kms-env 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/kms-env/railtie.rb +13 -0
- data/lib/kms-env.rb +55 -0
- metadata +101 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 415d11659a3e85d11bf8d6eed6cb5b3764556598
|
|
4
|
+
data.tar.gz: dcbd97720cd59b41a25856a0057db0b95f79c17a
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: d9b91d74a84775de8a0ef8cd72928bceb41b2071d39781c4bae8376ebb6a1cd29434b60be9d9774a4bdf3e23e6c3aaee4c36e7617df7f64d236a23b1b98f522a
|
|
7
|
+
data.tar.gz: a3261b3939cd7cc548e4f551fa652a61f924d49917cb6fa1cd3d658cd1168985baf2768daf11820d74cd51363dbe3d0fd61cf92e2ff80abc9bcee917f7d9cce9
|
data/lib/kms-env.rb
ADDED
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
require 'base64'
|
|
2
|
+
require 'aws-sdk'
|
|
3
|
+
|
|
4
|
+
module KmsEnv
|
|
5
|
+
|
|
6
|
+
module_function
|
|
7
|
+
|
|
8
|
+
def logger
|
|
9
|
+
defined?(Rails) ? Rails.logger : Logger.new(STDERR)
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
###
|
|
13
|
+
# Load decrypted environment variables
|
|
14
|
+
###
|
|
15
|
+
|
|
16
|
+
def kms
|
|
17
|
+
@kms ||= Aws::KMS::Client.new(region: ENV['AWS_REGION'] || 'us-east-1')
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def ciphertext_blob_for(text)
|
|
21
|
+
Base64.decode64(text)
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def kms_decrypt_blob(blob)
|
|
25
|
+
kms.decrypt(ciphertext_blob: blob)
|
|
26
|
+
rescue Exception => e
|
|
27
|
+
self.logger.error("Failed to decrypt #{key} with error #{e.class}")
|
|
28
|
+
if defined?(Honeybadger)
|
|
29
|
+
Honeybadger.notify(e)
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def plaintext_key_for(key)
|
|
34
|
+
key.gsub(kms_key_matcher, '')
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def set_decrypted_env_for(key)
|
|
38
|
+
# skip values that have already been decrypted
|
|
39
|
+
return if ENV[plaintext_key_for(key)]
|
|
40
|
+
ENV[plaintext_key_for(key)] = kms_decrypt_blob(ciphertext_blob_for(ENV[key])).first.plaintext
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def kms_key_matcher
|
|
44
|
+
/_KMS$/
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def load
|
|
48
|
+
ENV.keys.select {|k| k =~ kms_key_matcher}.each do |key|
|
|
49
|
+
set_decrypted_env_for(key)
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
require 'kms-env/railtie' if defined?(Rails)
|
metadata
ADDED
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: kms-env
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 1.0.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Drew Stokes
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2015-04-30 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: aws-sdk
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - "~>"
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '2.0'
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - "~>"
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '2.0'
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: bundler
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - "~>"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '1.0'
|
|
34
|
+
type: :development
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - "~>"
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: '1.0'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: rspec
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - "~>"
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '3.0'
|
|
48
|
+
type: :development
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - "~>"
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '3.0'
|
|
55
|
+
- !ruby/object:Gem::Dependency
|
|
56
|
+
name: rake
|
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - "~>"
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: '10.0'
|
|
62
|
+
type: :development
|
|
63
|
+
prerelease: false
|
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
+
requirements:
|
|
66
|
+
- - "~>"
|
|
67
|
+
- !ruby/object:Gem::Version
|
|
68
|
+
version: '10.0'
|
|
69
|
+
description: Decrypt environment variables encrypted with Amazon's KMS service
|
|
70
|
+
email: drew.stokes@fullscreen.com
|
|
71
|
+
executables: []
|
|
72
|
+
extensions: []
|
|
73
|
+
extra_rdoc_files: []
|
|
74
|
+
files:
|
|
75
|
+
- lib/kms-env.rb
|
|
76
|
+
- lib/kms-env/railtie.rb
|
|
77
|
+
homepage: https://github.com/fullsceen/kms-env
|
|
78
|
+
licenses:
|
|
79
|
+
- MIT
|
|
80
|
+
metadata: {}
|
|
81
|
+
post_install_message:
|
|
82
|
+
rdoc_options: []
|
|
83
|
+
require_paths:
|
|
84
|
+
- lib
|
|
85
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - ">="
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: '0'
|
|
90
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
91
|
+
requirements:
|
|
92
|
+
- - ">="
|
|
93
|
+
- !ruby/object:Gem::Version
|
|
94
|
+
version: '0'
|
|
95
|
+
requirements: []
|
|
96
|
+
rubyforge_project:
|
|
97
|
+
rubygems_version: 2.2.2
|
|
98
|
+
signing_key:
|
|
99
|
+
specification_version: 4
|
|
100
|
+
summary: Environment decryption with KMS
|
|
101
|
+
test_files: []
|