kms-env 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/lib/kms-env/railtie.rb +13 -0
- data/lib/kms-env.rb +55 -0
- metadata +101 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 415d11659a3e85d11bf8d6eed6cb5b3764556598
|
|
4
|
+
data.tar.gz: dcbd97720cd59b41a25856a0057db0b95f79c17a
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: d9b91d74a84775de8a0ef8cd72928bceb41b2071d39781c4bae8376ebb6a1cd29434b60be9d9774a4bdf3e23e6c3aaee4c36e7617df7f64d236a23b1b98f522a
|
|
7
|
+
data.tar.gz: a3261b3939cd7cc548e4f551fa652a61f924d49917cb6fa1cd3d658cd1168985baf2768daf11820d74cd51363dbe3d0fd61cf92e2ff80abc9bcee917f7d9cce9
|
data/lib/kms-env.rb
ADDED
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
require 'base64'
|
|
2
|
+
require 'aws-sdk'
|
|
3
|
+
|
|
4
|
+
module KmsEnv
|
|
5
|
+
|
|
6
|
+
module_function
|
|
7
|
+
|
|
8
|
+
def logger
|
|
9
|
+
defined?(Rails) ? Rails.logger : Logger.new(STDERR)
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
###
|
|
13
|
+
# Load decrypted environment variables
|
|
14
|
+
###
|
|
15
|
+
|
|
16
|
+
def kms
|
|
17
|
+
@kms ||= Aws::KMS::Client.new(region: ENV['AWS_REGION'] || 'us-east-1')
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def ciphertext_blob_for(text)
|
|
21
|
+
Base64.decode64(text)
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def kms_decrypt_blob(blob)
|
|
25
|
+
kms.decrypt(ciphertext_blob: blob)
|
|
26
|
+
rescue Exception => e
|
|
27
|
+
self.logger.error("Failed to decrypt #{key} with error #{e.class}")
|
|
28
|
+
if defined?(Honeybadger)
|
|
29
|
+
Honeybadger.notify(e)
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def plaintext_key_for(key)
|
|
34
|
+
key.gsub(kms_key_matcher, '')
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def set_decrypted_env_for(key)
|
|
38
|
+
# skip values that have already been decrypted
|
|
39
|
+
return if ENV[plaintext_key_for(key)]
|
|
40
|
+
ENV[plaintext_key_for(key)] = kms_decrypt_blob(ciphertext_blob_for(ENV[key])).first.plaintext
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def kms_key_matcher
|
|
44
|
+
/_KMS$/
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def load
|
|
48
|
+
ENV.keys.select {|k| k =~ kms_key_matcher}.each do |key|
|
|
49
|
+
set_decrypted_env_for(key)
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
require 'kms-env/railtie' if defined?(Rails)
|
metadata
ADDED
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: kms-env
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 1.0.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Drew Stokes
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2015-04-30 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: aws-sdk
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - "~>"
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '2.0'
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - "~>"
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '2.0'
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: bundler
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - "~>"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '1.0'
|
|
34
|
+
type: :development
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - "~>"
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: '1.0'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: rspec
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - "~>"
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '3.0'
|
|
48
|
+
type: :development
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - "~>"
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '3.0'
|
|
55
|
+
- !ruby/object:Gem::Dependency
|
|
56
|
+
name: rake
|
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - "~>"
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: '10.0'
|
|
62
|
+
type: :development
|
|
63
|
+
prerelease: false
|
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
+
requirements:
|
|
66
|
+
- - "~>"
|
|
67
|
+
- !ruby/object:Gem::Version
|
|
68
|
+
version: '10.0'
|
|
69
|
+
description: Decrypt environment variables encrypted with Amazon's KMS service
|
|
70
|
+
email: drew.stokes@fullscreen.com
|
|
71
|
+
executables: []
|
|
72
|
+
extensions: []
|
|
73
|
+
extra_rdoc_files: []
|
|
74
|
+
files:
|
|
75
|
+
- lib/kms-env.rb
|
|
76
|
+
- lib/kms-env/railtie.rb
|
|
77
|
+
homepage: https://github.com/fullsceen/kms-env
|
|
78
|
+
licenses:
|
|
79
|
+
- MIT
|
|
80
|
+
metadata: {}
|
|
81
|
+
post_install_message:
|
|
82
|
+
rdoc_options: []
|
|
83
|
+
require_paths:
|
|
84
|
+
- lib
|
|
85
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - ">="
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: '0'
|
|
90
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
91
|
+
requirements:
|
|
92
|
+
- - ">="
|
|
93
|
+
- !ruby/object:Gem::Version
|
|
94
|
+
version: '0'
|
|
95
|
+
requirements: []
|
|
96
|
+
rubyforge_project:
|
|
97
|
+
rubygems_version: 2.2.2
|
|
98
|
+
signing_key:
|
|
99
|
+
specification_version: 4
|
|
100
|
+
summary: Environment decryption with KMS
|
|
101
|
+
test_files: []
|