knife-crypt 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +17 -0
- data/.rvmrc +52 -0
- data/.travis.yml +5 -0
- data/Gemfile +12 -0
- data/Guardfile +12 -0
- data/LICENSE +22 -0
- data/README.md +53 -0
- data/Rakefile +9 -0
- data/cucumber.yml +1 -0
- data/features/decrypt.feature +38 -0
- data/features/encrypt.feature +38 -0
- data/features/step_definitions/knife_config_steps.rb +19 -0
- data/features/support/env.rb +2 -0
- data/knife-crypt.gemspec +24 -0
- data/lib/chef/knife/decrypt.rb +16 -0
- data/lib/chef/knife/encrypt.rb +16 -0
- data/lib/knife-crypt/version.rb +5 -0
- metadata +152 -0
data/.gitignore
ADDED
data/.rvmrc
ADDED
@@ -0,0 +1,52 @@
|
|
1
|
+
#!/usr/bin/env bash
|
2
|
+
|
3
|
+
# This is an RVM Project .rvmrc file, used to automatically load the ruby
|
4
|
+
# development environment upon cd'ing into the directory
|
5
|
+
|
6
|
+
# First we specify our desired <ruby>[@<gemset>], the @gemset name is optional,
|
7
|
+
# Only full ruby name is supported here, for short names use:
|
8
|
+
# echo "rvm use 1.9.3" > .rvmrc
|
9
|
+
environment_id="ruby-1.9.3@knife-crypt"
|
10
|
+
|
11
|
+
# Uncomment the following lines if you want to verify rvm version per project
|
12
|
+
# rvmrc_rvm_version="1.12.2 (stable)" # 1.10.1 seams as a safe start
|
13
|
+
# eval "$(echo ${rvm_version}.${rvmrc_rvm_version} | awk -F. '{print "[[ "$1*65536+$2*256+$3" -ge "$4*65536+$5*256+$6" ]]"}' )" || {
|
14
|
+
# echo "This .rvmrc file requires at least RVM ${rvmrc_rvm_version}, aborting loading."
|
15
|
+
# return 1
|
16
|
+
# }
|
17
|
+
|
18
|
+
# First we attempt to load the desired environment directly from the environment
|
19
|
+
# file. This is very fast and efficient compared to running through the entire
|
20
|
+
# CLI and selector. If you want feedback on which environment was used then
|
21
|
+
# insert the word 'use' after --create as this triggers verbose mode.
|
22
|
+
if [[ -d "${rvm_path:-$HOME/.rvm}/environments"
|
23
|
+
&& -s "${rvm_path:-$HOME/.rvm}/environments/$environment_id" ]]
|
24
|
+
then
|
25
|
+
\. "${rvm_path:-$HOME/.rvm}/environments/$environment_id"
|
26
|
+
[[ -s "${rvm_path:-$HOME/.rvm}/hooks/after_use" ]] &&
|
27
|
+
\. "${rvm_path:-$HOME/.rvm}/hooks/after_use" || true
|
28
|
+
if [[ $- == *i* ]] # check for interactive shells
|
29
|
+
then echo "Using: $(tput setaf 2)$GEM_HOME$(tput sgr0)" # show the user the ruby and gemset they are using in green
|
30
|
+
else echo "Using: $GEM_HOME" # don't use colors in non-interactive shells
|
31
|
+
fi
|
32
|
+
else
|
33
|
+
# If the environment file has not yet been created, use the RVM CLI to select.
|
34
|
+
rvm --create use "$environment_id" || {
|
35
|
+
echo "Failed to create RVM environment '${environment_id}'."
|
36
|
+
return 1
|
37
|
+
}
|
38
|
+
fi
|
39
|
+
|
40
|
+
# If you use bundler, this might be useful to you:
|
41
|
+
# if [[ -s Gemfile ]] && {
|
42
|
+
# ! builtin command -v bundle >/dev/null ||
|
43
|
+
# builtin command -v bundle | grep $rvm_path/bin/bundle >/dev/null
|
44
|
+
# }
|
45
|
+
# then
|
46
|
+
# printf "%b" "The rubygem 'bundler' is not installed. Installing it now.\n"
|
47
|
+
# gem install bundler
|
48
|
+
# fi
|
49
|
+
# if [[ -s Gemfile ]] && builtin command -v bundle >/dev/null
|
50
|
+
# then
|
51
|
+
# bundle install | grep -vE '^Using|Your bundle is complete'
|
52
|
+
# fi
|
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/Guardfile
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
guard 'bundler' do
|
2
|
+
watch('Gemfile')
|
3
|
+
watch(/^.+\.gemspec/)
|
4
|
+
end
|
5
|
+
|
6
|
+
guard 'cucumber', :cli => "--format pretty" do
|
7
|
+
watch(%r{^features/.+\.feature$})
|
8
|
+
watch(%r{^features/support/.+$}) { 'features' }
|
9
|
+
watch(%r{^features/step_definitions/(.+)_steps\.rb$}) { |m| Dir[File.join("**/#{m[1]}.feature")][0] || 'features' }
|
10
|
+
|
11
|
+
watch(%r{^lib/chef/knife/(.+)\.rb}) { |m| "features/#{m[1]}.feature" }
|
12
|
+
end
|
data/LICENSE
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2012 Chris Griego
|
2
|
+
|
3
|
+
MIT License
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,53 @@
|
|
1
|
+
# Knife::Crypt
|
2
|
+
|
3
|
+
[![Build History][2]][1] [![Dependency Status][4]][3]
|
4
|
+
|
5
|
+
Commands for Chef's Knife Command to Encrypt and Decrypt Data
|
6
|
+
|
7
|
+
The `encrypt` and `decrypt` knife commands uses the configured data
|
8
|
+
bag secret to encrypt and decrypt data at the command line.
|
9
|
+
|
10
|
+
[1]: http://travis-ci.org/cgriego/knife-crypt
|
11
|
+
[2]: https://secure.travis-ci.org/cgriego/knife-crypt.png?branch=master
|
12
|
+
[3]: https://gemnasium.com/cgriego/knife-crypt
|
13
|
+
[4]: https://gemnasium.com/cgriego/knife-crypt.png
|
14
|
+
|
15
|
+
## Installation
|
16
|
+
|
17
|
+
This plugin is distributed as a Ruby Gem. To install it, run:
|
18
|
+
|
19
|
+
$ gem install knife-crypt
|
20
|
+
|
21
|
+
## Usage
|
22
|
+
|
23
|
+
Encrypt a string
|
24
|
+
|
25
|
+
$ knife encrypt '"foo"'
|
26
|
+
|
27
|
+
Encrypt an array
|
28
|
+
|
29
|
+
$ knife encrypt '["foo", "bar"]'
|
30
|
+
|
31
|
+
Encrypt a hash
|
32
|
+
|
33
|
+
$ knife encrypt '{"foo"=>{"bar"=>"baz"}}'
|
34
|
+
|
35
|
+
Decrypt to a string
|
36
|
+
|
37
|
+
$ knife decrypt e4ibEHAinGltDjYNQPV4rw==
|
38
|
+
|
39
|
+
Decrypt to an array
|
40
|
+
|
41
|
+
$ knife decrypt 7wrizj9MAjmSVWWq69DUql0hNHFv7Hp/1tnQ/NJuD08=
|
42
|
+
|
43
|
+
Decrypt to a hash
|
44
|
+
|
45
|
+
$ knife decrypt nsXFeAANrmnBNu+QPfOHZFB5szSRA+Ezu94fmrJnNhk=
|
46
|
+
|
47
|
+
## Contributing
|
48
|
+
|
49
|
+
1. Fork it
|
50
|
+
2. Create your feature branch (`git checkout -b my-new-feature`)
|
51
|
+
3. Commit your changes (`git commit -am 'Added some feature'`)
|
52
|
+
4. Push to the branch (`git push origin my-new-feature`)
|
53
|
+
5. Create new Pull Request
|
data/Rakefile
ADDED
data/cucumber.yml
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
default: --strict
|
@@ -0,0 +1,38 @@
|
|
1
|
+
Feature: knife decrypt
|
2
|
+
In order to efficiently work with encrypted values
|
3
|
+
As a knife user
|
4
|
+
I want to decrypt encrypted values
|
5
|
+
|
6
|
+
Scenario: Command List
|
7
|
+
When I run `knife`
|
8
|
+
Then the output should contain:
|
9
|
+
"""
|
10
|
+
knife decrypt DATA (options)
|
11
|
+
"""
|
12
|
+
|
13
|
+
Scenario: Decrypting a String
|
14
|
+
Given a knife configuration with en encrypted data bag secret "my secret"
|
15
|
+
When I successfully run `knife decrypt e4ibEHAinGltDjYNQPV4rw==`
|
16
|
+
Then the stdout should contain exactly:
|
17
|
+
"""
|
18
|
+
"foo"
|
19
|
+
|
20
|
+
"""
|
21
|
+
|
22
|
+
Scenario: Decrypting an Array
|
23
|
+
Given a knife configuration with en encrypted data bag secret "my secret"
|
24
|
+
When I successfully run `knife decrypt 7wrizj9MAjmSVWWq69DUql0hNHFv7Hp/1tnQ/NJuD08=`
|
25
|
+
Then the stdout should contain exactly:
|
26
|
+
"""
|
27
|
+
["foo", "bar"]
|
28
|
+
|
29
|
+
"""
|
30
|
+
|
31
|
+
Scenario: Decrypting a Hash
|
32
|
+
Given a knife configuration with en encrypted data bag secret "my secret"
|
33
|
+
When I successfully run `knife decrypt nsXFeAANrmnBNu+QPfOHZFB5szSRA+Ezu94fmrJnNhk=`
|
34
|
+
Then the stdout should contain exactly:
|
35
|
+
"""
|
36
|
+
{"foo"=>{"bar"=>"baz"}}
|
37
|
+
|
38
|
+
"""
|
@@ -0,0 +1,38 @@
|
|
1
|
+
Feature: knife encrypt
|
2
|
+
In order to efficiently work with encrypted values
|
3
|
+
As a knife user
|
4
|
+
I want to encrypt values
|
5
|
+
|
6
|
+
Scenario: Command List
|
7
|
+
When I run `knife`
|
8
|
+
Then the output should contain:
|
9
|
+
"""
|
10
|
+
knife encrypt DATA (options)
|
11
|
+
"""
|
12
|
+
|
13
|
+
Scenario: Encrypting a String
|
14
|
+
Given a knife configuration with en encrypted data bag secret "my secret"
|
15
|
+
When I successfully run `knife encrypt '"foo"'`
|
16
|
+
Then the stdout should contain exactly:
|
17
|
+
"""
|
18
|
+
e4ibEHAinGltDjYNQPV4rw==
|
19
|
+
|
20
|
+
"""
|
21
|
+
|
22
|
+
Scenario: Encrypting an Array
|
23
|
+
Given a knife configuration with en encrypted data bag secret "my secret"
|
24
|
+
When I successfully run `knife encrypt '["foo", "bar"]'`
|
25
|
+
Then the stdout should contain exactly:
|
26
|
+
"""
|
27
|
+
7wrizj9MAjmSVWWq69DUql0hNHFv7Hp/1tnQ/NJuD08=
|
28
|
+
|
29
|
+
"""
|
30
|
+
|
31
|
+
Scenario: Encrypting a Hash
|
32
|
+
Given a knife configuration with en encrypted data bag secret "my secret"
|
33
|
+
When I successfully run `knife encrypt '{"foo"=>{"bar"=>"baz"}}'`
|
34
|
+
Then the stdout should contain exactly:
|
35
|
+
"""
|
36
|
+
nsXFeAANrmnBNu+QPfOHZFB5szSRA+Ezu94fmrJnNhk=
|
37
|
+
|
38
|
+
"""
|
@@ -0,0 +1,19 @@
|
|
1
|
+
Given /^a knife configuration with en encrypted data bag secret "(.*?)"$/ do |encrypted_data_bag_secret|
|
2
|
+
write_file ".chef/encrypted_data_bag_secret", encrypted_data_bag_secret
|
3
|
+
|
4
|
+
write_file ".chef/knife.rb", <<-EOF
|
5
|
+
log_level :info
|
6
|
+
log_location STDOUT
|
7
|
+
node_name ENV['USER']
|
8
|
+
client_key "\#{ENV['HOME']}/.chef/\#{ENV['USER']}.pem"
|
9
|
+
validation_client_name "chef-validator"
|
10
|
+
validation_key "\#{ENV['HOME']}/.chef/chef-validator.pem"
|
11
|
+
chef_server_url "https://localhost:4000"
|
12
|
+
cache_type 'BasicFile'
|
13
|
+
cache_options :path => "\#{ENV['HOME']}/.chef/checksums"
|
14
|
+
|
15
|
+
current_dir = File.dirname(__FILE__)
|
16
|
+
cookbook_path ["\#{current_dir}/cookbooks"]
|
17
|
+
encrypted_data_bag_secret "\#{current_dir}/encrypted_data_bag_secret"
|
18
|
+
EOF
|
19
|
+
end
|
data/knife-crypt.gemspec
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
require File.expand_path('../lib/knife-crypt/version', __FILE__)
|
3
|
+
|
4
|
+
Gem::Specification.new do |gem|
|
5
|
+
gem.authors = ["Chris Griego"]
|
6
|
+
gem.email = ["cgriego@gmail.com"]
|
7
|
+
gem.description = %q{Commands for Chef's Knife Command to Encrypt and Decrypt Data}
|
8
|
+
gem.summary = gem.description
|
9
|
+
gem.homepage = "https://github.com/cgriego/knife-crypt"
|
10
|
+
|
11
|
+
gem.files = `git ls-files`.split($\)
|
12
|
+
gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
|
13
|
+
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
14
|
+
gem.name = "knife-crypt"
|
15
|
+
gem.require_paths = ["lib"]
|
16
|
+
gem.version = Knife::Crypt::VERSION
|
17
|
+
|
18
|
+
gem.add_runtime_dependency "chef", "~> 0.10.8"
|
19
|
+
|
20
|
+
gem.add_development_dependency "aruba", "~> 0.4.11"
|
21
|
+
gem.add_development_dependency "bundler", "~> 1.0"
|
22
|
+
gem.add_development_dependency "cucumber", "~> 1.2.0"
|
23
|
+
gem.add_development_dependency "rake", "~> 0.9.0"
|
24
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
require "chef/knife"
|
2
|
+
|
3
|
+
class Chef
|
4
|
+
class Knife
|
5
|
+
class Decrypt < Knife
|
6
|
+
banner "knife decrypt DATA (options)"
|
7
|
+
|
8
|
+
def run
|
9
|
+
encrypted_value = @name_args[0]
|
10
|
+
secret = Chef::EncryptedDataBagItem.load_secret
|
11
|
+
decrypted_value = Chef::EncryptedDataBagItem.decrypt_value encrypted_value, secret
|
12
|
+
puts decrypted_value.inspect
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
require "chef/knife"
|
2
|
+
|
3
|
+
class Chef
|
4
|
+
class Knife
|
5
|
+
class Encrypt < Knife
|
6
|
+
banner "knife encrypt DATA (options)"
|
7
|
+
|
8
|
+
def run
|
9
|
+
decrypted_value = eval @name_args[0]
|
10
|
+
secret = Chef::EncryptedDataBagItem.load_secret
|
11
|
+
encrypted_value = Chef::EncryptedDataBagItem.encrypt_value decrypted_value, secret
|
12
|
+
puts encrypted_value
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
metadata
ADDED
@@ -0,0 +1,152 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: knife-crypt
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Chris Griego
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2012-06-03 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: chef
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ~>
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: 0.10.8
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
26
|
+
requirements:
|
27
|
+
- - ~>
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: 0.10.8
|
30
|
+
- !ruby/object:Gem::Dependency
|
31
|
+
name: aruba
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
33
|
+
none: false
|
34
|
+
requirements:
|
35
|
+
- - ~>
|
36
|
+
- !ruby/object:Gem::Version
|
37
|
+
version: 0.4.11
|
38
|
+
type: :development
|
39
|
+
prerelease: false
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
42
|
+
requirements:
|
43
|
+
- - ~>
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
version: 0.4.11
|
46
|
+
- !ruby/object:Gem::Dependency
|
47
|
+
name: bundler
|
48
|
+
requirement: !ruby/object:Gem::Requirement
|
49
|
+
none: false
|
50
|
+
requirements:
|
51
|
+
- - ~>
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: '1.0'
|
54
|
+
type: :development
|
55
|
+
prerelease: false
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
none: false
|
58
|
+
requirements:
|
59
|
+
- - ~>
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '1.0'
|
62
|
+
- !ruby/object:Gem::Dependency
|
63
|
+
name: cucumber
|
64
|
+
requirement: !ruby/object:Gem::Requirement
|
65
|
+
none: false
|
66
|
+
requirements:
|
67
|
+
- - ~>
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: 1.2.0
|
70
|
+
type: :development
|
71
|
+
prerelease: false
|
72
|
+
version_requirements: !ruby/object:Gem::Requirement
|
73
|
+
none: false
|
74
|
+
requirements:
|
75
|
+
- - ~>
|
76
|
+
- !ruby/object:Gem::Version
|
77
|
+
version: 1.2.0
|
78
|
+
- !ruby/object:Gem::Dependency
|
79
|
+
name: rake
|
80
|
+
requirement: !ruby/object:Gem::Requirement
|
81
|
+
none: false
|
82
|
+
requirements:
|
83
|
+
- - ~>
|
84
|
+
- !ruby/object:Gem::Version
|
85
|
+
version: 0.9.0
|
86
|
+
type: :development
|
87
|
+
prerelease: false
|
88
|
+
version_requirements: !ruby/object:Gem::Requirement
|
89
|
+
none: false
|
90
|
+
requirements:
|
91
|
+
- - ~>
|
92
|
+
- !ruby/object:Gem::Version
|
93
|
+
version: 0.9.0
|
94
|
+
description: Commands for Chef's Knife Command to Encrypt and Decrypt Data
|
95
|
+
email:
|
96
|
+
- cgriego@gmail.com
|
97
|
+
executables: []
|
98
|
+
extensions: []
|
99
|
+
extra_rdoc_files: []
|
100
|
+
files:
|
101
|
+
- .gitignore
|
102
|
+
- .rvmrc
|
103
|
+
- .travis.yml
|
104
|
+
- Gemfile
|
105
|
+
- Guardfile
|
106
|
+
- LICENSE
|
107
|
+
- README.md
|
108
|
+
- Rakefile
|
109
|
+
- cucumber.yml
|
110
|
+
- features/decrypt.feature
|
111
|
+
- features/encrypt.feature
|
112
|
+
- features/step_definitions/knife_config_steps.rb
|
113
|
+
- features/support/env.rb
|
114
|
+
- knife-crypt.gemspec
|
115
|
+
- lib/chef/knife/decrypt.rb
|
116
|
+
- lib/chef/knife/encrypt.rb
|
117
|
+
- lib/knife-crypt/version.rb
|
118
|
+
homepage: https://github.com/cgriego/knife-crypt
|
119
|
+
licenses: []
|
120
|
+
post_install_message:
|
121
|
+
rdoc_options: []
|
122
|
+
require_paths:
|
123
|
+
- lib
|
124
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
125
|
+
none: false
|
126
|
+
requirements:
|
127
|
+
- - ! '>='
|
128
|
+
- !ruby/object:Gem::Version
|
129
|
+
version: '0'
|
130
|
+
segments:
|
131
|
+
- 0
|
132
|
+
hash: -4552132723314255360
|
133
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
134
|
+
none: false
|
135
|
+
requirements:
|
136
|
+
- - ! '>='
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '0'
|
139
|
+
segments:
|
140
|
+
- 0
|
141
|
+
hash: -4552132723314255360
|
142
|
+
requirements: []
|
143
|
+
rubyforge_project:
|
144
|
+
rubygems_version: 1.8.21
|
145
|
+
signing_key:
|
146
|
+
specification_version: 3
|
147
|
+
summary: Commands for Chef's Knife Command to Encrypt and Decrypt Data
|
148
|
+
test_files:
|
149
|
+
- features/decrypt.feature
|
150
|
+
- features/encrypt.feature
|
151
|
+
- features/step_definitions/knife_config_steps.rb
|
152
|
+
- features/support/env.rb
|