hiera-eyaml 4.2.0 → 5.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9eb7f6a848fd49e92f95073ea457a181427bf20e47ba869515a6510d43cc893d
-  data.tar.gz: cc69d4fa0b0b197c25cd873b30f6974dd669e136e39525fddd6813b72504010b
+  metadata.gz: 932c6b900a2840edbf57d44a00b39e31c337f6c76fd0161c47ed4d49b18463a8
+  data.tar.gz: 51ee6c0a95ebfc4bb9af94572451554d6a2390ade43c1b0c4a2f0f18f8df8d99
 SHA512:
-  metadata.gz: fe9b09b8ee6c02c20680851b8468336ed4c415987c70c19d1ceb3ec61c97898dbeee0b6cf1df1ad7b807f8797104897d75e497dadb21c52d68614028c9a3bf48
-  data.tar.gz: e6a29c5b00b2da302a6e621c0bde65809713391aa827a329ee29b890d244d4c75ecc7718f7179b29b0691580a50a2ecff0bdda598a7c00eeb88392fd83238fee
+  metadata.gz: 92a37b8e83aa2fcf0e483df040eafba7885d29f5b8179646ca1012f930776c336e4b1327704ff2ae6cf2b3cc0a67d5f432de81539b5698fd92986b05e934a516
+  data.tar.gz: 9d44c0788b1cc0eb6c838eefb8d2dd4f4d5a113207d96bdb4e2aef8f20b2a187842f3f5774c298f53e4db4e18dce8117dfe5db70ed2e0d5b7a0dd582470d479f

data/.github/release.yml

@@ -0,0 +1,41 @@
+---
+# https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes
+
+changelog:
+  exclude:
+    labels:
+      - duplicate
+      - invalid
+      - modulesync
+      - question
+      - skip-changelog
+      - wont-fix
+      - wontfix
+      - github_actions
+
+  categories:
+    - title: Breaking Changes 🛠
+      labels:
+        - backwards-incompatible
+
+    - title: New Features 🎉
+      labels:
+        - enhancement
+
+    - title: Bug Fixes 🐛
+      labels:
+        - bug
+        - bugfix
+
+    - title: Documentation Updates 📚
+      labels:
+        - documentation
+        - docs
+
+    - title: Dependency Updates ⬆️
+      labels:
+        - dependencies
+
+    - title: Other Changes
+      labels:
+        - "*"

data/.github/workflows/release.yml

@@ -1,30 +1,106 @@
-name: Release
+---
+name: Gem Release
 
 on:
   push:
     tags:
       - '*'
 
+permissions: {}
+
 jobs:
-  release:
-    runs-on: ubuntu-latest
+  build-release:
+    # Prevent releases from forked repositories
     if: github.repository_owner == 'voxpupuli'
+    name: Build the gem
+    runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v4
-      - name: Install Ruby 3.1
+      - uses: actions/checkout@v6
+      - name: Install Ruby
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: '3.1'
+          ruby-version: 'ruby'
       - name: Build gem
-        run: gem build --strict --verbose *.gemspec
+        shell: bash
+        run: gem build --verbose *.gemspec
+      - name: Upload gem to GitHub cache
+        uses: actions/upload-artifact@v6
+        with:
+          name: gem-artifact
+          path: '*.gem'
+          retention-days: 1
+          compression-level: 0
+
+  create-github-release:
+    needs: build-release
+    name: Create GitHub release
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: write # clone repo and create release
+    steps:
+      - name: Download gem from GitHub cache
+        uses: actions/download-artifact@v7
+        with:
+          name: gem-artifact
+      - name: Create Release
+        shell: bash
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: gh release create --repo ${{ github.repository }} ${{ github.ref_name }} --generate-notes *.gem
+
+  release-to-github:
+    needs: build-release
+    name: Release to GitHub
+    runs-on: ubuntu-24.04
+    permissions:
+      packages: write # publish to rubygems.pkg.github.com
+    steps:
+      - name: Download gem from GitHub cache
+        uses: actions/download-artifact@v7
+        with:
+          name: gem-artifact
+      - name: Publish gem to GitHub packages
+        run: gem push --host https://rubygems.pkg.github.com/${{ github.repository_owner }} *.gem
+        env:
+          GEM_HOST_API_KEY: ${{ secrets.GITHUB_TOKEN }}
+
+  release-to-rubygems:
+    needs: build-release
+    name: Release gem to rubygems.org
+    runs-on: ubuntu-24.04
+    environment: release # recommended by rubygems.org
+    permissions:
+      id-token: write # rubygems.org authentication
+    steps:
+      - name: Download gem from GitHub cache
+        uses: actions/download-artifact@v7
+        with:
+          name: gem-artifact
+      - uses: rubygems/configure-rubygems-credentials@v1.0.0
       - name: Publish gem to rubygems.org
+        shell: bash
         run: gem push *.gem
-        env:
-          GEM_HOST_API_KEY: '${{ secrets.RUBYGEMS_AUTH_TOKEN }}'
-      - name: Setup GitHub packages access
+
+  release-verification:
+    name: Check that all releases are done
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read # minimal permissions that we have to grant
+    needs:
+      - create-github-release
+      - release-to-github
+      - release-to-rubygems
+    steps:
+      - name: Download gem from GitHub cache
+        uses: actions/download-artifact@v7
+        with:
+          name: gem-artifact
+      - name: Install Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 'ruby'
+      - name: Wait for release to propagate
+        shell: bash
         run: |
-          mkdir -p ~/.gem
-          echo ":github: Bearer ${{ secrets.GITHUB_TOKEN }}" >> ~/.gem/credentials
-          chmod 0600 ~/.gem/credentials
-      - name: Publish gem to GitHub packages
-        run: gem push --key github --host https://rubygems.pkg.github.com/voxpupuli *.gem
+          gem install rubygems-await
+          gem await *.gem

data/.github/workflows/test.yml

@@ -1,3 +1,4 @@
+---
 name: Test
 
 on:
@@ -6,16 +7,16 @@ on:
     branches:
       - master
 
-env:
-  BUNDLE_WITHOUT: release
+permissions:
+  contents: read
 
 jobs:
   rubocop:
     env:
       BUNDLE_WITHOUT: release
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Install Ruby ${{ matrix.ruby }}
         uses: ruby/setup-ruby@v1
         with:
@@ -24,7 +25,7 @@ jobs:
       - name: Run Rubocop
         run: bundle exec rake rubocop
   test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:
@@ -33,47 +34,64 @@ jobs:
           - "3.0"
           - "3.1"
           - "3.2"
+          - "3.3"
+          - "3.4"
+          - "4.0"
           - jruby-9.4
-        puppet:
-          - "~> 8.0"
-          - "~> 7.24"
-          - "https://github.com/puppetlabs/puppet.git#main"
+          - jruby-10
+        openvox:
+          - "~> 8"
+          - "~> 7"
+          - "https://github.com/OpenVoxProject/puppet.git#main"
         exclude:
+          - ruby: jruby-10
+            openvox: "~> 7"
+          - ruby: "4.0"
+            openvox: "~> 7"
+
+          - ruby: "3.4"
+            openvox: "~> 7"
+
           - ruby: "3.0"
-            puppet: "~> 8.0"
+            openvox: "~> 8"
           - ruby: "2.7"
-            puppet: "~> 8.0"
+            openvox: "~> 8"
 
           - ruby: "3.0"
-            puppet: "https://github.com/puppetlabs/puppet.git#main"
+            openvox: "https://github.com/openvoxproject/puppet.git#main"
           - ruby: "2.7"
-            puppet: "https://github.com/puppetlabs/puppet.git#main"
+            openvox: "https://github.com/openvoxproject/puppet.git#main"
+
     env:
-      PUPPET_VERSION: ${{ matrix.puppet }}
+      OPENVOX_VERSION: ${{ matrix.openvox }}
       COVERAGE: ${{ matrix.coverage }}
-    name: "Ruby ${{ matrix.ruby }} - Puppet ${{ matrix.puppet }}"
+    name: "Ruby ${{ matrix.ruby }} - OpenVox ${{ matrix.openvox }}"
     steps:
       - name: Enable coverage reporting on Ruby 3.1
-        if: matrix.puppet == '~> 7.24' && matrix.ruby == '3.1'
+        if: matrix.openvox == '~> 7' && matrix.ruby == '3.1'
         run: echo 'COVERAGE=yes' >> $GITHUB_ENV
-      - uses: actions/checkout@v4
-      - name: Install expect
-        run: sudo apt-get install expect
+      - uses: actions/checkout@v6
       - name: Install Ruby ${{ matrix.ruby }}
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby }}
           bundler-cache: true
+      - name: Display Ruby environment
+        run: bundle env
       - name: spec tests
         run: bundle exec rake features
       - name: Verify gem builds
         run: gem build --strict --verbose *.gemspec
 
   tests:
+    if: always()
     needs:
       - rubocop
       - test
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     name: Test suite
     steps:
-      - run: echo Test suite completed
+      - name: Decide whether the needed jobs succeeded or failed
+        uses: re-actors/alls-green@release/v1
+        with:
+          jobs: ${{ toJSON(needs) }}

data/.rubocop.yml

@@ -6,3 +6,6 @@ inherit_gem:
 
 Metrics:
   Enabled: false
+
+Style/IfUnlessModifier:
+  Enabled: false

data/.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
-# `rubocop --auto-gen-config`
-# on 2024-10-20 14:24:21 UTC using RuboCop version 1.64.1.
+# `rubocop --auto-gen-config --no-auto-gen-timestamp`
+# using RuboCop version 1.75.8.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -13,14 +13,6 @@ Layout/CommentIndentation:
   Exclude:
     - 'lib/hiera/backend/eyaml/subcommands/help.rb'
 
-# Offense count: 2
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: space, compact, no_space
-Layout/SpaceInsideParens:
-  Exclude:
-    - 'lib/hiera/backend/eyaml/logginghelper.rb'
-
 # Offense count: 1
 Lint/DuplicateMethods:
   Exclude:
@@ -45,23 +37,6 @@ Lint/RescueException:
   Exclude:
     - 'lib/hiera/backend/eyaml/subcommand.rb'
 
-# Offense count: 1
-Lint/ShadowingOuterLocalVariable:
-  Exclude:
-    - 'lib/hiera/backend/eyaml_backend.rb'
-
-# Offense count: 7
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: AutoCorrect.
-Lint/UselessAssignment:
-  Exclude:
-    - 'features/support/env.rb'
-    - 'lib/hiera/backend/eyaml/plugins.rb'
-    - 'lib/hiera/backend/eyaml/subcommand.rb'
-    - 'lib/hiera/backend/eyaml/subcommands/unknown_command.rb'
-    - 'lib/hiera/backend/eyaml/subcommands/version.rb'
-    - 'lib/hiera/backend/eyaml/utils.rb'
-
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: AutoCorrect.
@@ -74,7 +49,7 @@ Lint/UselessMethodDefinition:
 # Configuration parameters: AutoCorrect, CheckForMethodsWithNoSideEffects.
 Lint/Void:
   Exclude:
-    - 'lib/hiera/backend/eyaml/parser/token.rb'
+    - 'features/support/env.rb'
 
 # Offense count: 1
 Naming/AccessorMethodName:
@@ -107,8 +82,9 @@ Naming/HeredocDelimiterNaming:
     - 'lib/hiera/backend/eyaml/subcommands/unknown_command.rb'
 
 # Offense count: 1
-# Configuration parameters: EnforcedStyle, AllowedPatterns.
+# Configuration parameters: EnforcedStyle, AllowedPatterns, ForbiddenIdentifiers, ForbiddenPatterns.
 # SupportedStyles: snake_case, camelCase
+# ForbiddenIdentifiers: __id__, __send__
 Naming/MethodName:
   Exclude:
     - 'lib/hiera/backend/eyaml/encryptors/pkcs7.rb'
@@ -123,7 +99,7 @@ Naming/MethodParameterName:
 # Offense count: 1
 # Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers, AllowedPatterns.
 # SupportedStyles: snake_case, normalcase, non_integer
-# AllowedIdentifiers: capture3, iso8601, rfc1123_date, rfc822, rfc2822, rfc3339, x86_64
+# AllowedIdentifiers: TLS1_1, TLS1_2, capture3, iso8601, rfc1123_date, rfc822, rfc2822, rfc3339, x86_64
 Naming/VariableNumber:
   Exclude:
     - 'lib/hiera/backend/eyaml/utils.rb'
@@ -169,14 +145,13 @@ Security/YAMLLoad:
     - 'features/step_definitions/decrypt_steps.rb'
     - 'lib/hiera/backend/eyaml_backend.rb'
 
-# Offense count: 9
+# Offense count: 8
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: always, conditionals
 Style/AndOr:
   Exclude:
     - 'lib/hiera/backend/eyaml/encryptors/pkcs7.rb'
-    - 'lib/hiera/backend/eyaml/highlinehelper.rb'
     - 'lib/hiera/backend/eyaml/logginghelper.rb'
     - 'lib/hiera/backend/eyaml/subcommand.rb'
     - 'lib/hiera/backend/eyaml_backend.rb'
@@ -220,7 +195,7 @@ Style/EnvHome:
 
 # Offense count: 10
 # This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: MaxUnannotatedPlaceholdersAllowed, AllowedMethods, AllowedPatterns.
+# Configuration parameters: MaxUnannotatedPlaceholdersAllowed, Mode, AllowedMethods, AllowedPatterns.
 # SupportedStyles: annotated, template, unannotated
 Style/FormatStringToken:
   EnforcedStyle: unannotated
@@ -248,22 +223,6 @@ Style/IdenticalConditionalBranches:
     - 'lib/hiera/backend/eyaml/subcommands/decrypt.rb'
     - 'lib/hiera/backend/eyaml/subcommands/edit.rb'
 
-# Offense count: 3
-# This cop supports safe autocorrection (--autocorrect).
-Style/IfUnlessModifier:
-  Exclude:
-    - 'lib/hiera/backend/eyaml/encryptors/pkcs7.rb'
-    - 'lib/hiera/backend/eyaml/parser/encrypted_tokens.rb'
-
-# Offense count: 2
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: AllowedMethods.
-# AllowedMethods: nonzero?
-Style/IfWithBooleanLiteralBranches:
-  Exclude:
-    - 'lib/hiera/backend/eyaml/highlinehelper.rb'
-    - 'lib/hiera/backend/eyaml_backend.rb'
-
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/MapIntoArray:
@@ -408,9 +367,9 @@ Style/ZeroLengthPredicate:
   Exclude:
     - 'lib/hiera/backend/eyaml/parser/parser.rb'
 
-# Offense count: 11
+# Offense count: 13
 # This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns.
+# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns, SplitStrings.
 # URISchemes: http, https
 Layout/LineLength:
   Max: 194

data/CHANGELOG.md

@@ -2,6 +2,43 @@
 
 All notable changes to this project will be documented in this file.
 
+## [v5.0.0](https://github.com/voxpupuli/hiera-eyaml/tree/v5.0.0) (2026-02-21)
+
+[Full Changelog](https://github.com/voxpupuli/hiera-eyaml/compare/v4.3.0...v5.0.0)
+
+**Breaking changes:**
+
+- adjust CLI newline printing to fix output not matching input [\#389](https://github.com/voxpupuli/hiera-eyaml/pull/389) ([bugfood](https://github.com/bugfood))
+
+**Implemented enhancements:**
+
+- syslog: Allow 0.4 [\#411](https://github.com/voxpupuli/hiera-eyaml/pull/411) ([bastelfreak](https://github.com/bastelfreak))
+- Add Jruby-10 support [\#410](https://github.com/voxpupuli/hiera-eyaml/pull/410) ([bastelfreak](https://github.com/bastelfreak))
+- Add Ruby 4.0 support [\#409](https://github.com/voxpupuli/hiera-eyaml/pull/409) ([bastelfreak](https://github.com/bastelfreak))
+- feat\(\#404\): Accept base64 encoded environment variables as pkcs7 keys [\#405](https://github.com/voxpupuli/hiera-eyaml/pull/405) ([JGodin-C2C](https://github.com/JGodin-C2C))
+- CI: Add Ruby 3.4 support [\#397](https://github.com/voxpupuli/hiera-eyaml/pull/397) ([bastelfreak](https://github.com/bastelfreak))
+
+**Fixed bugs:**
+
+- Trailing newline is added during encryption/decryption [\#272](https://github.com/voxpupuli/hiera-eyaml/issues/272)
+
+**Merged pull requests:**
+
+- README: mention that puppet-hiera can manage hiera-eyaml [\#399](https://github.com/voxpupuli/hiera-eyaml/pull/399) ([kenyon](https://github.com/kenyon))
+
+## [v4.3.0](https://github.com/voxpupuli/hiera-eyaml/tree/v4.3.0) (2025-06-05)
+
+[Full Changelog](https://github.com/voxpupuli/hiera-eyaml/compare/v4.2.0...v4.3.0)
+
+**Implemented enhancements:**
+
+- CI: Replace puppet with openvox [\#390](https://github.com/voxpupuli/hiera-eyaml/pull/390) ([bastelfreak](https://github.com/bastelfreak))
+- Add Ruby 3.3 to CI matrix [\#386](https://github.com/voxpupuli/hiera-eyaml/pull/386) ([bastelfreak](https://github.com/bastelfreak))
+
+**Merged pull requests:**
+
+- voxpupuli-rubocop: Update 2.8.0-\>3.1.0 [\#393](https://github.com/voxpupuli/hiera-eyaml/pull/393) ([bastelfreak](https://github.com/bastelfreak))
+
 ## [v4.2.0](https://github.com/voxpupuli/hiera-eyaml/tree/v4.2.0) (2024-10-21)
 
 [Full Changelog](https://github.com/voxpupuli/hiera-eyaml/compare/v4.1.0...v4.2.0)

data/Gemfile

@@ -21,15 +21,22 @@ group :development do
   gem 'aruba', '~> 2.2'
   gem 'cucumber', '~> 9.2'
   gem 'hiera-eyaml-plaintext'
-  gem 'puppet', *location_for(ENV['PUPPET_VERSION']) if ENV['PUPPET_VERSION']
+  gem 'openvox', *location_for(ENV['OPENVOX_VERSION']) if ENV['OPENVOX_VERSION']
 end
 
-group :release do
-  gem 'faraday-retry', require: false
-  gem 'github_changelog_generator', require: false
+group :release, optional: true do
+  gem 'faraday-retry', '~> 2.1', require: false
+  gem 'github_changelog_generator', '~> 1.16.4', require: false
 end
 
 group :coverage, optional: ENV['COVERAGE'] != 'yes' do
   gem 'codecov', require: false
   gem 'simplecov-console', require: false
 end
+
+# openvox gem depends on syslog, but doesn't list it as explicit dependency
+# until Ruby 3.4, syslog was part of MRI ruby core
+# https://github.com/OpenVoxProject/puppet/issues/90
+platforms :mri do
+  gem 'syslog', '>= 0.3.0', '< 0.5'
+end

data/README.md

@@ -65,6 +65,10 @@ files as simple as clear text files.
 Setup
 -----
 
+### Puppet module
+
+The Vox Pupuli [hiera module](https://github.com/voxpupuli/puppet-hiera) can manage the installation and configuration of hiera-eyaml.
+
 ### Installing hiera-eyaml
 
 #### RubyGems
@@ -535,7 +539,6 @@ In order to run the tests, simply run `cucumber` in the top level directory of t
 
 You'll need to have a few requirements installed:
 
-  * `expect` (via yum/apt-get or system package)
   * `aruba` (gem)
   * `cucumber` (gem)
   * `puppet` (gem)

data/Rakefile

@@ -26,7 +26,7 @@ end
 # https://stackoverflow.com/questions/6473419/using-simplecov-to-display-cucumber-code-coverage
 require 'cucumber/rake/task'
 Cucumber::Rake::Task.new(:features) do |t|
-  t.cucumber_opts = %w[--format progress] # Any valid command line option can go here.
+  t.cucumber_opts = %w[--format progress --strict] # Any valid command line option can go here.
 end
 
 begin

data/hiera-eyaml.gemspec

@@ -16,12 +16,13 @@ Gem::Specification.new do |gem|
   gem.executables   = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
   gem.require_paths = ['lib']
 
-  gem.add_runtime_dependency 'highline', '>= 2.1', '< 4'
-  gem.add_runtime_dependency 'optimist', '~> 3.1'
+  gem.add_dependency 'base64', '~> 0.3.0'
+  gem.add_dependency 'highline', '>= 2.1', '< 4'
+  gem.add_dependency 'optimist', '~> 3.1'
 
   gem.add_development_dependency 'rake', '~> 13.2', '>= 13.2.1'
   gem.add_development_dependency 'rspec-expectations', '~> 3.13'
-  gem.add_development_dependency 'voxpupuli-rubocop', '~> 2.8.0'
+  gem.add_development_dependency 'voxpupuli-rubocop', '~> 3.1.0'
 
-  gem.required_ruby_version = '>= 2.7', ' < 4'
+  gem.required_ruby_version = '>= 2.7', ' < 5'
 end

data/lib/hiera/backend/eyaml/CLI.rb

@@ -42,7 +42,7 @@ class Hiera
           executor = Eyaml::Options[:executor]
 
           result = executor.execute
-          puts result unless result.nil?
+          executor.print_out(result) unless result.nil?
         end
       end
     end

data/lib/hiera/backend/eyaml/encryptors/pkcs7.rb

@@ -1,4 +1,5 @@
 require 'openssl'
+require 'base64'
 require 'hiera/backend/eyaml/encryptor'
 require 'hiera/backend/eyaml/encrypthelper'
 require 'hiera/backend/eyaml/logginghelper'
@@ -20,6 +21,10 @@ class Hiera
                                    type: :string, },
             public_key_env_var: { desc: 'Name of environment variable to read public key from',
                                   type: :string, },
+            b64_private_key_env_var: { desc: 'Name of environment variable to read private key from, encoded in base64',
+                                       type: :string, },
+            b64_public_key_env_var: { desc: 'Name of environment variable to read public key from, encoded in base64',
+                                      type: :string, },
             keysize: { desc: 'Key size used for encryption',
                        type: :integer,
                        default: 2048, },
@@ -91,9 +96,10 @@ class Hiera
             LoggingHelper.info 'Keys created OK'
           end
 
-          def self.load_ANY_key_pem(optname_key, optname_env_var)
+          def self.load_ANY_key_pem(optname_key, optname_env_var, b64_optname_env_var)
             opt_key = option(optname_key.to_sym)
             opt_key_env_var = option(optname_env_var.to_sym)
+            b64_opt_key_env_var = option(b64_optname_env_var.to_sym)
 
             if opt_key and opt_key_env_var
               warn "both #{optname_key} and #{optname_env_var} specified, using #{optname_env_var}"
@@ -103,6 +109,10 @@ class Hiera
               raise StandardError, "env #{opt_key_env_var} is not set" unless ENV[opt_key_env_var]
 
               opt_key_pem = ENV.fetch(opt_key_env_var, nil)
+            elsif b64_opt_key_env_var
+              raise StandardError, "env #{b64_opt_key_env_var} is not set" unless ENV[b64_opt_key_env_var]
+
+              opt_key_pem = Base64.decode64(ENV.fetch(b64_opt_key_env_var, nil))
             elsif opt_key
               raise StandardError, "file #{opt_key} does not exist" unless File.exist? opt_key
 
@@ -115,11 +125,11 @@ class Hiera
           end
 
           def self.load_public_key_pem
-            load_ANY_key_pem('public_key', 'public_key_env_var')
+            load_ANY_key_pem('public_key', 'public_key_env_var', 'b64_public_key_env_var')
           end
 
           def self.load_private_key_pem
-            load_ANY_key_pem('private_key', 'private_key_env_var')
+            load_ANY_key_pem('private_key', 'private_key_env_var', 'b64_private_key_env_var')
           end
         end
       end

data/lib/hiera/backend/eyaml/highlinehelper.rb

@@ -1,20 +1,20 @@
-require 'highline/import'
+require 'highline'
 
 class Hiera
   module Backend
     module Eyaml
       class HighlineHelper
+        def self.cli
+          HighLine.new($stdin, $stderr)
+        end
+
         def self.read_password
-          ask('Enter password: ') { |q| q.echo = '*' }
+          cli.ask('Enter password: ') { |q| q.echo = '*' }
         end
 
         def self.confirm?(message)
-          result = ask("#{message} (y/N): ")
-          if result.downcase == 'y' or result.downcase == 'yes'
-            true
-          else
-            false
-          end
+          result = cli.ask("#{message} (y/N): ")
+          %w[y yes].include?(result.downcase) || false
         end
       end
     end

data/lib/hiera/backend/eyaml/logginghelper.rb

@@ -50,7 +50,7 @@ class Hiera
           if hiera?
             Hiera.send(hiera_loglevel, message) if threshold.nil? or Eyaml.verbosity_level > threshold
           elsif threshold.nil? or Eyaml.verbosity_level > threshold
-            STDERR.puts self.colorize( message, cli_color )
+            STDERR.puts self.colorize(message, cli_color)
           end
         end
 

data/lib/hiera/backend/eyaml/parser/encrypted_tokens.rb

@@ -146,9 +146,7 @@ class Hiera
 
           def create_token(string)
             md = @regex.match(string)
-            if EncToken.encrypt_unchanged == false && !md[1].nil? && (md[3] == EncToken.tokens_map[md[1]])
-              return EncToken.plain_text_value(:string, md[3], md[2], string, md[1])
-            end
+            return EncToken.plain_text_value(:string, md[3], md[2], string, md[1]) if EncToken.encrypt_unchanged == false && !md[1].nil? && (md[3] == EncToken.tokens_map[md[1]])
 
             EncToken.decrypted_value(:string, md[3], md[2], string, md[1])
           end
@@ -161,9 +159,7 @@ class Hiera
 
           def create_token(string)
             md = @regex.match(string)
-            if EncToken.encrypt_unchanged == false && !md[2].nil? && (md[4] == EncToken.tokens_map[md[2]])
-              return EncToken.plain_text_value(:string, md[4], md[3], string, md[2])
-            end
+            return EncToken.plain_text_value(:string, md[4], md[3], string, md[2]) if EncToken.encrypt_unchanged == false && !md[2].nil? && (md[4] == EncToken.tokens_map[md[2]])
 
             EncToken.decrypted_value(:block, md[4], md[3], string, md[2], md[1])
           end

data/lib/hiera/backend/eyaml/parser/token.rb

@@ -5,7 +5,6 @@ class Hiera
         class TokenType
           attr_reader :regex
 
-          @regex
           def create_token(_string)
             raise 'Abstract method called'
           end

data/lib/hiera/backend/eyaml/plugins.rb

@@ -37,7 +37,6 @@ class Hiera
               dependency = spec.dependencies.find { |d| d.name == 'hiera-eyaml' }
               next if dependency && !dependency.requirement.satisfied_by?(this_version)
 
-              file = nil
               file = if gem_version >= Gem::Version.new('1.8.0')
                        spec.matches_for_glob('**/eyaml_init.rb').first
                      else

data/lib/hiera/backend/eyaml/subcommand.rb

@@ -86,7 +86,7 @@ class Hiera
         def self.find(commandname = 'unknown_command')
           begin
             require "hiera/backend/eyaml/subcommands/#{commandname.downcase}"
-          rescue Exception => e
+          rescue Exception
             require 'hiera/backend/eyaml/subcommands/unknown_command'
             return Hiera::Backend::Eyaml::Subcommands::UnknownCommand
           end
@@ -135,6 +135,10 @@ class Hiera
           options
         end
 
+        def self.print_out(string)
+          print string
+        end
+
         def self.validate(args)
           args
         end

data/lib/hiera/backend/eyaml/subcommands/decrypt.rb

@@ -81,6 +81,17 @@ class Hiera
               decrypted.join
             end
           end
+
+          def self.print_out(string)
+            case Eyaml::Options[:source]
+            when :eyaml
+              # Be sure the output ends with a newline, since YAML is a text format.
+              puts string
+            else
+              # Print the exact result.
+              print string
+            end
+          end
         end
       end
     end

data/lib/hiera/backend/eyaml/subcommands/encrypt.rb

@@ -90,6 +90,18 @@ class Hiera
               end
             end
           end
+
+          def self.print_out(string)
+            case Eyaml::Options[:output]
+            when 'string'
+              # Do not include a newline, so that 'eyaml decrypt' of the
+              # output returns the original input.
+              print string
+            else
+              # The output is a text file, so ensure there is a final newline.
+              puts string
+            end
+          end
         end
       end
     end

data/lib/hiera/backend/eyaml/subcommands/unknown_command.rb

@@ -20,7 +20,6 @@ class Hiera
           end
 
           def self.execute
-            subcommands = Eyaml.subcommands
             puts <<~EOS
               Unknown subcommand#{': ' + Eyaml.subcommand if Eyaml.subcommand}
 

data/lib/hiera/backend/eyaml/subcommands/version.rb

@@ -15,8 +15,6 @@ class Hiera
           end
 
           def self.execute
-            plugin_versions = {}
-
             Eyaml::LoggingHelper.info "hiera-eyaml (core): #{Eyaml::VERSION}"
 
             Plugins.plugins.each do |plugin|

data/lib/hiera/backend/eyaml/utils.rb

@@ -60,7 +60,7 @@ class Hiera
           return string if orig_encoding == Encoding::UTF_8
 
           string.dup.force_encoding(Encoding::UTF_8)
-        rescue EncodingError => e
+        rescue EncodingError
           warn "Unable to encode to \"Encoding::UTF_8\" using the original \"#{orig_encoding}\""
           string
         end

data/lib/hiera/backend/eyaml.rb

@@ -1,7 +1,7 @@
 class Hiera
   module Backend
     module Eyaml
-      VERSION = '4.2.0'
+      VERSION = '5.0.0'
       DESCRIPTION = 'Hiera-eyaml is a backend for Hiera which provides OpenSSL encryption/decryption for Hiera properties'
 
       class RecoverableError < StandardError

data/lib/hiera/backend/eyaml_backend.rb

@@ -105,7 +105,7 @@ class Hiera
       end
 
       def encrypted?(data)
-        /.*ENC\[.*\]/.match?(data) ? true : false
+        /.*ENC\[.*\]/.match?(data) || false
       end
 
       def parse_answer(data, scope, extra_data = {})

metadata

@@ -1,15 +1,28 @@
 --- !ruby/object:Gem::Specification
 name: hiera-eyaml
 version: !ruby/object:Gem::Version
-  version: 4.2.0
+  version: 5.0.0
 platform: ruby
 authors:
 - Vox Pupuli
-autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-10-21 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
 - !ruby/object:Gem::Dependency
   name: highline
   requirement: !ruby/object:Gem::Requirement
@@ -84,14 +97,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.8.0
+        version: 3.1.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.8.0
+        version: 3.1.0
 description: Hiera backend for decrypting encrypted yaml properties
 email: voxpupuli@groups.io
 executables:
@@ -100,6 +113,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".github/dependabot.yml"
+- ".github/release.yml"
 - ".github/workflows/release.yml"
 - ".github/workflows/test.yml"
 - ".gitignore"
@@ -146,7 +160,6 @@ homepage: https://github.com/voxpupuli/hiera-eyaml/
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -157,15 +170,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '2.7'
   - - "<"
     - !ruby/object:Gem::Version
-      version: '4'
+      version: '5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.27
-signing_key: 
+rubygems_version: 4.0.3
 specification_version: 4
 summary: OpenSSL Encryption backend for Hiera
 test_files: []