keystore 0.1.5 → 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/keystore.rb +3 -2
- data/lib/keystore.rb +18 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: da19a6a230d3671aa143d16c55314c573d386874
|
|
4
|
+
data.tar.gz: 12d61dc743529c1e2cd625f8401eef6386734395
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e3d0b4b60414a53ac7c951aa0e264ad11f38d7c288761cf9e3b1cc73b28522eeddcc04b97525f2ab561c2e37c3aca400ac1f8d0d5a585fb104ab0ae82bb1d91e
|
|
7
|
+
data.tar.gz: 04cfc65c6458d52a7d8dce29236c833ea458087bd33cc8330c69eb0c686b31747d24b8506a93b58b26ab8635b61492d7117f63c0ccc4ab1dad8013cd6c991d1a
|
data/bin/keystore.rb
CHANGED
|
@@ -24,7 +24,8 @@ cmd_opts =
|
|
|
24
24
|
when 'store'
|
|
25
25
|
Trollop.options do
|
|
26
26
|
opt :value, 'the value to be inserted into the keystore (required for store)', required: true, type: String
|
|
27
|
-
opt :kmsid, 'the kms key id to use to encrypt the data (required for store)',
|
|
27
|
+
opt :kmsid, 'the kms key id to use to encrypt the data (conditionally required for store)', type: String
|
|
28
|
+
opt :kmsalias, 'the kms key alias to use to encrypt the data(conditionally required for store)', type: String
|
|
28
29
|
opt :keyname, 'the name of the key associated with the value', required: true, type: String
|
|
29
30
|
opt :table, 'the name of the table to perform the lookup on', required: true, type: String
|
|
30
31
|
end
|
|
@@ -39,7 +40,7 @@ cmd_opts =
|
|
|
39
40
|
|
|
40
41
|
dynamo = Aws::DynamoDB::Client.new region: global_opts[:region]
|
|
41
42
|
kms = Aws::KMS::Client.new region: global_opts[:region]
|
|
42
|
-
keystore = Keystore.new dynamo: dynamo, table_name: cmd_opts[:table], kms: kms, key_id: cmd_opts[:kmsid]
|
|
43
|
+
keystore = Keystore.new dynamo: dynamo, table_name: cmd_opts[:table], kms: kms, key_id: cmd_opts[:kmsid], key_alias: cmd_opts[:kmsalias]
|
|
43
44
|
|
|
44
45
|
case cmd
|
|
45
46
|
when 'store'
|
data/lib/keystore.rb
CHANGED
|
@@ -1,4 +1,10 @@
|
|
|
1
1
|
require 'aws-sdk-core'
|
|
2
|
+
begin
|
|
3
|
+
require 'aws-sdk-dynamodb'
|
|
4
|
+
require 'aws-sdk-kms'
|
|
5
|
+
rescue LoadError
|
|
6
|
+
puts 'Unable to load sdk v3 libs'
|
|
7
|
+
end
|
|
2
8
|
require 'base64'
|
|
3
9
|
|
|
4
10
|
# utility to use AWS services to handle encryption and storage of secret data.
|
|
@@ -12,10 +18,11 @@ class Keystore
|
|
|
12
18
|
|
|
13
19
|
def store(params)
|
|
14
20
|
# only need key id to encrypt, so check for it here
|
|
15
|
-
fail 'need to specify key_id parameter' if @options[:key_id].nil?
|
|
21
|
+
fail 'need to specify key_id or key_alias parameter' if @options[:key_id].nil? and @options[:key_alias].nil?
|
|
22
|
+
key_id = @options[:key_id] || get_kms_keyid(@options[:key_alias])
|
|
16
23
|
|
|
17
24
|
value_to_encrypt = params[:value].nil? || params[:value].empty? ? ' ' : params[:value]
|
|
18
|
-
encrypted_value = @options[:kms].encrypt(key_id:
|
|
25
|
+
encrypted_value = @options[:kms].encrypt(key_id: key_id, plaintext: value_to_encrypt).ciphertext_blob
|
|
19
26
|
encoded_value = Base64.encode64(encrypted_value)
|
|
20
27
|
@options[:dynamo].put_item(
|
|
21
28
|
table_name: @options[:table_name],
|
|
@@ -32,6 +39,15 @@ class Keystore
|
|
|
32
39
|
result = @options[:kms].decrypt(ciphertext_blob: encrypted_value).plaintext
|
|
33
40
|
result.strip
|
|
34
41
|
end
|
|
42
|
+
|
|
43
|
+
private
|
|
44
|
+
def get_kms_keyid(key_alias)
|
|
45
|
+
begin
|
|
46
|
+
@options[:kms].list_aliases.aliases.find { |resp| resp.alias_name == "alias/#{key_alias}" }.target_key_id
|
|
47
|
+
rescue NoMethodError
|
|
48
|
+
fail "#{key_alias} is not a valid kms key alias"
|
|
49
|
+
end
|
|
50
|
+
end
|
|
35
51
|
end
|
|
36
52
|
|
|
37
53
|
class KeyStoreError < StandardError
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: keystore
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jonny Sywulak
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2017-09-21 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: aws-sdk
|