knife-crypt 0.0.1

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rvmrc

@@ -0,0 +1,52 @@
+#!/usr/bin/env bash
+
+# This is an RVM Project .rvmrc file, used to automatically load the ruby
+# development environment upon cd'ing into the directory
+
+# First we specify our desired <ruby>[@<gemset>], the @gemset name is optional,
+# Only full ruby name is supported here, for short names use:
+#     echo "rvm use 1.9.3" > .rvmrc
+environment_id="ruby-1.9.3@knife-crypt"
+
+# Uncomment the following lines if you want to verify rvm version per project
+# rvmrc_rvm_version="1.12.2 (stable)" # 1.10.1 seams as a safe start
+# eval "$(echo ${rvm_version}.${rvmrc_rvm_version} | awk -F. '{print "[[ "$1*65536+$2*256+$3" -ge "$4*65536+$5*256+$6" ]]"}' )" || {
+#   echo "This .rvmrc file requires at least RVM ${rvmrc_rvm_version}, aborting loading."
+#   return 1
+# }
+
+# First we attempt to load the desired environment directly from the environment
+# file. This is very fast and efficient compared to running through the entire
+# CLI and selector. If you want feedback on which environment was used then
+# insert the word 'use' after --create as this triggers verbose mode.
+if [[ -d "${rvm_path:-$HOME/.rvm}/environments"
+  && -s "${rvm_path:-$HOME/.rvm}/environments/$environment_id" ]]
+then
+  \. "${rvm_path:-$HOME/.rvm}/environments/$environment_id"
+  [[ -s "${rvm_path:-$HOME/.rvm}/hooks/after_use" ]] &&
+    \. "${rvm_path:-$HOME/.rvm}/hooks/after_use" || true
+  if [[ $- == *i* ]] # check for interactive shells
+  then echo "Using: $(tput setaf 2)$GEM_HOME$(tput sgr0)" # show the user the ruby and gemset they are using in green
+  else echo "Using: $GEM_HOME" # don't use colors in non-interactive shells
+  fi
+else
+  # If the environment file has not yet been created, use the RVM CLI to select.
+  rvm --create use  "$environment_id" || {
+    echo "Failed to create RVM environment '${environment_id}'."
+    return 1
+  }
+fi
+
+# If you use bundler, this might be useful to you:
+# if [[ -s Gemfile ]] && {
+#   ! builtin command -v bundle >/dev/null ||
+#   builtin command -v bundle | grep $rvm_path/bin/bundle >/dev/null
+# }
+# then
+#   printf "%b" "The rubygem 'bundler' is not installed. Installing it now.\n"
+#   gem install bundler
+# fi
+# if [[ -s Gemfile ]] && builtin command -v bundle >/dev/null
+# then
+#   bundle install | grep -vE '^Using|Your bundle is complete'
+# fi

data/.travis.yml

@@ -0,0 +1,5 @@
+language: ruby
+rvm:
+  - 1.9.3
+  - 1.9.2
+bundler_args: --without development

data/Gemfile

@@ -0,0 +1,12 @@
+source 'https://rubygems.org'
+
+gemspec :development_group => :test
+
+group :development do
+  gem "growl"
+  gem "guard"
+  gem "guard-bundler"
+  gem "guard-cucumber"
+  gem "rb-fsevent"
+  gem "travis-lint"
+end

data/Guardfile

@@ -0,0 +1,12 @@
+guard 'bundler' do
+  watch('Gemfile')
+  watch(/^.+\.gemspec/)
+end
+
+guard 'cucumber', :cli => "--format pretty" do
+  watch(%r{^features/.+\.feature$})
+  watch(%r{^features/support/.+$})          { 'features' }
+  watch(%r{^features/step_definitions/(.+)_steps\.rb$}) { |m| Dir[File.join("**/#{m[1]}.feature")][0] || 'features' }
+
+  watch(%r{^lib/chef/knife/(.+)\.rb}) { |m| "features/#{m[1]}.feature" }
+end

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2012 Chris Griego
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,53 @@
+# Knife::Crypt
+
+[![Build History][2]][1] [![Dependency Status][4]][3]
+
+Commands for Chef's Knife Command to Encrypt and Decrypt Data
+
+The `encrypt` and `decrypt` knife commands uses the configured data
+bag secret to encrypt and decrypt data at the command line.
+
+[1]: http://travis-ci.org/cgriego/knife-crypt
+[2]: https://secure.travis-ci.org/cgriego/knife-crypt.png?branch=master
+[3]: https://gemnasium.com/cgriego/knife-crypt
+[4]: https://gemnasium.com/cgriego/knife-crypt.png
+
+## Installation
+
+This plugin is distributed as a Ruby Gem. To install it, run:
+
+    $ gem install knife-crypt
+
+## Usage
+
+Encrypt a string
+
+    $ knife encrypt '"foo"'
+
+Encrypt an array
+
+    $ knife encrypt '["foo", "bar"]'
+
+Encrypt a hash
+
+    $ knife encrypt '{"foo"=>{"bar"=>"baz"}}'
+
+Decrypt to a string
+
+    $ knife decrypt e4ibEHAinGltDjYNQPV4rw==
+
+Decrypt to an array
+
+    $ knife decrypt 7wrizj9MAjmSVWWq69DUql0hNHFv7Hp/1tnQ/NJuD08=
+
+Decrypt to a hash
+
+    $ knife decrypt nsXFeAANrmnBNu+QPfOHZFB5szSRA+Ezu94fmrJnNhk=
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,9 @@
+#!/usr/bin/env rake
+
+require "bundler/setup"
+require "bundler/gem_tasks"
+require "cucumber/rake/task"
+
+task :default => :cucumber
+
+Cucumber::Rake::Task.new

data/cucumber.yml

@@ -0,0 +1 @@
+default: --strict

data/features/decrypt.feature

@@ -0,0 +1,38 @@
+Feature: knife decrypt
+  In order to efficiently work with encrypted values
+  As a knife user
+  I want to decrypt encrypted values
+
+Scenario: Command List
+  When I run `knife`
+  Then the output should contain:
+    """
+    knife decrypt DATA (options)
+    """
+
+Scenario: Decrypting a String
+  Given a knife configuration with en encrypted data bag secret "my secret"
+  When I successfully run `knife decrypt e4ibEHAinGltDjYNQPV4rw==`
+  Then the stdout should contain exactly:
+    """
+    "foo"
+
+    """
+
+Scenario: Decrypting an Array
+  Given a knife configuration with en encrypted data bag secret "my secret"
+  When I successfully run `knife decrypt 7wrizj9MAjmSVWWq69DUql0hNHFv7Hp/1tnQ/NJuD08=`
+  Then the stdout should contain exactly:
+    """
+    ["foo", "bar"]
+
+    """
+
+Scenario: Decrypting a Hash
+  Given a knife configuration with en encrypted data bag secret "my secret"
+  When I successfully run `knife decrypt nsXFeAANrmnBNu+QPfOHZFB5szSRA+Ezu94fmrJnNhk=`
+  Then the stdout should contain exactly:
+    """
+    {"foo"=>{"bar"=>"baz"}}
+
+    """

data/features/encrypt.feature

@@ -0,0 +1,38 @@
+Feature: knife encrypt
+  In order to efficiently work with encrypted values
+  As a knife user
+  I want to encrypt values
+
+Scenario: Command List
+  When I run `knife`
+  Then the output should contain:
+    """
+    knife encrypt DATA (options)
+    """
+
+Scenario: Encrypting a String
+  Given a knife configuration with en encrypted data bag secret "my secret"
+  When I successfully run `knife encrypt '"foo"'`
+  Then the stdout should contain exactly:
+    """
+    e4ibEHAinGltDjYNQPV4rw==
+
+    """
+
+Scenario: Encrypting an Array
+  Given a knife configuration with en encrypted data bag secret "my secret"
+  When I successfully run `knife encrypt '["foo", "bar"]'`
+  Then the stdout should contain exactly:
+    """
+    7wrizj9MAjmSVWWq69DUql0hNHFv7Hp/1tnQ/NJuD08=
+
+    """
+
+Scenario: Encrypting a Hash
+  Given a knife configuration with en encrypted data bag secret "my secret"
+  When I successfully run `knife encrypt '{"foo"=>{"bar"=>"baz"}}'`
+  Then the stdout should contain exactly:
+    """
+    nsXFeAANrmnBNu+QPfOHZFB5szSRA+Ezu94fmrJnNhk=
+
+    """

data/features/step_definitions/knife_config_steps.rb

@@ -0,0 +1,19 @@
+Given /^a knife configuration with en encrypted data bag secret "(.*?)"$/ do |encrypted_data_bag_secret|
+  write_file ".chef/encrypted_data_bag_secret", encrypted_data_bag_secret
+
+  write_file ".chef/knife.rb", <<-EOF
+    log_level :info
+    log_location STDOUT
+    node_name ENV['USER']
+    client_key "\#{ENV['HOME']}/.chef/\#{ENV['USER']}.pem"
+    validation_client_name "chef-validator"
+    validation_key "\#{ENV['HOME']}/.chef/chef-validator.pem"
+    chef_server_url "https://localhost:4000"
+    cache_type 'BasicFile'
+    cache_options :path => "\#{ENV['HOME']}/.chef/checksums"
+
+    current_dir = File.dirname(__FILE__)
+    cookbook_path ["\#{current_dir}/cookbooks"]
+    encrypted_data_bag_secret "\#{current_dir}/encrypted_data_bag_secret"
+  EOF
+end

data/features/support/env.rb

@@ -0,0 +1,2 @@
+require "bundler/setup"
+require "aruba/cucumber"

data/knife-crypt.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/knife-crypt/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Chris Griego"]
+  gem.email         = ["cgriego@gmail.com"]
+  gem.description   = %q{Commands for Chef's Knife Command to Encrypt and Decrypt Data}
+  gem.summary       = gem.description
+  gem.homepage      = "https://github.com/cgriego/knife-crypt"
+
+  gem.files         = `git ls-files`.split($\)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "knife-crypt"
+  gem.require_paths = ["lib"]
+  gem.version       = Knife::Crypt::VERSION
+
+  gem.add_runtime_dependency "chef", "~> 0.10.8"
+
+  gem.add_development_dependency "aruba", "~> 0.4.11"
+  gem.add_development_dependency "bundler", "~> 1.0"
+  gem.add_development_dependency "cucumber", "~> 1.2.0"
+  gem.add_development_dependency "rake", "~> 0.9.0"
+end

data/lib/chef/knife/decrypt.rb

@@ -0,0 +1,16 @@
+require "chef/knife"
+
+class Chef
+  class Knife
+    class Decrypt < Knife
+      banner "knife decrypt DATA (options)"
+
+      def run
+        encrypted_value = @name_args[0]
+        secret = Chef::EncryptedDataBagItem.load_secret
+        decrypted_value = Chef::EncryptedDataBagItem.decrypt_value encrypted_value, secret
+        puts decrypted_value.inspect
+      end
+    end
+  end
+end

data/lib/chef/knife/encrypt.rb

@@ -0,0 +1,16 @@
+require "chef/knife"
+
+class Chef
+  class Knife
+    class Encrypt < Knife
+      banner "knife encrypt DATA (options)"
+
+      def run
+        decrypted_value = eval @name_args[0]
+        secret = Chef::EncryptedDataBagItem.load_secret
+        encrypted_value = Chef::EncryptedDataBagItem.encrypt_value decrypted_value, secret
+        puts encrypted_value
+      end
+    end
+  end
+end

data/lib/knife-crypt/version.rb

@@ -0,0 +1,5 @@
+module Knife
+  module Crypt
+    VERSION = "0.0.1"
+  end
+end

metadata

@@ -0,0 +1,152 @@
+--- !ruby/object:Gem::Specification
+name: knife-crypt
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Chris Griego
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-06-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: chef
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.10.8
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.10.8
+- !ruby/object:Gem::Dependency
+  name: aruba
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.4.11
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.4.11
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: cucumber
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+description: Commands for Chef's Knife Command to Encrypt and Decrypt Data
+email:
+- cgriego@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rvmrc
+- .travis.yml
+- Gemfile
+- Guardfile
+- LICENSE
+- README.md
+- Rakefile
+- cucumber.yml
+- features/decrypt.feature
+- features/encrypt.feature
+- features/step_definitions/knife_config_steps.rb
+- features/support/env.rb
+- knife-crypt.gemspec
+- lib/chef/knife/decrypt.rb
+- lib/chef/knife/encrypt.rb
+- lib/knife-crypt/version.rb
+homepage: https://github.com/cgriego/knife-crypt
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -4552132723314255360
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -4552132723314255360
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.21
+signing_key: 
+specification_version: 3
+summary: Commands for Chef's Knife Command to Encrypt and Decrypt Data
+test_files:
+- features/decrypt.feature
+- features/encrypt.feature
+- features/step_definitions/knife_config_steps.rb
+- features/support/env.rb