kms-env 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +7 -0
  2. data/lib/kms-env/railtie.rb +13 -0
  3. data/lib/kms-env.rb +55 -0
  4. metadata +101 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 415d11659a3e85d11bf8d6eed6cb5b3764556598
4
+ data.tar.gz: dcbd97720cd59b41a25856a0057db0b95f79c17a
5
+ SHA512:
6
+ metadata.gz: d9b91d74a84775de8a0ef8cd72928bceb41b2071d39781c4bae8376ebb6a1cd29434b60be9d9774a4bdf3e23e6c3aaee4c36e7617df7f64d236a23b1b98f522a
7
+ data.tar.gz: a3261b3939cd7cc548e4f551fa652a61f924d49917cb6fa1cd3d658cd1168985baf2768daf11820d74cd51363dbe3d0fd61cf92e2ff80abc9bcee917f7d9cce9
@@ -0,0 +1,13 @@
1
+ module KmsEnv
2
+ class Railtie < Rails::Railtie
3
+ config.before_configuration { load }
4
+
5
+ def load
6
+ KmsEnv.load
7
+ end
8
+
9
+ def self.load
10
+ instance.load
11
+ end
12
+ end
13
+ end
data/lib/kms-env.rb ADDED
@@ -0,0 +1,55 @@
1
+ require 'base64'
2
+ require 'aws-sdk'
3
+
4
+ module KmsEnv
5
+
6
+ module_function
7
+
8
+ def logger
9
+ defined?(Rails) ? Rails.logger : Logger.new(STDERR)
10
+ end
11
+
12
+ ###
13
+ # Load decrypted environment variables
14
+ ###
15
+
16
+ def kms
17
+ @kms ||= Aws::KMS::Client.new(region: ENV['AWS_REGION'] || 'us-east-1')
18
+ end
19
+
20
+ def ciphertext_blob_for(text)
21
+ Base64.decode64(text)
22
+ end
23
+
24
+ def kms_decrypt_blob(blob)
25
+ kms.decrypt(ciphertext_blob: blob)
26
+ rescue Exception => e
27
+ self.logger.error("Failed to decrypt #{key} with error #{e.class}")
28
+ if defined?(Honeybadger)
29
+ Honeybadger.notify(e)
30
+ end
31
+ end
32
+
33
+ def plaintext_key_for(key)
34
+ key.gsub(kms_key_matcher, '')
35
+ end
36
+
37
+ def set_decrypted_env_for(key)
38
+ # skip values that have already been decrypted
39
+ return if ENV[plaintext_key_for(key)]
40
+ ENV[plaintext_key_for(key)] = kms_decrypt_blob(ciphertext_blob_for(ENV[key])).first.plaintext
41
+ end
42
+
43
+ def kms_key_matcher
44
+ /_KMS$/
45
+ end
46
+
47
+ def load
48
+ ENV.keys.select {|k| k =~ kms_key_matcher}.each do |key|
49
+ set_decrypted_env_for(key)
50
+ end
51
+ end
52
+
53
+ end
54
+
55
+ require 'kms-env/railtie' if defined?(Rails)
metadata ADDED
@@ -0,0 +1,101 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: kms-env
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.0
5
+ platform: ruby
6
+ authors:
7
+ - Drew Stokes
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2015-04-30 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: aws-sdk
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '3.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '3.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rake
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '10.0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '10.0'
69
+ description: Decrypt environment variables encrypted with Amazon's KMS service
70
+ email: drew.stokes@fullscreen.com
71
+ executables: []
72
+ extensions: []
73
+ extra_rdoc_files: []
74
+ files:
75
+ - lib/kms-env.rb
76
+ - lib/kms-env/railtie.rb
77
+ homepage: https://github.com/fullsceen/kms-env
78
+ licenses:
79
+ - MIT
80
+ metadata: {}
81
+ post_install_message:
82
+ rdoc_options: []
83
+ require_paths:
84
+ - lib
85
+ required_ruby_version: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ required_rubygems_version: !ruby/object:Gem::Requirement
91
+ requirements:
92
+ - - ">="
93
+ - !ruby/object:Gem::Version
94
+ version: '0'
95
+ requirements: []
96
+ rubyforge_project:
97
+ rubygems_version: 2.2.2
98
+ signing_key:
99
+ specification_version: 4
100
+ summary: Environment decryption with KMS
101
+ test_files: []