keystore 0.1.5 → 0.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 355dd9875c81c360b58771088065e5a85229a6c5
-  data.tar.gz: 4469db0c0b69b1ce39bef8411ebf5e996d80c428
+  metadata.gz: da19a6a230d3671aa143d16c55314c573d386874
+  data.tar.gz: 12d61dc743529c1e2cd625f8401eef6386734395
 SHA512:
-  metadata.gz: 54afdaae8006c846a93ef7029090c2d970d259779f79a3214d5a77e55c3ba55831bcfbdd16ab381eea3e89ffed72947712d4b7ddfc911328baf23082a56c8290
-  data.tar.gz: 30def5eeca189ffc7e293bb5db075b0f0671a28a3882129454076a6ec9b5548e91d29781bae545cf3a860c1bd13573a07306f4bceadc0d8cce89a0fac02aeae3
+  metadata.gz: e3d0b4b60414a53ac7c951aa0e264ad11f38d7c288761cf9e3b1cc73b28522eeddcc04b97525f2ab561c2e37c3aca400ac1f8d0d5a585fb104ab0ae82bb1d91e
+  data.tar.gz: 04cfc65c6458d52a7d8dce29236c833ea458087bd33cc8330c69eb0c686b31747d24b8506a93b58b26ab8635b61492d7117f63c0ccc4ab1dad8013cd6c991d1a

data/bin/keystore.rb

@@ -24,7 +24,8 @@ cmd_opts =
   when 'store'
     Trollop.options do
       opt :value, 'the value to be inserted into the keystore (required for store)', required: true, type: String
-      opt :kmsid, 'the kms key id to use to encrypt the data (required for store)', required: true, type: String
+      opt :kmsid, 'the kms key id to use to encrypt the data (conditionally required for store)', type: String
+      opt :kmsalias, 'the kms key alias to use to encrypt the data(conditionally required for store)', type: String
       opt :keyname, 'the name of the key associated with the value', required: true, type: String
       opt :table, 'the name of the table to perform the lookup on', required: true, type: String
     end
@@ -39,7 +40,7 @@ cmd_opts =
 
 dynamo = Aws::DynamoDB::Client.new region: global_opts[:region]
 kms = Aws::KMS::Client.new region: global_opts[:region]
-keystore = Keystore.new dynamo: dynamo, table_name: cmd_opts[:table], kms: kms, key_id: cmd_opts[:kmsid]
+keystore = Keystore.new dynamo: dynamo, table_name: cmd_opts[:table], kms: kms, key_id: cmd_opts[:kmsid], key_alias: cmd_opts[:kmsalias]
 
 case cmd
 when 'store'

data/lib/keystore.rb

@@ -1,4 +1,10 @@
 require 'aws-sdk-core'
+begin
+  require 'aws-sdk-dynamodb'
+  require 'aws-sdk-kms'
+rescue LoadError
+  puts 'Unable to load sdk v3 libs'
+end
 require 'base64'
 
 # utility to use AWS services to handle encryption and storage of secret data.
@@ -12,10 +18,11 @@ class Keystore
 
   def store(params)
     # only need key id to encrypt, so check for it here
-    fail 'need to specify key_id parameter' if @options[:key_id].nil?
+    fail 'need to specify key_id or key_alias parameter' if @options[:key_id].nil? and @options[:key_alias].nil?
+    key_id = @options[:key_id] || get_kms_keyid(@options[:key_alias])
 
     value_to_encrypt = params[:value].nil? || params[:value].empty? ? ' ' : params[:value]
-    encrypted_value = @options[:kms].encrypt(key_id: @options[:key_id], plaintext: value_to_encrypt).ciphertext_blob
+    encrypted_value = @options[:kms].encrypt(key_id: key_id, plaintext: value_to_encrypt).ciphertext_blob
     encoded_value = Base64.encode64(encrypted_value)
     @options[:dynamo].put_item(
       table_name: @options[:table_name],
@@ -32,6 +39,15 @@ class Keystore
     result = @options[:kms].decrypt(ciphertext_blob: encrypted_value).plaintext
     result.strip
   end
+
+  private
+  def get_kms_keyid(key_alias)
+    begin
+      @options[:kms].list_aliases.aliases.find { |resp| resp.alias_name == "alias/#{key_alias}" }.target_key_id
+    rescue NoMethodError
+      fail "#{key_alias} is not a valid kms key alias"
+    end
+  end
 end
 
 class KeyStoreError < StandardError

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: keystore
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.6
 platform: ruby
 authors:
 - Jonny Sywulak
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-26 00:00:00.000000000 Z
+date: 2017-09-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk