keystore 0.1.5 → 0.1.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/bin/keystore.rb +3 -2
  3. data/lib/keystore.rb +18 -2
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 355dd9875c81c360b58771088065e5a85229a6c5
4
- data.tar.gz: 4469db0c0b69b1ce39bef8411ebf5e996d80c428
3
+ metadata.gz: da19a6a230d3671aa143d16c55314c573d386874
4
+ data.tar.gz: 12d61dc743529c1e2cd625f8401eef6386734395
5
5
  SHA512:
6
- metadata.gz: 54afdaae8006c846a93ef7029090c2d970d259779f79a3214d5a77e55c3ba55831bcfbdd16ab381eea3e89ffed72947712d4b7ddfc911328baf23082a56c8290
7
- data.tar.gz: 30def5eeca189ffc7e293bb5db075b0f0671a28a3882129454076a6ec9b5548e91d29781bae545cf3a860c1bd13573a07306f4bceadc0d8cce89a0fac02aeae3
6
+ metadata.gz: e3d0b4b60414a53ac7c951aa0e264ad11f38d7c288761cf9e3b1cc73b28522eeddcc04b97525f2ab561c2e37c3aca400ac1f8d0d5a585fb104ab0ae82bb1d91e
7
+ data.tar.gz: 04cfc65c6458d52a7d8dce29236c833ea458087bd33cc8330c69eb0c686b31747d24b8506a93b58b26ab8635b61492d7117f63c0ccc4ab1dad8013cd6c991d1a
@@ -24,7 +24,8 @@ cmd_opts =
24
24
  when 'store'
25
25
  Trollop.options do
26
26
  opt :value, 'the value to be inserted into the keystore (required for store)', required: true, type: String
27
- opt :kmsid, 'the kms key id to use to encrypt the data (required for store)', required: true, type: String
27
+ opt :kmsid, 'the kms key id to use to encrypt the data (conditionally required for store)', type: String
28
+ opt :kmsalias, 'the kms key alias to use to encrypt the data(conditionally required for store)', type: String
28
29
  opt :keyname, 'the name of the key associated with the value', required: true, type: String
29
30
  opt :table, 'the name of the table to perform the lookup on', required: true, type: String
30
31
  end
@@ -39,7 +40,7 @@ cmd_opts =
39
40
 
40
41
  dynamo = Aws::DynamoDB::Client.new region: global_opts[:region]
41
42
  kms = Aws::KMS::Client.new region: global_opts[:region]
42
- keystore = Keystore.new dynamo: dynamo, table_name: cmd_opts[:table], kms: kms, key_id: cmd_opts[:kmsid]
43
+ keystore = Keystore.new dynamo: dynamo, table_name: cmd_opts[:table], kms: kms, key_id: cmd_opts[:kmsid], key_alias: cmd_opts[:kmsalias]
43
44
 
44
45
  case cmd
45
46
  when 'store'
@@ -1,4 +1,10 @@
1
1
  require 'aws-sdk-core'
2
+ begin
3
+ require 'aws-sdk-dynamodb'
4
+ require 'aws-sdk-kms'
5
+ rescue LoadError
6
+ puts 'Unable to load sdk v3 libs'
7
+ end
2
8
  require 'base64'
3
9
 
4
10
  # utility to use AWS services to handle encryption and storage of secret data.
@@ -12,10 +18,11 @@ class Keystore
12
18
 
13
19
  def store(params)
14
20
  # only need key id to encrypt, so check for it here
15
- fail 'need to specify key_id parameter' if @options[:key_id].nil?
21
+ fail 'need to specify key_id or key_alias parameter' if @options[:key_id].nil? and @options[:key_alias].nil?
22
+ key_id = @options[:key_id] || get_kms_keyid(@options[:key_alias])
16
23
 
17
24
  value_to_encrypt = params[:value].nil? || params[:value].empty? ? ' ' : params[:value]
18
- encrypted_value = @options[:kms].encrypt(key_id: @options[:key_id], plaintext: value_to_encrypt).ciphertext_blob
25
+ encrypted_value = @options[:kms].encrypt(key_id: key_id, plaintext: value_to_encrypt).ciphertext_blob
19
26
  encoded_value = Base64.encode64(encrypted_value)
20
27
  @options[:dynamo].put_item(
21
28
  table_name: @options[:table_name],
@@ -32,6 +39,15 @@ class Keystore
32
39
  result = @options[:kms].decrypt(ciphertext_blob: encrypted_value).plaintext
33
40
  result.strip
34
41
  end
42
+
43
+ private
44
+ def get_kms_keyid(key_alias)
45
+ begin
46
+ @options[:kms].list_aliases.aliases.find { |resp| resp.alias_name == "alias/#{key_alias}" }.target_key_id
47
+ rescue NoMethodError
48
+ fail "#{key_alias} is not a valid kms key alias"
49
+ end
50
+ end
35
51
  end
36
52
 
37
53
  class KeyStoreError < StandardError
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: keystore
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.5
4
+ version: 0.1.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonny Sywulak
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2016-02-26 00:00:00.000000000 Z
12
+ date: 2017-09-21 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: aws-sdk