hiera-eyaml-secretbox 0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +35 -0
- data/Gemfile +8 -0
- data/LICENSE +22 -0
- data/README.md +39 -0
- data/Rakefile +1 -0
- data/hiera-eyaml-secretbox.gemspec +22 -0
- data/lib/hiera/backend/eyaml/encryptors/secretbox.rb +90 -0
- data/lib/hiera/backend/eyaml/encryptors/secretbox/eyaml_init.rb +3 -0
- data/tools/regem.sh +6 -0
- metadata +72 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 08316189c76159d7821826e0800c971969f10cd8
|
4
|
+
data.tar.gz: 42274d98973c85a858b258a16233c0abc10813b1
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 079980410605881d24f52f8424796f032eec973b69e4c94df07dfe4f8f067809ae587b8bafeeeb36a2f764e91abd88e6260724d6203e8b3760cae717950c3d7a
|
7
|
+
data.tar.gz: baf9f4402d95dbed08e583f2f0cc28b4f981c9622a52a48343f724233197c3640113995a3a62c926e79970980d5128623153b24d52ea110afd9fb450df7b3b00
|
data/.gitignore
ADDED
@@ -0,0 +1,35 @@
|
|
1
|
+
*.gem
|
2
|
+
*.rbc
|
3
|
+
/.config
|
4
|
+
/coverage/
|
5
|
+
/InstalledFiles
|
6
|
+
/pkg/
|
7
|
+
/spec/reports/
|
8
|
+
/test/tmp/
|
9
|
+
/test/version_tmp/
|
10
|
+
/tmp/
|
11
|
+
|
12
|
+
## Specific to RubyMotion:
|
13
|
+
.dat*
|
14
|
+
.repl_history
|
15
|
+
build/
|
16
|
+
|
17
|
+
## Documentation cache and generated files:
|
18
|
+
/.yardoc/
|
19
|
+
/_yardoc/
|
20
|
+
/doc/
|
21
|
+
/rdoc/
|
22
|
+
|
23
|
+
## Environment normalisation:
|
24
|
+
/.bundle/
|
25
|
+
/vendor/bundle
|
26
|
+
/lib/bundler/man/
|
27
|
+
|
28
|
+
# for a library or gem, you might want to ignore these files since the code is
|
29
|
+
# intended to run in multiple environments; otherwise, check them in:
|
30
|
+
# Gemfile.lock
|
31
|
+
# .ruby-version
|
32
|
+
# .ruby-gemset
|
33
|
+
|
34
|
+
# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
|
35
|
+
.rvmrc
|
data/Gemfile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2015 Wijnand Modderman-Lenstra
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
6
|
+
this software and associated documentation files (the "Software"), to deal in
|
7
|
+
the Software without restriction, including without limitation the rights to
|
8
|
+
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
|
9
|
+
of
|
10
|
+
the Software, and to permit persons to whom the Software is furnished to do so,
|
11
|
+
subject to the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be included in all
|
14
|
+
copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
17
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
18
|
+
FITNESS
|
19
|
+
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
20
|
+
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
21
|
+
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
22
|
+
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,39 @@
|
|
1
|
+
hiera-eyaml-secretbox
|
2
|
+
=====================
|
3
|
+
|
4
|
+
NaCl secretbox encryption backend for the
|
5
|
+
[hiera-eyaml](https://github.com/TomPoulton/hiera-eyaml) module.
|
6
|
+
|
7
|
+
|
8
|
+
Motivation
|
9
|
+
----------
|
10
|
+
|
11
|
+
*censored*
|
12
|
+
|
13
|
+
|
14
|
+
Requirements
|
15
|
+
------------
|
16
|
+
|
17
|
+
You need [RbNaCl](https://github.com/cryptosphere/rbnacl) for the NaCl
|
18
|
+
operations, which in turn depends on [libsodium](http://www.libsodium.org/):
|
19
|
+
|
20
|
+
$ gem install rbnacl
|
21
|
+
|
22
|
+
|
23
|
+
How to use
|
24
|
+
----------
|
25
|
+
|
26
|
+
### Encrypting and editing encrypted data
|
27
|
+
|
28
|
+
Once installed you can create encrypted hiera-eyaml blocks that are encrypted
|
29
|
+
using Secret Box.
|
30
|
+
|
31
|
+
$ eyaml encrypt -n secretbox -s "A secret string to encrypt"
|
32
|
+
|
33
|
+
Use `eyaml --help` for more details or look at the hiera-eyaml docs.
|
34
|
+
|
35
|
+
### Configuring hiera
|
36
|
+
|
37
|
+
Assuming you have a working `hiera` and `hiera-eyaml` then you need to
|
38
|
+
configure a path for the `:secretbox_private_key:` and `:secretbox_public_key:`
|
39
|
+
file locations.
|
data/Rakefile
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require "bundler/gem_tasks"
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'hiera/backend/eyaml/encryptors/secretbox'
|
5
|
+
|
6
|
+
Gem::Specification.new do |gem|
|
7
|
+
gem.name = "hiera-eyaml-secretbox"
|
8
|
+
gem.version = Hiera::Backend::Eyaml::Encryptors::SecretBox::VERSION
|
9
|
+
gem.description = "NaCl encryptor for use with hiera-eyaml"
|
10
|
+
gem.summary = "Encryption plugin for hiera-eyaml backend for Hiera"
|
11
|
+
gem.author = "Wijnand Modderman-Lenstra"
|
12
|
+
gem.email = "maze@pyth0n.org"
|
13
|
+
gem.license = "MIT"
|
14
|
+
|
15
|
+
gem.homepage = "http://github.com/tehmaze/hiera-eyaml-secretbox"
|
16
|
+
gem.files = `git ls-files`.split($/)
|
17
|
+
gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
|
18
|
+
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
19
|
+
gem.require_paths = ["lib"]
|
20
|
+
|
21
|
+
gem.add_runtime_dependency 'rbnacl', '~> 3.0', '>= 3.0.0'
|
22
|
+
end
|
@@ -0,0 +1,90 @@
|
|
1
|
+
require 'base64'
|
2
|
+
require 'rbnacl'
|
3
|
+
require 'hiera/backend/eyaml/encryptor'
|
4
|
+
require 'hiera/backend/eyaml/utils'
|
5
|
+
require 'hiera/backend/eyaml/options'
|
6
|
+
|
7
|
+
class Hiera
|
8
|
+
module Backend
|
9
|
+
module Eyaml
|
10
|
+
module Encryptors
|
11
|
+
|
12
|
+
class SecretBox < Encryptor
|
13
|
+
VERSION = "0.2"
|
14
|
+
|
15
|
+
self.options = {
|
16
|
+
:private_key => { :desc => "Path to private key",
|
17
|
+
:type => :string,
|
18
|
+
:default => "./keys/private_key.box" },
|
19
|
+
:public_key => { :desc => "Path to public key",
|
20
|
+
:type => :string,
|
21
|
+
:default => "./keys/public_key.box" },
|
22
|
+
}
|
23
|
+
|
24
|
+
self.tag = 'SecretBox'
|
25
|
+
|
26
|
+
def self.encrypt plaintext
|
27
|
+
public_key = self.option :public_key
|
28
|
+
raise StandardError, "secretbox_public_key is not defined" unless public_key
|
29
|
+
|
30
|
+
# Receivers public key
|
31
|
+
public_key_b64 = File.read public_key
|
32
|
+
public_key_bin = Base64.decode64 public_key_b64
|
33
|
+
pub = RbNaCl::PublicKey.new(public_key_bin)
|
34
|
+
|
35
|
+
# Senders private key
|
36
|
+
key = RbNaCl::PrivateKey.generate
|
37
|
+
box = RbNaCl::SimpleBox.from_keypair(pub, key)
|
38
|
+
|
39
|
+
# Public key plus cipher text
|
40
|
+
key.public_key.to_str + box.encrypt(plaintext)
|
41
|
+
end
|
42
|
+
|
43
|
+
def self.decrypt message
|
44
|
+
public_key_bin = message.byteslice(0, RbNaCl::PublicKey::BYTES)
|
45
|
+
ciphertext = message.byteslice(RbNaCl::PublicKey::BYTES, message.length)
|
46
|
+
|
47
|
+
private_key = self.option :private_key
|
48
|
+
raise StandardError, "secretbox_private_key is not defined" unless private_key
|
49
|
+
|
50
|
+
# Receivers private key
|
51
|
+
private_key_b64 = File.read private_key
|
52
|
+
private_key_bin = Base64.decode64 private_key_b64
|
53
|
+
key = RbNaCl::PrivateKey.new(private_key_bin)
|
54
|
+
|
55
|
+
# Senders public key
|
56
|
+
pub = RbNaCl::PublicKey.new(public_key_bin)
|
57
|
+
|
58
|
+
# Decrypted cipher text
|
59
|
+
box = RbNaCl::SimpleBox.from_keypair(pub, key)
|
60
|
+
box.decrypt(ciphertext)
|
61
|
+
end
|
62
|
+
|
63
|
+
def self.create_keys
|
64
|
+
public_key = self.option :public_key
|
65
|
+
private_key = self.option :private_key
|
66
|
+
raise StandardError, 'secretbox_public_key is not defined' unless public_key
|
67
|
+
raise StandardError, 'secretbox_private_key is not defined' unless private_key
|
68
|
+
|
69
|
+
key = RbNaCl::PrivateKey.generate
|
70
|
+
key_b64 = Base64.encode64 key.to_bytes
|
71
|
+
pub = key.public_key
|
72
|
+
pub_b64 = Base64.encode64 pub.to_bytes
|
73
|
+
|
74
|
+
Utils.ensure_key_dir_exists private_key
|
75
|
+
Utils.write_important_file :filename => private_key, :content => key_b64, :mode => 0600
|
76
|
+
Utils.ensure_key_dir_exists public_key
|
77
|
+
Utils.write_important_file :filename => public_key, :content => pub_b64, :mode => 0644
|
78
|
+
Utils.info 'Keys created OK'
|
79
|
+
|
80
|
+
end
|
81
|
+
|
82
|
+
end
|
83
|
+
|
84
|
+
end
|
85
|
+
|
86
|
+
end
|
87
|
+
|
88
|
+
end
|
89
|
+
|
90
|
+
end
|
data/tools/regem.sh
ADDED
metadata
ADDED
@@ -0,0 +1,72 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: hiera-eyaml-secretbox
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: '0.2'
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Wijnand Modderman-Lenstra
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2015-09-29 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rbnacl
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '3.0'
|
20
|
+
- - ">="
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: 3.0.0
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
requirements:
|
27
|
+
- - "~>"
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '3.0'
|
30
|
+
- - ">="
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: 3.0.0
|
33
|
+
description: NaCl encryptor for use with hiera-eyaml
|
34
|
+
email: maze@pyth0n.org
|
35
|
+
executables: []
|
36
|
+
extensions: []
|
37
|
+
extra_rdoc_files: []
|
38
|
+
files:
|
39
|
+
- ".gitignore"
|
40
|
+
- Gemfile
|
41
|
+
- LICENSE
|
42
|
+
- README.md
|
43
|
+
- Rakefile
|
44
|
+
- hiera-eyaml-secretbox.gemspec
|
45
|
+
- lib/hiera/backend/eyaml/encryptors/secretbox.rb
|
46
|
+
- lib/hiera/backend/eyaml/encryptors/secretbox/eyaml_init.rb
|
47
|
+
- tools/regem.sh
|
48
|
+
homepage: http://github.com/tehmaze/hiera-eyaml-secretbox
|
49
|
+
licenses:
|
50
|
+
- MIT
|
51
|
+
metadata: {}
|
52
|
+
post_install_message:
|
53
|
+
rdoc_options: []
|
54
|
+
require_paths:
|
55
|
+
- lib
|
56
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
57
|
+
requirements:
|
58
|
+
- - ">="
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: '0'
|
61
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
62
|
+
requirements:
|
63
|
+
- - ">="
|
64
|
+
- !ruby/object:Gem::Version
|
65
|
+
version: '0'
|
66
|
+
requirements: []
|
67
|
+
rubyforge_project:
|
68
|
+
rubygems_version: 2.2.2
|
69
|
+
signing_key:
|
70
|
+
specification_version: 4
|
71
|
+
summary: Encryption plugin for hiera-eyaml backend for Hiera
|
72
|
+
test_files: []
|