hiera-eyaml-secretbox 0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 08316189c76159d7821826e0800c971969f10cd8
+  data.tar.gz: 42274d98973c85a858b258a16233c0abc10813b1
+SHA512:
+  metadata.gz: 079980410605881d24f52f8424796f032eec973b69e4c94df07dfe4f8f067809ae587b8bafeeeb36a2f764e91abd88e6260724d6203e8b3760cae717950c3d7a
+  data.tar.gz: baf9f4402d95dbed08e583f2f0cc28b4f981c9622a52a48343f724233197c3640113995a3a62c926e79970980d5128623153b24d52ea110afd9fb450df7b3b00

data/.gitignore

@@ -0,0 +1,35 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalisation:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc

data/Gemfile

@@ -0,0 +1,8 @@
+source 'https://rubygems.org/'
+
+gem 'hiera-eyaml', ">=1.3.8"
+gem 'rbnacl'
+
+group :development do
+  gem "aruba"
+end

data/LICENSE

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Wijnand Modderman-Lenstra
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,39 @@
+hiera-eyaml-secretbox
+=====================
+
+NaCl secretbox encryption backend for the
+[hiera-eyaml](https://github.com/TomPoulton/hiera-eyaml) module.
+
+
+Motivation
+----------
+
+*censored*
+
+
+Requirements
+------------
+
+You need [RbNaCl](https://github.com/cryptosphere/rbnacl) for the NaCl
+operations, which in turn depends on [libsodium](http://www.libsodium.org/):
+
+    $ gem install rbnacl
+
+
+How to use
+----------
+
+### Encrypting and editing encrypted data
+
+Once installed you can create encrypted hiera-eyaml blocks that are encrypted
+using Secret Box.
+
+    $ eyaml encrypt -n secretbox -s "A secret string to encrypt"
+
+Use `eyaml --help` for more details or look at the hiera-eyaml docs.
+
+### Configuring hiera
+
+Assuming you have a working `hiera` and `hiera-eyaml` then you need to
+configure a path for the `:secretbox_private_key:` and `:secretbox_public_key:`
+file locations.

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/hiera-eyaml-secretbox.gemspec

@@ -0,0 +1,22 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'hiera/backend/eyaml/encryptors/secretbox'
+
+Gem::Specification.new do |gem|
+  gem.name          = "hiera-eyaml-secretbox"
+  gem.version       = Hiera::Backend::Eyaml::Encryptors::SecretBox::VERSION
+  gem.description   = "NaCl encryptor for use with hiera-eyaml"
+  gem.summary       = "Encryption plugin for hiera-eyaml backend for Hiera"
+  gem.author        = "Wijnand Modderman-Lenstra"
+  gem.email 	    = "maze@pyth0n.org"
+  gem.license       = "MIT"
+
+  gem.homepage      = "http://github.com/tehmaze/hiera-eyaml-secretbox"
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  gem.add_runtime_dependency 'rbnacl', '~> 3.0', '>= 3.0.0'
+end

data/lib/hiera/backend/eyaml/encryptors/secretbox.rb

@@ -0,0 +1,90 @@
+require 'base64'
+require 'rbnacl'
+require 'hiera/backend/eyaml/encryptor'
+require 'hiera/backend/eyaml/utils'
+require 'hiera/backend/eyaml/options'
+
+class Hiera
+  module Backend
+    module Eyaml
+      module Encryptors
+
+        class SecretBox < Encryptor
+          VERSION = "0.2"
+
+          self.options = {
+            :private_key => { :desc => "Path to private key",
+                              :type => :string,
+                              :default => "./keys/private_key.box" },
+            :public_key => { :desc => "Path to public key",
+                             :type => :string,
+                             :default => "./keys/public_key.box" },
+          }
+
+          self.tag = 'SecretBox'
+
+          def self.encrypt plaintext
+            public_key = self.option :public_key
+            raise StandardError, "secretbox_public_key is not defined" unless public_key
+
+            # Receivers public key
+            public_key_b64 = File.read public_key
+            public_key_bin = Base64.decode64 public_key_b64
+            pub = RbNaCl::PublicKey.new(public_key_bin)
+
+            # Senders private key
+            key = RbNaCl::PrivateKey.generate
+            box = RbNaCl::SimpleBox.from_keypair(pub, key)
+
+            # Public key plus cipher text
+            key.public_key.to_str + box.encrypt(plaintext)
+          end
+
+          def self.decrypt message
+            public_key_bin = message.byteslice(0, RbNaCl::PublicKey::BYTES)
+            ciphertext = message.byteslice(RbNaCl::PublicKey::BYTES, message.length)
+
+            private_key = self.option :private_key
+            raise StandardError, "secretbox_private_key is not defined" unless private_key
+
+            # Receivers private key
+            private_key_b64 = File.read private_key
+            private_key_bin = Base64.decode64 private_key_b64
+            key = RbNaCl::PrivateKey.new(private_key_bin)
+
+            # Senders public key
+            pub = RbNaCl::PublicKey.new(public_key_bin)
+
+            # Decrypted cipher text
+            box = RbNaCl::SimpleBox.from_keypair(pub, key)
+            box.decrypt(ciphertext)
+          end
+
+          def self.create_keys
+            public_key = self.option :public_key
+            private_key = self.option :private_key
+            raise StandardError, 'secretbox_public_key is not defined' unless public_key
+            raise StandardError, 'secretbox_private_key is not defined' unless private_key
+
+            key = RbNaCl::PrivateKey.generate
+            key_b64 = Base64.encode64 key.to_bytes
+            pub = key.public_key
+            pub_b64 = Base64.encode64 pub.to_bytes
+
+            Utils.ensure_key_dir_exists private_key
+            Utils.write_important_file :filename => private_key, :content => key_b64, :mode => 0600
+            Utils.ensure_key_dir_exists public_key
+            Utils.write_important_file :filename => public_key, :content => pub_b64, :mode => 0644
+            Utils.info 'Keys created OK'
+
+          end
+
+        end
+
+      end
+
+    end
+
+  end
+
+end

data/lib/hiera/backend/eyaml/encryptors/secretbox/eyaml_init.rb

@@ -0,0 +1,3 @@
+require 'hiera/backend/eyaml/encryptors/secretbox'
+
+Hiera::Backend::Eyaml::Encryptors::SecretBox.register

data/tools/regem.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+gem uninstall hiera-eyaml-secretbox
+rake build
+gem install pkg/hiera-eyaml-secretbox
+eyaml -v

metadata

@@ -0,0 +1,72 @@
+--- !ruby/object:Gem::Specification
+name: hiera-eyaml-secretbox
+version: !ruby/object:Gem::Version
+  version: '0.2'
+platform: ruby
+authors:
+- Wijnand Modderman-Lenstra
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-09-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rbnacl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+description: NaCl encryptor for use with hiera-eyaml
+email: maze@pyth0n.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- hiera-eyaml-secretbox.gemspec
+- lib/hiera/backend/eyaml/encryptors/secretbox.rb
+- lib/hiera/backend/eyaml/encryptors/secretbox/eyaml_init.rb
+- tools/regem.sh
+homepage: http://github.com/tehmaze/hiera-eyaml-secretbox
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Encryption plugin for hiera-eyaml backend for Hiera
+test_files: []