RubyGems - ironclad - Versions diffs - 0.3.0 → 0.4.0 - Mend

ironclad 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1e2b08a6c0985159ff7be4790655703218e7eef6428416a68eba9fe8d039d16b
-  data.tar.gz: 0d14ea6406e375cad4f6045ab1e1bf0bcfa6a85deb9a3c995b745d786ef5f823
+  metadata.gz: 6819fa2b385f31df19c7479d5ed5a0910ec213cc2c45c6ebc295808f66587a19
+  data.tar.gz: 99037f4d626d7801aaa355ef8f4d6f528477e50e4790c4c5128242acfe8af5c9
 SHA512:
-  metadata.gz: 2c5bee8e2a72bb805d56c58884d951008a02408e3d99ddfeef8ec4723af1a619b130c5a36f0e668de0f5ddad720116cb50ed3319f8994970e7f65fb01de501a5
-  data.tar.gz: 3bc45b204cb6f95ebe763000b13d388c5c737602b273f16380bf2e6dc1f1d4260f896e73b5e855465245ca2bd39e9c9dfc221471109d06bd8b5d2de94af3a0ba
+  metadata.gz: a80bfbba051d04f6723269272610643d29c13dfeaeea811105a4083eea24cbd99bd8d0fb4486610b1614b4d0f38c9b9f640c8d9463df6974e7f0edb72fde5ffe
+  data.tar.gz: d5a34169bc5fe30a3866427ea8afdcba6691c0ae3996bf199cea3aeeb43c0b85bf3b659d82e44ca9467c7e77711beb8541b190717bae9131f4a487b6fe75ce61

data/README.md CHANGED Viewed

@@ -11,7 +11,8 @@ Ironclad reads each environment's key (`master.key`, `production.key`) from
 Linux kernel keyring — so repeated use doesn't round-trip to 1Password. It
 ships:
-- a CLI for printing a key or editing credentials,
+- a CLI for printing a key, editing credentials, and keeping `git diff`
+  readable,
 - a Railtie that loads the current environment's key into `ENV` at boot,
 - Capistrano helpers so deploys need no key file, and
 - an install generator that wires it all into a Rails app.

data/lib/ironclad/cli.rb CHANGED Viewed

@@ -8,6 +8,7 @@ module Ironclad
   #
   #   ironclad [env] [--refresh]   print the credentials key (default env)
   #   ironclad edit [env]          edit Rails credentials for env
+  #   ironclad diff <file>         git textconv: decrypt a credentials file
   class CLI
     def self.start(argv)
       new(argv).run
@@ -22,6 +23,9 @@ module Ironclad
       when 'edit'
         @argv.shift
         edit(@argv.shift || 'default')
+      when 'diff'
+        @argv.shift
+        diff(@argv.shift)
       when '-h', '--help', 'help'
         print_help
       else
@@ -45,12 +49,20 @@ module Ironclad
     def edit(env)
       validate_env!(env)
       ENV['RAILS_MASTER_KEY'] = Ironclad.key(env)
+      Ironclad.configure_git_diff!
       args = ['credentials:edit']
       args.push('-e', env) unless env == 'default'
       exec('bin/rails', *args)
     end
+    def diff(path)
+      raise Error, 'Usage: ironclad diff <file>' unless path
+      require_relative 'diff'
+      Diff.call(path)
+    end
     def validate_env!(env)
       return if Ironclad.config.environments.include?(env)
@@ -65,6 +77,7 @@ module Ironclad
         Usage:
           ironclad [env] [--refresh]   print the credentials key (env: default)
           ironclad edit [env]          edit Rails credentials for env
+          ironclad diff <file>         git textconv: decrypt a credentials file
           ironclad --help              show this help
         --refresh re-reads from the source after a key rotation.

data/lib/ironclad/diff.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+require 'active_support'
+require 'active_support/encrypted_file'
+module Ironclad
+  module Diff
+    ENV_KEY = 'IRONCLAD_DIFF_KEY'
+    module_function
+    def call(path, out = $stdout)
+      out.write(decrypt(path) || File.read(path))
+    end
+    def decrypt(path)
+      key = Ironclad.key(environment_for(path))
+      return unless key
+      ENV[ENV_KEY] = key
+      ActiveSupport::EncryptedFile.new(
+        content_path: path, key_path: File::NULL,
+        env_key: ENV_KEY, raise_if_missing_key: true
+      ).read
+    rescue Ironclad::Error, ActiveSupport::MessageEncryptor::InvalidMessage
+      nil
+    end
+    def environment_for(path)
+      env = File.basename(path).delete_suffix('.yml.enc')
+      Ironclad.config.key?(env) ? env : 'default'
+    end
+  end
+end

data/lib/ironclad/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Ironclad
-  VERSION = '0.3.0'
+  VERSION = '0.4.0'
 end

data/lib/ironclad.rb CHANGED Viewed

@@ -12,6 +12,9 @@ require_relative 'ironclad/key_store'
 module Ironclad
   class Error < StandardError; end
+  GIT_DIFF_DRIVER = 'rails_credentials'
+  DIFF_COMMAND = 'bin/ironclad diff'
   class << self
     # Path to the project's ironclad.yml. Override before first use if needed.
     attr_writer :config_path
@@ -38,11 +41,26 @@ module Ironclad
       store.key(environment.to_s, refresh: refresh)
     end
+    def configure_git_diff!(command = DIFF_COMMAND)
+      return unless enrolled_in_git_diff?
+      system('git', 'config', "diff.#{GIT_DIFF_DRIVER}.textconv", command,
+             %i[out err] => File::NULL)
+    end
     # Reset memoized state (mainly for tests).
     def reset!
       @config = nil
       @store = nil
     end
+    private
+    def enrolled_in_git_diff?
+      attributes = File.join(Dir.pwd, '.gitattributes')
+      File.file?(attributes) &&
+        File.read(attributes).include?("diff=#{GIT_DIFF_DRIVER}")
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ironclad
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Jarrett Lusso
@@ -104,6 +104,7 @@ files:
 - lib/ironclad/capistrano.rb
 - lib/ironclad/cli.rb
 - lib/ironclad/config.rb
+- lib/ironclad/diff.rb
 - lib/ironclad/key_store.rb
 - lib/ironclad/railtie.rb
 - lib/ironclad/source.rb