.description = "GCP KMS encryptor for use with hiera-eyaml"
|
10
|
+
gem.summary = "Encryption plugin for hiera-eyaml backend for Hiera"
|
11
|
+
gem.author = "John Arundel"
|
12
|
+
gem.license = "MIT"
|
13
|
+
|
14
|
+
gem.homepage = "http://github.com/bitfield/hiera-eyaml-gcpkms"
|
15
|
+
gem.files = `git ls-files`.split($/)
|
16
|
+
gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
|
17
|
+
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
18
|
+
gem.require_paths = ["lib"]
|
19
|
+
|
20
|
+
gem.add_dependency('hiera-eyaml', '>=1.3.8')
|
21
|
+
end
|
@@ -0,0 +1,58 @@
|
|
1
|
+
require 'hiera/backend/eyaml/encryptor'
|
2
|
+
require 'hiera/backend/eyaml/utils'
|
3
|
+
require 'hiera/backend/eyaml/options'
|
4
|
+
|
5
|
+
require 'base64'
|
6
|
+
begin
|
7
|
+
require 'google/apis/cloudkms_v1'
|
8
|
+
rescue LoadError
|
9
|
+
fail "hiera-eyaml-gcpkms requires the 'google-api-client' gem"
|
10
|
+
end
|
11
|
+
|
12
|
+
class Hiera
|
13
|
+
module Backend
|
14
|
+
module Eyaml
|
15
|
+
module Encryptors
|
16
|
+
|
17
|
+
class GcpKms < Encryptor
|
18
|
+
Cloudkms = Google::Apis::CloudkmsV1 # Alias the module
|
19
|
+
|
20
|
+
self.tag = "GCPKMS"
|
21
|
+
self.options = {
|
22
|
+
:key_id => { :desc => "GCP KMS key ID",
|
23
|
+
:type => :string,
|
24
|
+
:default => "",
|
25
|
+
},
|
26
|
+
}
|
27
|
+
|
28
|
+
def self.init
|
29
|
+
# Instantiate the client
|
30
|
+
@kms_client = Cloudkms::CloudKMSService.new
|
31
|
+
|
32
|
+
# Set the required scopes to access the Key Management Service API
|
33
|
+
# @see https://developers.google.com/identity/protocols/application-default-credentials#callingruby
|
34
|
+
@kms_client.authorization = Google::Auth.get_application_default(
|
35
|
+
"https://www.googleapis.com/auth/cloud-platform"
|
36
|
+
)
|
37
|
+
@key_id = self.option :key_id
|
38
|
+
end
|
39
|
+
|
40
|
+
def self.encrypt(plaintext)
|
41
|
+
self.init()
|
42
|
+
encrypt_request = Cloudkms::EncryptRequest.new(:plaintext => plaintext)
|
43
|
+
response = @kms_client.encrypt_crypto_key(@key_id, encrypt_request)
|
44
|
+
return Base64.encode64(response.ciphertext.chomp)
|
45
|
+
end
|
46
|
+
|
47
|
+
|
48
|
+
def self.decrypt(ciphertext)
|
49
|
+
self.init()
|
50
|
+
decrypt_request = Cloudkms::DecryptRequest.new(:ciphertext => Base64.decode64(ciphertext))
|
51
|
+
response = @kms_client.decrypt_crypto_key(@key_id, decrypt_request)
|
52
|
+
return response.plaintext
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
data/test.rb
ADDED
@@ -0,0 +1,9 @@
|
|
1
|
+
$LOAD_PATH << "/opt/puppetlabs/puppet/lib/ruby/gems/2.4.0/gems"
|
2
|
+
require 'hiera-eyaml-gcpkms'
|
3
|
+
|
4
|
+
e = Hiera::Backend::Eyaml::Encryptors::GcpKms.new
|
5
|
+
e.options[:key_id] = 'projects/cz-prod-kms/locations/global/keyRings/prod/cryptoKeys/infra'
|
6
|
+
|
7
|
+
ciphertext = e.encrypt("foobar")
|
8
|
+
puts ciphertext
|
9
|
+
puts e.decrypt(ciphertext)
|
data/tools/regem.sh
ADDED
metadata
ADDED
@@ -0,0 +1,68 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: hiera-eyaml-gcpkms
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: '0.3'
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- John Arundel
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2018-10-12 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: hiera-eyaml
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 1.3.8
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 1.3.8
|
27
|
+
description: GCP KMS encryptor for use with hiera-eyaml
|
28
|
+
email:
|
29
|
+
executables: []
|
30
|
+
extensions: []
|
31
|
+
extra_rdoc_files: []
|
32
|
+
files:
|
33
|
+
- ".gitignore"
|
34
|
+
- Gemfile
|
35
|
+
- LICENSE
|
36
|
+
- README.md
|
37
|
+
- Rakefile
|
38
|
+
- hiera-eyaml-gcpkms.gemspec
|
39
|
+
- lib/hiera/backend/eyaml/encryptors/gcpkms.rb
|
40
|
+
- lib/hiera/backend/eyaml/encryptors/gcpkms/eyaml_init.rb
|
41
|
+
- lib/hiera/backend/eyaml/encryptors/gcpkms/version.rb
|
42
|
+
- test.rb
|
43
|
+
- tools/regem.sh
|
44
|
+
homepage: http://github.com/bitfield/hiera-eyaml-gcpkms
|
45
|
+
licenses:
|
46
|
+
- MIT
|
47
|
+
metadata: {}
|
48
|
+
post_install_message:
|
49
|
+
rdoc_options: []
|
50
|
+
require_paths:
|
51
|
+
- lib
|
52
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
53
|
+
requirements:
|
54
|
+
- - ">="
|
55
|
+
- !ruby/object:Gem::Version
|
56
|
+
version: '0'
|
57
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
requirements: []
|
63
|
+
rubyforge_project:
|
64
|
+
rubygems_version: 2.7.6
|
65
|
+
signing_key:
|
66
|
+
specification_version: 4
|
67
|
+
summary: Encryption plugin for hiera-eyaml backend for Hiera
|
68
|
+
test_files: []
|