kms-env 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +7 -0
  2. data/lib/kms-env/railtie.rb +13 -0
  3. data/lib/kms-env.rb +55 -0
  4. metadata +101 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 415d11659a3e85d11bf8d6eed6cb5b3764556598
4
+ data.tar.gz: dcbd97720cd59b41a25856a0057db0b95f79c17a
5
+ SHA512:
6
+ metadata.gz: d9b91d74a84775de8a0ef8cd72928bceb41b2071d39781c4bae8376ebb6a1cd29434b60be9d9774a4bdf3e23e6c3aaee4c36e7617df7f64d236a23b1b98f522a
7
+ data.tar.gz: a3261b3939cd7cc548e4f551fa652a61f924d49917cb6fa1cd3d658cd1168985baf2768daf11820d74cd51363dbe3d0fd61cf92e2ff80abc9bcee917f7d9cce9
@@ -0,0 +1,13 @@
1
+ module KmsEnv
2
+ class Railtie < Rails::Railtie
3
+ config.before_configuration { load }
4
+
5
+ def load
6
+ KmsEnv.load
7
+ end
8
+
9
+ def self.load
10
+ instance.load
11
+ end
12
+ end
13
+ end
data/lib/kms-env.rb ADDED
@@ -0,0 +1,55 @@
1
+ require 'base64'
2
+ require 'aws-sdk'
3
+
4
+ module KmsEnv
5
+
6
+ module_function
7
+
8
+ def logger
9
+ defined?(Rails) ? Rails.logger : Logger.new(STDERR)
10
+ end
11
+
12
+ ###
13
+ # Load decrypted environment variables
14
+ ###
15
+
16
+ def kms
17
+ @kms ||= Aws::KMS::Client.new(region: ENV['AWS_REGION'] || 'us-east-1')
18
+ end
19
+
20
+ def ciphertext_blob_for(text)
21
+ Base64.decode64(text)
22
+ end
23
+
24
+ def kms_decrypt_blob(blob)
25
+ kms.decrypt(ciphertext_blob: blob)
26
+ rescue Exception => e
27
+ self.logger.error("Failed to decrypt #{key} with error #{e.class}")
28
+ if defined?(Honeybadger)
29
+ Honeybadger.notify(e)
30
+ end
31
+ end
32
+
33
+ def plaintext_key_for(key)
34
+ key.gsub(kms_key_matcher, '')
35
+ end
36
+
37
+ def set_decrypted_env_for(key)
38
+ # skip values that have already been decrypted
39
+ return if ENV[plaintext_key_for(key)]
40
+ ENV[plaintext_key_for(key)] = kms_decrypt_blob(ciphertext_blob_for(ENV[key])).first.plaintext
41
+ end
42
+
43
+ def kms_key_matcher
44
+ /_KMS$/
45
+ end
46
+
47
+ def load
48
+ ENV.keys.select {|k| k =~ kms_key_matcher}.each do |key|
49
+ set_decrypted_env_for(key)
50
+ end
51
+ end
52
+
53
+ end
54
+
55
+ require 'kms-env/railtie' if defined?(Rails)
metadata ADDED
@@ -0,0 +1,101 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: kms-env
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.0
5
+ platform: ruby
6
+ authors:
7
+ - Drew Stokes
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2015-04-30 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: aws-sdk
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '3.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '3.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rake
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '10.0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '10.0'
69
+ description: Decrypt environment variables encrypted with Amazon's KMS service
70
+ email: drew.stokes@fullscreen.com
71
+ executables: []
72
+ extensions: []
73
+ extra_rdoc_files: []
74
+ files:
75
+ - lib/kms-env.rb
76
+ - lib/kms-env/railtie.rb
77
+ homepage: https://github.com/fullsceen/kms-env
78
+ licenses:
79
+ - MIT
80
+ metadata: {}
81
+ post_install_message:
82
+ rdoc_options: []
83
+ require_paths:
84
+ - lib
85
+ required_ruby_version: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ required_rubygems_version: !ruby/object:Gem::Requirement
91
+ requirements:
92
+ - - ">="
93
+ - !ruby/object:Gem::Version
94
+ version: '0'
95
+ requirements: []
96
+ rubyforge_project:
97
+ rubygems_version: 2.2.2
98
+ signing_key:
99
+ specification_version: 4
100
+ summary: Environment decryption with KMS
101
+ test_files: []