hiera-eyaml-kms 0.1 → 0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/README.md +5 -2
- data/hiera-eyaml-kms.gemspec +3 -4
- data/lib/hiera/backend/eyaml/encryptors/kms.rb +12 -5
- metadata +18 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 51a7d9c24c0cf9d779bd64fb3dc15807c5b4a326
|
4
|
+
data.tar.gz: 8b7ad632e699114d57515ee159108bbbe233ec32
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d1490a53865886c0348221746f21e9f84f3258a039fa662b3cc8ee279e0bccb9db501060b1a359134ca0bf6039b95ec534e9838b04edab3df35b645a5b87a0fc
|
7
|
+
data.tar.gz: 4370f60d769a3f99edc5c1467a66315fe265ce5e603c601dfd2859ad7210f1a10a3bf6a6a6de61dbefb1ba21484a988537ed06cee64de7aa57d24f5c42e28328
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -41,8 +41,9 @@ Configuration
|
|
41
41
|
This plugin adds 2 options to hiera-eyaml:
|
42
42
|
|
43
43
|
```
|
44
|
-
--kms-key-id=<s> KMS Key ID
|
45
|
-
--kms-aws-region=<s> AWS Region
|
44
|
+
--kms-key-id=<s> KMS Key ID (default: )
|
45
|
+
--kms-aws-region=<s> AWS Region (default: ap-southeast-2)
|
46
|
+
--kms-aws-profile=<s> AWS Profile (default: default)
|
46
47
|
```
|
47
48
|
|
48
49
|
To avoid passing CLI parameters every call to eyaml, you can create a config file to set the defaults.
|
@@ -55,9 +56,11 @@ Example:
|
|
55
56
|
---
|
56
57
|
kms_key_id: '00000000-0000-0000-0000-000000000000'
|
57
58
|
kms_aws_region: 'us-west-1'
|
59
|
+
kms_aws_profile: 'your-profile'
|
58
60
|
```
|
59
61
|
|
60
62
|
Authors
|
61
63
|
=======
|
62
64
|
|
63
65
|
- [Allan Denot](http://github.com/adenot)
|
66
|
+
|
data/hiera-eyaml-kms.gemspec
CHANGED
@@ -1,11 +1,8 @@
|
|
1
1
|
# -*- encoding: utf-8 -*-
|
2
|
-
lib = File.expand_path('../lib', __FILE__)
|
3
|
-
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
-
require 'hiera/backend/eyaml/encryptors/kms'
|
5
2
|
|
6
3
|
Gem::Specification.new do |gem|
|
7
4
|
gem.name = "hiera-eyaml-kms"
|
8
|
-
gem.version =
|
5
|
+
gem.version = "0.2"
|
9
6
|
gem.description = "AWS KMS encryptor for use with hiera-eyaml"
|
10
7
|
gem.summary = "Encryption plugin for hiera-eyaml backend for Hiera"
|
11
8
|
gem.author = "Allan Denot"
|
@@ -16,4 +13,6 @@ Gem::Specification.new do |gem|
|
|
16
13
|
gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
|
17
14
|
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
18
15
|
gem.require_paths = ["lib"]
|
16
|
+
|
17
|
+
gem.add_runtime_dependency 'aws-sdk-kms'
|
19
18
|
end
|
@@ -2,7 +2,7 @@ require 'openssl'
|
|
2
2
|
require 'hiera/backend/eyaml/encryptor'
|
3
3
|
require 'hiera/backend/eyaml/utils'
|
4
4
|
require 'hiera/backend/eyaml/options'
|
5
|
-
require 'aws-sdk'
|
5
|
+
require 'aws-sdk-kms'
|
6
6
|
|
7
7
|
class Hiera
|
8
8
|
module Backend
|
@@ -17,19 +17,24 @@ class Hiera
|
|
17
17
|
:default => "" },
|
18
18
|
:aws_region => { :desc => "AWS Region",
|
19
19
|
:type => :string,
|
20
|
-
:default => "ap-southeast-2" }
|
20
|
+
:default => "ap-southeast-2" },
|
21
|
+
:aws_profile => { :desc => "AWS Account",
|
22
|
+
:type => :string,
|
23
|
+
:default => "default"}
|
21
24
|
}
|
22
25
|
|
23
|
-
VERSION = "0.
|
26
|
+
VERSION = "0.2"
|
24
27
|
self.tag = "KMS"
|
25
28
|
|
26
29
|
def self.encrypt plaintext
|
30
|
+
aws_profile = self.option :aws_profile
|
27
31
|
aws_region = self.option :aws_region
|
28
32
|
key_id = self.option :key_id
|
29
33
|
raise StandardError, "key_id is not defined" unless key_id
|
30
34
|
|
31
35
|
@kms = ::Aws::KMS::Client.new(
|
32
|
-
|
36
|
+
profile: aws_profile,
|
37
|
+
region: aws_region,
|
33
38
|
)
|
34
39
|
|
35
40
|
resp = @kms.encrypt({
|
@@ -41,10 +46,12 @@ class Hiera
|
|
41
46
|
end
|
42
47
|
|
43
48
|
def self.decrypt ciphertext
|
49
|
+
aws_profile = self.option :aws_profile
|
44
50
|
aws_region = self.option :aws_region
|
45
51
|
|
46
52
|
@kms = ::Aws::KMS::Client.new(
|
47
|
-
|
53
|
+
profile: aws_profile,
|
54
|
+
region: aws_region,
|
48
55
|
)
|
49
56
|
|
50
57
|
resp = @kms.decrypt({
|
metadata
CHANGED
@@ -1,15 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hiera-eyaml-kms
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: '0.
|
4
|
+
version: '0.2'
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Allan Denot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
12
|
-
dependencies:
|
11
|
+
date: 2018-05-16 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: aws-sdk-kms
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - '>='
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - '>='
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
13
27
|
description: AWS KMS encryptor for use with hiera-eyaml
|
14
28
|
email:
|
15
29
|
executables: []
|
@@ -46,7 +60,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
46
60
|
version: '0'
|
47
61
|
requirements: []
|
48
62
|
rubyforge_project:
|
49
|
-
rubygems_version: 2.0.14
|
63
|
+
rubygems_version: 2.0.14.1
|
50
64
|
signing_key:
|
51
65
|
specification_version: 4
|
52
66
|
summary: Encryption plugin for hiera-eyaml backend for Hiera
|