keystore 0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/bin/keystore.rb +50 -0
- data/lib/keystore.rb +32 -0
- metadata +86 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: ad74a93a05ef9aeb9ced232bea509de0eecb3eab
|
|
4
|
+
data.tar.gz: f9f142c30653d0f6dee86f8d8dc808a56402dcb5
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 94ac6e846818166f9b083bc2dea775790246607ada08495381cf77d9083f17d1e04eeb0df2cfabcfaefd757e87978ae12da3d6c7b5b3a8d4558c5a8ed8056c3b
|
|
7
|
+
data.tar.gz: 54651c88bf02fbf88a04faed881d80f338b45c730e241ae59f47dc04033a0274cfaee4cf61ecff00147d056d69e02f8d48ee0cf4c922d2cd8245f870b18afcdc
|
data/bin/keystore.rb
ADDED
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
require 'keystore'
|
|
2
|
+
require 'aws-sdk-core'
|
|
3
|
+
require 'trollop'
|
|
4
|
+
|
|
5
|
+
SUB_COMMANDS = %w(store retrieve)
|
|
6
|
+
global_opts = Trollop.options do
|
|
7
|
+
opt :region, 'The region to look for the dynamodb in', default: 'us-east-1'
|
|
8
|
+
banner 'utility for storing and retrieving encrypted values
|
|
9
|
+
available commands:
|
|
10
|
+
|
|
11
|
+
store -- store a value in keystore
|
|
12
|
+
retrieve -- retrieve a value from keystore
|
|
13
|
+
|
|
14
|
+
use --help with either command for more information.
|
|
15
|
+
'
|
|
16
|
+
stop_on SUB_COMMANDS
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
cmd = ARGV.shift
|
|
20
|
+
cmd_opts =
|
|
21
|
+
case cmd
|
|
22
|
+
when 'store'
|
|
23
|
+
Trollop.options do
|
|
24
|
+
opt :value, 'the value to be inserted into the keystore (required for store)', required: true, type: String
|
|
25
|
+
opt :kmsid, 'the kms key id to use to encrypt the data (required for store)', required: true, type: String
|
|
26
|
+
opt :keyname, 'the name of the key associated with the value', required: true, type: String
|
|
27
|
+
opt :table, 'the name of the table to perform the lookup on', required: true, type: String
|
|
28
|
+
end
|
|
29
|
+
when 'retrieve'
|
|
30
|
+
Trollop.options do
|
|
31
|
+
opt :keyname, 'the name of the key associated with the value', required: true, type: String
|
|
32
|
+
opt :table, 'the name of the table to perform the lookup on', required: true, type: String
|
|
33
|
+
end
|
|
34
|
+
else
|
|
35
|
+
Trollop.die "usage: keystore.rb [store|retrieve] [parameters]"
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
dynamo = Aws::DynamoDB::Client.new region: global_opts[:region]
|
|
39
|
+
kms = Aws::KMS::Client.new region: global_opts[:region]
|
|
40
|
+
keystore = Keystore.new dynamo: dynamo, table_name: cmd_opts[:table], kms: kms, key_id: cmd_opts[:kmsid]
|
|
41
|
+
|
|
42
|
+
case cmd
|
|
43
|
+
when 'store'
|
|
44
|
+
keystore.store key: cmd_opts[:keyname], value: cmd_opts[:value]
|
|
45
|
+
when 'retrieve'
|
|
46
|
+
result = keystore.retrieve key: cmd_opts[:keyname]
|
|
47
|
+
puts result
|
|
48
|
+
else
|
|
49
|
+
fail "unknown subcommand #{cmd}"
|
|
50
|
+
end
|
data/lib/keystore.rb
ADDED
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
require 'aws-sdk-core'
|
|
2
|
+
require 'base64'
|
|
3
|
+
|
|
4
|
+
# utility to use AWS services to handle encryption and storage of secret data.
|
|
5
|
+
class Keystore
|
|
6
|
+
def initialize(params = {})
|
|
7
|
+
@options = params
|
|
8
|
+
fail 'need to specify dynamo parameter' if @options[:dynamo].nil?
|
|
9
|
+
fail 'need to specify table_name parameter' if @options[:table_name].nil?
|
|
10
|
+
fail 'need to specify kms parameter' if @options[:kms].nil?
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def store(params)
|
|
14
|
+
# only need key id to encrypt, so check for it here
|
|
15
|
+
fail 'need to specify key_id parameter' if @options[:key_id].nil?
|
|
16
|
+
key_id = @options[:key_id]
|
|
17
|
+
encrypted_value = @options[:kms].encrypt(key_id: key_id, plaintext: params[:value]).ciphertext_blob
|
|
18
|
+
encoded_value = Base64.encode64(encrypted_value)
|
|
19
|
+
@options[:dynamo].put_item(
|
|
20
|
+
table_name: @options[:table_name],
|
|
21
|
+
item: { ParameterName: params[:key], Value: encoded_value }
|
|
22
|
+
)
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def retrieve(params)
|
|
26
|
+
item = @options[:dynamo].get_item(table_name: @options[:table_name], key: { ParameterName: params[:key] }).item
|
|
27
|
+
fail "keyname #{params[:key]} not found" if item.nil?
|
|
28
|
+
encoded_value = item['Value']
|
|
29
|
+
encrypted_value = Base64.decode64(encoded_value)
|
|
30
|
+
@options[:kms].decrypt(ciphertext_blob: encrypted_value).plaintext
|
|
31
|
+
end
|
|
32
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: keystore
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: '0.1'
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Jonny Sywulak
|
|
8
|
+
- Stelligent
|
|
9
|
+
autorequire:
|
|
10
|
+
bindir: bin
|
|
11
|
+
cert_chain: []
|
|
12
|
+
date: 2015-09-28 00:00:00.000000000 Z
|
|
13
|
+
dependencies:
|
|
14
|
+
- !ruby/object:Gem::Dependency
|
|
15
|
+
name: aws-sdk
|
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
|
17
|
+
requirements:
|
|
18
|
+
- - "~>"
|
|
19
|
+
- !ruby/object:Gem::Version
|
|
20
|
+
version: '2.1'
|
|
21
|
+
type: :runtime
|
|
22
|
+
prerelease: false
|
|
23
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
24
|
+
requirements:
|
|
25
|
+
- - "~>"
|
|
26
|
+
- !ruby/object:Gem::Version
|
|
27
|
+
version: '2.1'
|
|
28
|
+
- !ruby/object:Gem::Dependency
|
|
29
|
+
name: trollop
|
|
30
|
+
requirement: !ruby/object:Gem::Requirement
|
|
31
|
+
requirements:
|
|
32
|
+
- - "~>"
|
|
33
|
+
- !ruby/object:Gem::Version
|
|
34
|
+
version: '2.1'
|
|
35
|
+
- - ">="
|
|
36
|
+
- !ruby/object:Gem::Version
|
|
37
|
+
version: 2.1.2
|
|
38
|
+
type: :runtime
|
|
39
|
+
prerelease: false
|
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
41
|
+
requirements:
|
|
42
|
+
- - "~>"
|
|
43
|
+
- !ruby/object:Gem::Version
|
|
44
|
+
version: '2.1'
|
|
45
|
+
- - ">="
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: 2.1.2
|
|
48
|
+
description: While building applications and continuous delivery pipelines, secret
|
|
49
|
+
management is usually one of the first non-trivial problems you run across. The
|
|
50
|
+
Keystore utility pairs to AWS services to handle encryption and storage of secret
|
|
51
|
+
data.
|
|
52
|
+
email: jonny@stelligent.com
|
|
53
|
+
executables:
|
|
54
|
+
- keystore.rb
|
|
55
|
+
extensions: []
|
|
56
|
+
extra_rdoc_files: []
|
|
57
|
+
files:
|
|
58
|
+
- bin/keystore.rb
|
|
59
|
+
- lib/keystore.rb
|
|
60
|
+
homepage: http://www.stelligent.com
|
|
61
|
+
licenses:
|
|
62
|
+
- MIT
|
|
63
|
+
metadata: {}
|
|
64
|
+
post_install_message:
|
|
65
|
+
rdoc_options: []
|
|
66
|
+
require_paths:
|
|
67
|
+
- lib
|
|
68
|
+
- lib
|
|
69
|
+
- bin
|
|
70
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
71
|
+
requirements:
|
|
72
|
+
- - ">="
|
|
73
|
+
- !ruby/object:Gem::Version
|
|
74
|
+
version: 2.2.2
|
|
75
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
76
|
+
requirements:
|
|
77
|
+
- - ">="
|
|
78
|
+
- !ruby/object:Gem::Version
|
|
79
|
+
version: '0'
|
|
80
|
+
requirements: []
|
|
81
|
+
rubyforge_project:
|
|
82
|
+
rubygems_version: 2.4.8
|
|
83
|
+
signing_key:
|
|
84
|
+
specification_version: 4
|
|
85
|
+
summary: Secure storage of secrets using Amazon Web Services.
|
|
86
|
+
test_files: []
|