hiera-eyaml-gpg 0.1 → 0.2

Sign up to get free protection for your applications and to get access to all the features.
data/README.md CHANGED
@@ -14,3 +14,59 @@ keys. This means that each team member can hold their own private key and so can
14
14
  Equally, each puppet master can have their own key if desired and when you need to rotate
15
15
  keys for either users or puppet masters, re-encrypting your files and changing the key everywhere
16
16
  does not need to be done in lockstep.
17
+
18
+ Requirements
19
+ ------------
20
+
21
+ You'll need a working GPG setup with your own keypair and a public keyring containing any other
22
+ keys that you want to work
23
+
24
+ To get started, install the hiera-eyaml-gpg gem.
25
+
26
+ $ gem install hiera-eyaml-gpg
27
+
28
+ If you haven't already installed it, this requires and will install the hiera-eyaml gem, which you
29
+ should probably acquint yourself with at https://github.com/TomPoulton/hiera-eyaml.
30
+
31
+ Note that in order to install the gpgme gem you'll need to have the ruby development package installed
32
+ for your distribution.
33
+
34
+ How to use
35
+ ----------
36
+
37
+ ### Encrypting and editing encrypted data
38
+
39
+ Once installed you can create encrypted hiera-eyaml blocks that are encrypted using GPG.
40
+
41
+ $ eyaml -n gpg -e -s "A secret string to encrypt" --gpg-recipients bob@example.com,hiera@example.com
42
+
43
+ If you do not have a web of trust (i.e. you normally use --always-trust for gpg signing) then you'll need
44
+ to use the `--gpg-always-trust` option on the command line.
45
+
46
+ It gets pretty dull to keep on remembering which recipients you should use, so you can put them in a file
47
+ and specify that instead.
48
+
49
+ $ eyaml -n gpg -e -s "A secret string to encrypt" --gpg-recipients-file hiera-eyaml-gpg.recipients
50
+
51
+ In fact, when editing a file on disk and neither of the --gpg-recipient options are provided it will
52
+ automatically look for a `hiera-eyaml-gpg.recipients` file in the same directory as the file being edited
53
+ (or any parent in the tree). The first file discovered will be used allowing different parts of a hiera
54
+ tree to have different recipients if so desired.
55
+
56
+ Use `eyaml --help` for more details or look at the hiera-eyaml docs.
57
+
58
+ ### Configuring hiera
59
+
60
+ Assuming you have a working `hiera` and `hiera-eyaml` then the only option you need to add is to
61
+ configure `:gpg_gnupghome:` in your hiera.yaml (under the `:eyaml:` section). This should be the
62
+ directory that contains the keyring etc for the user that can to decrypt the hiera data. Please note
63
+ that the private GPG key must not have a passphrase.
64
+
65
+ Authors
66
+ -------
67
+
68
+ - Simon Hildrew - Initial code
69
+ - Geoff Meakins - Created hiera-eyaml plugin framework that made this possible
70
+
71
+ ### Contributors
72
+ - Walt Javins - Bug fixes
@@ -27,10 +27,18 @@ class Hiera
27
27
  :type => :string }
28
28
  }
29
29
 
30
+ @@passphrase_cache = Hash.new
31
+
30
32
  def self.passfunc(hook, uid_hint, passphrase_info, prev_was_bad, fd)
31
33
  begin
32
34
  system('stty -echo')
33
- passphrase = ask("Enter passphrase for #{uid_hint}: ") { |q| q.echo = '*' }
35
+
36
+ unless @@passphrase_cache.has_key?(uid_hint)
37
+ @@passphrase_cache[uid_hint] = ask("Enter passphrase for #{uid_hint}: ") { |q| q.echo = '' }
38
+ $stderr.puts
39
+ end
40
+ passphrase = @@passphrase_cache[uid_hint]
41
+
34
42
  io = IO.for_fd(fd, 'w')
35
43
  io.puts(passphrase)
36
44
  io.flush
@@ -38,7 +46,6 @@ class Hiera
38
46
  (0 ... $_.length).each do |i| $_[i] = ?0 end if $_
39
47
  system('stty echo')
40
48
  end
41
- $stderr.puts
42
49
  end
43
50
 
44
51
  def self.find_recipients
@@ -52,7 +59,7 @@ class Hiera
52
59
  debug("Using --recipients-file option")
53
60
  Pathname.new(recipient_file_option)
54
61
  else
55
- debug("Searching for any hiera-eyaml-gpg.recipents files in path")
62
+ debug("Searching for any hiera-eyaml-gpg.recipients files in path")
56
63
  # if we are editing a file, look for a hiera-eyaml-gpg.recipients file
57
64
  filename = case Eyaml::Options[:source]
58
65
  when :file
@@ -146,6 +153,7 @@ class Hiera
146
153
  txt.read
147
154
  else
148
155
  warn("No usable keys found in #{ENV['GNUPGHOME']}. Check :gpgpghome value in hiera.yaml is correct")
156
+ raise ArgumentError, "No usable keys found in #{ENV['GNUPGHOME']}. Check :gpgpghome value in hiera.yaml is correct"
149
157
  end
150
158
  end
151
159
 
@@ -158,4 +166,4 @@ class Hiera
158
166
  end
159
167
  end
160
168
  end
161
- end
169
+ end
@@ -3,7 +3,7 @@ class Hiera
3
3
  module Eyaml
4
4
  module Encryptors
5
5
  module Gpg
6
- VERSION = "0.1"
6
+ VERSION = "0.2"
7
7
  end
8
8
  end
9
9
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hiera-eyaml-gpg
3
3
  version: !ruby/object:Gem::Version
4
- version: '0.1'
4
+ version: '0.2'
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-09-11 00:00:00.000000000 Z
12
+ date: 2013-11-07 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: hiera-eyaml