keystore 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/keystore.rb +4 -9
- data/lib/keystore.rb +16 -19
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5f2f6983405d0159bfea23415bd5aa884067cc219b67b344c0cec518217f418a
|
|
4
|
+
data.tar.gz: fa2d246842fecf8d6a1fbf6e163d022744eb301e9f4e4d38ac2e39aaf69d664d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 52040672b72c3e109b316f71de6174b8c5a14cc4c91953bde4a85fa434978bc0d115a157cfc945b898c1abcf1c960cbba1b07c61cccf41fad17a3d6854b6aca1
|
|
7
|
+
data.tar.gz: 1a172656fc5771eff7f5df0f431c9060d5cff9a98256ff640acae56758e5a34e17cb7520dd1acb61869f0f563d93fc2bcbdaaf1454c34431c0976c508a2cbddc
|
data/bin/keystore.rb
CHANGED
|
@@ -1,16 +1,11 @@
|
|
|
1
1
|
#!/usr/bin/env ruby
|
|
2
2
|
|
|
3
3
|
require 'keystore'
|
|
4
|
-
require 'aws-sdk-core'
|
|
5
4
|
require 'trollop'
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
require 'aws-sdk-kms'
|
|
9
|
-
rescue LoadError
|
|
10
|
-
nil
|
|
11
|
-
end
|
|
5
|
+
require 'aws-sdk-dynamodb'
|
|
6
|
+
require 'aws-sdk-kms'
|
|
12
7
|
|
|
13
|
-
SUB_COMMANDS = %w
|
|
8
|
+
SUB_COMMANDS = %w[store retrieve].freeze
|
|
14
9
|
global_opts = Trollop.options do
|
|
15
10
|
opt :region, 'The region to look for the dynamodb in', default: 'us-east-1'
|
|
16
11
|
banner 'utility for storing and retrieving encrypted values
|
|
@@ -55,5 +50,5 @@ when 'retrieve'
|
|
|
55
50
|
result = keystore.retrieve key: cmd_opts[:keyname]
|
|
56
51
|
puts result
|
|
57
52
|
else
|
|
58
|
-
|
|
53
|
+
raise "unknown subcommand #{cmd}"
|
|
59
54
|
end
|
data/lib/keystore.rb
CHANGED
|
@@ -1,24 +1,20 @@
|
|
|
1
|
-
require 'aws-sdk-
|
|
2
|
-
|
|
3
|
-
require 'aws-sdk-dynamodb'
|
|
4
|
-
require 'aws-sdk-kms'
|
|
5
|
-
rescue LoadError
|
|
6
|
-
nil
|
|
7
|
-
end
|
|
1
|
+
require 'aws-sdk-dynamodb'
|
|
2
|
+
require 'aws-sdk-kms'
|
|
8
3
|
require 'base64'
|
|
9
4
|
|
|
10
|
-
#
|
|
5
|
+
# rubocop:disable Metrics/AbcSize
|
|
11
6
|
class Keystore
|
|
12
7
|
def initialize(params = {})
|
|
13
8
|
@options = params
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
9
|
+
raise 'need to specify dynamo parameter' if @options[:dynamo].nil?
|
|
10
|
+
raise 'need to specify table_name parameter' if @options[:table_name].nil?
|
|
11
|
+
raise 'need to specify kms parameter' if @options[:kms].nil?
|
|
17
12
|
end
|
|
18
13
|
|
|
19
14
|
def store(params)
|
|
20
15
|
# only need key id to encrypt, so check for it here
|
|
21
|
-
|
|
16
|
+
raise 'need to specify key_id or key_alias parameter' if @options[:key_id].nil? && @options[:key_alias].nil?
|
|
17
|
+
|
|
22
18
|
key_id = @options[:key_id] || get_kms_keyid(@options[:key_alias])
|
|
23
19
|
|
|
24
20
|
value_to_encrypt = params[:value].nil? || params[:value].empty? ? ' ' : params[:value]
|
|
@@ -32,8 +28,9 @@ class Keystore
|
|
|
32
28
|
|
|
33
29
|
def retrieve(params)
|
|
34
30
|
item = @options[:dynamo].get_item(table_name: @options[:table_name], key: { ParameterName: params[:key] }).item
|
|
35
|
-
|
|
36
|
-
|
|
31
|
+
raise KeyNotFoundError.new, "keyname #{params[:key]} not found" if item.nil?
|
|
32
|
+
raise KeyNotFoundError.new, "keyname #{params[:key]} not found" if item['Value'].nil?
|
|
33
|
+
|
|
37
34
|
encoded_value = item['Value']
|
|
38
35
|
encrypted_value = Base64.decode64(encoded_value)
|
|
39
36
|
result = @options[:kms].decrypt(ciphertext_blob: encrypted_value).plaintext
|
|
@@ -41,14 +38,14 @@ class Keystore
|
|
|
41
38
|
end
|
|
42
39
|
|
|
43
40
|
private
|
|
41
|
+
|
|
44
42
|
def get_kms_keyid(key_alias)
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
fail "#{key_alias} is not a valid kms key alias"
|
|
49
|
-
end
|
|
43
|
+
@options[:kms].list_aliases.aliases.find { |resp| resp.alias_name == "alias/#{key_alias}" }.target_key_id
|
|
44
|
+
rescue NoMethodError
|
|
45
|
+
raise "#{key_alias} is not a valid kms key alias"
|
|
50
46
|
end
|
|
51
47
|
end
|
|
48
|
+
# rubocop:enable Metrics/AbcSize
|
|
52
49
|
|
|
53
50
|
class KeyStoreError < StandardError
|
|
54
51
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: keystore
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jonny Sywulak
|
|
@@ -9,24 +9,24 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2018-
|
|
12
|
+
date: 2018-12-11 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
|
-
name: aws-sdk
|
|
15
|
+
name: aws-sdk-dynamodb
|
|
16
16
|
requirement: !ruby/object:Gem::Requirement
|
|
17
17
|
requirements:
|
|
18
18
|
- - ">="
|
|
19
19
|
- !ruby/object:Gem::Version
|
|
20
|
-
version: '
|
|
20
|
+
version: '0'
|
|
21
21
|
type: :runtime
|
|
22
22
|
prerelease: false
|
|
23
23
|
version_requirements: !ruby/object:Gem::Requirement
|
|
24
24
|
requirements:
|
|
25
25
|
- - ">="
|
|
26
26
|
- !ruby/object:Gem::Version
|
|
27
|
-
version: '
|
|
27
|
+
version: '0'
|
|
28
28
|
- !ruby/object:Gem::Dependency
|
|
29
|
-
name: aws-sdk-
|
|
29
|
+
name: aws-sdk-kms
|
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
|
31
31
|
requirements:
|
|
32
32
|
- - ">="
|
|
@@ -121,7 +121,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
121
121
|
requirements:
|
|
122
122
|
- - ">="
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: '2.
|
|
124
|
+
version: '2.5'
|
|
125
125
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
126
126
|
requirements:
|
|
127
127
|
- - ">="
|