kubekrypt 2.0.1 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7ee41bf27949d30c248edf9265aaf3e07b69a2b0e97a3628762c565d307178af
-  data.tar.gz: 4ca26491253fdbdc5c8a2725f4b32485173641b6831480ae9c8a930b56667361
+  metadata.gz: aafcb114c98241aef71fcd5bb8cc2da885720fe50ef89d6986595a86108e6066
+  data.tar.gz: 5b4acdd48ddbf46aad74fa089c7c5de1a1d219c924836a9edf4ab528d38c389d
 SHA512:
-  metadata.gz: 36b12a1abfef9e3b162b4e9a0444d215857754c92dd6782a5f5e7e2b10640d62c45b7470a402697808149e1fd1eef550c14de39053e7bd5c893d638f6867c81d
-  data.tar.gz: 367197f8594c08546e51fc551031bd038acab8c21e392e1ed1f1ecf48ce2da5c6dfb19e1ce1d86de99edce091ab66ebdf32c8e1a8733d68de63266668b0d01f1
+  metadata.gz: 5b093a42bfaae3bf5dc63956c38c4ad454c87a5c91d56be298550a7c8bfc11ce9ff6403da1c8a6eddafcc415e1791a0889f8cb3c02c60faa7a76cf4dfdf936cd
+  data.tar.gz: 145e1b546e18b9540273025e809f70fac4051c0b21a2d7d7e9739dbec7fed9bfa434812e6cfc340e33f1aff7ce972f41796c8c8aceff5575817a376102b5364e

data/.github/workflows/ci.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby-version: [3.4]
+        ruby-version: [3.4, 4.0]
 
     steps:
     - uses: actions/checkout@v3

data/CHANGELOG.md

@@ -1,5 +1,16 @@
 # Changelog
 
+## [2.1.0] - 2026-03-24
+
+### Changed
+- Migrated from RuboCop to StandardRB
+- Added Ruby 4.0 support
+
+## [2.0.2] - 2025-07-28
+
+### Added
+- Lock `grpc`, since 1.74.0 is problematic
+
 ## [2.0.1] - 2025-03-21
 
 ### Added

data/Gemfile

@@ -1,12 +1,11 @@
-source 'https://rubygems.org'
+source "https://rubygems.org"
 
 gemspec
 
-gem 'bundler'
-gem 'irb'
-gem 'pry'
-gem 'rake'
-gem 'rspec'
-gem 'rubocop'
-gem 'rubocop-rake'
-gem 'rubocop-rspec'
+gem "bundler"
+gem "irb"
+gem "pry"
+gem "rake"
+gem "rspec"
+gem "standardrb"
+gem "rdoc"

data/Gemfile.lock

@@ -1,36 +1,38 @@
 PATH
   remote: .
   specs:
-    kubekrypt (2.0.1)
+    kubekrypt (2.1.0)
       google-cloud-kms
-      thor (~> 1.0)
+      grpc (< 1.74.0)
+      thor (>= 1.0)
       yaml
 
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.8.7)
-      public_suffix (>= 2.0.2, < 7.0)
+    addressable (2.8.9)
+      public_suffix (>= 2.0.2, < 8.0)
     ast (2.4.3)
-    base64 (0.2.0)
-    bigdecimal (3.1.9)
+    base64 (0.3.0)
+    bigdecimal (4.0.1)
     coderay (1.1.3)
-    date (3.4.1)
-    diff-lcs (1.6.0)
-    faraday (2.12.2)
+    date (3.5.1)
+    diff-lcs (1.6.2)
+    erb (6.0.2)
+    faraday (2.14.1)
       faraday-net_http (>= 2.0, < 3.5)
       json
       logger
-    faraday-net_http (3.4.0)
-      net-http (>= 0.5.0)
-    faraday-retry (2.2.1)
+    faraday-net_http (3.4.2)
+      net-http (~> 0.5)
+    faraday-retry (2.4.0)
       faraday (~> 2.0)
-    gapic-common (0.25.0)
+    gapic-common (1.3.0)
       faraday (>= 1.9, < 3.a)
       faraday-retry (>= 1.0, < 3.a)
       google-cloud-env (~> 2.2)
       google-logging-utils (~> 0.1)
-      google-protobuf (>= 3.25, < 5.a)
+      google-protobuf (~> 4.26)
       googleapis-common-protos (~> 1.6)
       googleapis-common-protos-types (~> 1.15)
       googleauth (~> 1.12)
@@ -38,102 +40,107 @@ GEM
     google-cloud-core (1.8.0)
       google-cloud-env (>= 1.0, < 3.a)
       google-cloud-errors (~> 1.0)
-    google-cloud-env (2.2.2)
+    google-cloud-env (2.3.1)
       base64 (~> 0.2)
       faraday (>= 1.0, < 3.a)
-    google-cloud-errors (1.5.0)
-    google-cloud-kms (2.9.0)
+    google-cloud-errors (1.6.0)
+    google-cloud-kms (2.11.0)
       google-cloud-core (~> 1.6)
       google-cloud-kms-v1 (>= 0.26, < 2.a)
-    google-cloud-kms-v1 (1.5.0)
-      gapic-common (>= 0.25.0, < 2.a)
+    google-cloud-kms-v1 (1.11.0)
+      gapic-common (~> 1.2)
       google-cloud-errors (~> 1.0)
-      google-cloud-location (>= 0.7, < 2.a)
-      google-iam-v1 (>= 0.7, < 2.a)
-    google-cloud-location (0.10.0)
-      gapic-common (>= 0.25.0, < 2.a)
+      google-cloud-location (~> 1.0)
+      google-iam-v1 (~> 1.3)
+    google-cloud-location (1.3.0)
+      gapic-common (~> 1.2)
       google-cloud-errors (~> 1.0)
-    google-iam-v1 (1.3.0)
-      gapic-common (>= 0.25.0, < 2.a)
+    google-iam-v1 (1.5.1)
+      gapic-common (~> 1.2)
       google-cloud-errors (~> 1.0)
-      grpc-google-iam-v1 (~> 1.1)
-    google-logging-utils (0.1.0)
-    google-protobuf (4.30.1)
+      grpc-google-iam-v1 (~> 1.11)
+    google-logging-utils (0.2.0)
+    google-protobuf (4.34.1)
       bigdecimal
-      rake (>= 13)
+      rake (~> 13.3)
     googleapis-common-protos (1.7.0)
       google-protobuf (>= 3.18, < 5.a)
       googleapis-common-protos-types (~> 1.7)
       grpc (~> 1.41)
-    googleapis-common-protos-types (1.19.0)
-      google-protobuf (>= 3.18, < 5.a)
-    googleauth (1.14.0)
+    googleapis-common-protos-types (1.22.0)
+      google-protobuf (~> 4.26)
+    googleauth (1.16.2)
       faraday (>= 1.0, < 3.a)
       google-cloud-env (~> 2.2)
       google-logging-utils (~> 0.1)
-      jwt (>= 1.4, < 3.0)
+      jwt (>= 1.4, < 4.0)
       multi_json (~> 1.11)
       os (>= 0.9, < 2.0)
       signet (>= 0.16, < 2.a)
-    grpc (1.71.0)
+    grpc (1.73.0)
       google-protobuf (>= 3.25, < 5.0)
       googleapis-common-protos-types (~> 1.0)
-    grpc-google-iam-v1 (1.10.0)
+    grpc-google-iam-v1 (1.11.0)
       google-protobuf (>= 3.18, < 5.a)
-      googleapis-common-protos (~> 1.4)
+      googleapis-common-protos (~> 1.7.0)
       grpc (~> 1.41)
-    io-console (0.8.0)
-    irb (1.15.1)
+    io-console (0.8.2)
+    irb (1.17.0)
       pp (>= 0.6.0)
+      prism (>= 1.3.0)
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
-    json (2.10.2)
-    jwt (2.10.1)
+    json (2.19.2)
+    jwt (3.1.2)
       base64
-    language_server-protocol (3.17.0.4)
+    language_server-protocol (3.17.0.5)
     lint_roller (1.1.0)
-    logger (1.6.6)
+    logger (1.7.0)
     method_source (1.1.0)
-    multi_json (1.15.0)
-    net-http (0.6.0)
-      uri
+    multi_json (1.19.1)
+    net-http (0.9.1)
+      uri (>= 0.11.1)
     os (1.1.4)
-    parallel (1.26.3)
-    parser (3.3.7.2)
+    parallel (1.27.0)
+    parser (3.3.10.2)
       ast (~> 2.4.1)
       racc
-    pp (0.6.2)
+    pp (0.6.3)
       prettyprint
     prettyprint (0.2.0)
-    pry (0.15.2)
+    prism (1.9.0)
+    pry (0.16.0)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    psych (5.2.3)
+      reline (>= 0.6.0)
+    psych (5.3.1)
       date
       stringio
-    public_suffix (6.0.1)
+    public_suffix (7.0.5)
     racc (1.8.1)
     rainbow (3.1.1)
-    rake (13.2.1)
-    rdoc (6.12.0)
+    rake (13.3.1)
+    rdoc (7.2.0)
+      erb
       psych (>= 4.0.0)
-    regexp_parser (2.10.0)
-    reline (0.6.0)
+      tsort
+    regexp_parser (2.11.3)
+    reline (0.6.3)
       io-console (~> 0.5)
-    rspec (3.13.0)
+    rspec (3.13.2)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
       rspec-mocks (~> 3.13.0)
-    rspec-core (3.13.3)
+    rspec-core (3.13.6)
       rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.3)
+    rspec-expectations (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-mocks (3.13.2)
+    rspec-mocks (3.13.8)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-support (3.13.2)
-    rubocop (1.74.0)
+    rspec-support (3.13.7)
+    rubocop (1.84.2)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -141,29 +148,43 @@ GEM
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 2.9.3, < 3.0)
-      rubocop-ast (>= 1.38.0, < 2.0)
+      rubocop-ast (>= 1.49.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.41.0)
+    rubocop-ast (1.49.1)
       parser (>= 3.3.7.2)
-    rubocop-rake (0.7.1)
-      lint_roller (~> 1.1)
-      rubocop (>= 1.72.1)
-    rubocop-rspec (3.5.0)
+      prism (~> 1.7)
+    rubocop-performance (1.26.1)
       lint_roller (~> 1.1)
-      rubocop (~> 1.72, >= 1.72.1)
+      rubocop (>= 1.75.0, < 2.0)
+      rubocop-ast (>= 1.47.1, < 2.0)
     ruby-progressbar (1.13.0)
-    signet (0.19.0)
+    signet (0.21.0)
       addressable (~> 2.8)
       faraday (>= 0.17.5, < 3.a)
-      jwt (>= 1.5, < 3.0)
+      jwt (>= 1.5, < 4.0)
       multi_json (~> 1.10)
-    stringio (3.1.5)
-    thor (1.3.2)
-    unicode-display_width (3.1.4)
-      unicode-emoji (~> 4.0, >= 4.0.4)
-    unicode-emoji (4.0.4)
-    uri (1.0.3)
+    standard (1.54.0)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.0)
+      rubocop (~> 1.84.0)
+      standard-custom (~> 1.0.0)
+      standard-performance (~> 1.8)
+    standard-custom (1.0.2)
+      lint_roller (~> 1.0)
+      rubocop (~> 1.50)
+    standard-performance (1.9.0)
+      lint_roller (~> 1.1)
+      rubocop-performance (~> 1.26.0)
+    standardrb (1.0.1)
+      standard
+    stringio (3.2.0)
+    thor (1.5.0)
+    tsort (0.2.0)
+    unicode-display_width (3.2.0)
+      unicode-emoji (~> 4.1)
+    unicode-emoji (4.2.0)
+    uri (1.1.1)
     yaml (0.4.0)
 
 PLATFORMS
@@ -175,10 +196,9 @@ DEPENDENCIES
   kubekrypt!
   pry
   rake
+  rdoc
   rspec
-  rubocop
-  rubocop-rake
-  rubocop-rspec
+  standardrb
 
 BUNDLED WITH
-   2.6.3
+   2.7.1

data/Rakefile

@@ -1,9 +1,8 @@
-require 'bundler/gem_tasks'
-require 'rspec/core/rake_task'
-require 'rubocop/rake_task'
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+require "standard/rake"
 
 RSpec::Core::RakeTask.new(:spec)
-RuboCop::RakeTask.new
 
-task ci: %i[spec rubocop]
-task default: %i[spec rubocop:autocorrect_all]
+task ci: %i[spec standard]
+task default: %i[spec standard:fix]

data/exe/kubekrypt

@@ -1,4 +1,4 @@
 #!/usr/bin/env ruby
-require 'kubekrypt'
+require "kubekrypt"
 
 KubeKrypt::CLI.start

data/kubekrypt.gemspec

@@ -1,32 +1,33 @@
-lib = File.expand_path('lib', __dir__)
+lib = File.expand_path("lib", __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'kubekrypt/version'
+require "kubekrypt/version"
 
 Gem::Specification.new do |spec|
-  spec.name = 'kubekrypt'
+  spec.name = "kubekrypt"
   spec.version = KubeKrypt::VERSION
-  spec.authors = ['Krzysztof Knapik']
-  spec.email = ['knapo@knapo.net']
+  spec.authors = ["Krzysztof Knapik"]
+  spec.email = ["knapo@knapo.net"]
 
-  spec.summary = 'KubeKrypt provides seamless encryption and decryption of Kubernetes Secret menifests using Google Cloud KMS'
-  spec.homepage = 'https://github.com/knapo/kubekrypt'
-  spec.license = 'MIT'
+  spec.summary = "KubeKrypt provides seamless encryption and decryption of Kubernetes Secret menifests using Google Cloud KMS"
+  spec.homepage = "https://github.com/knapo/kubekrypt"
+  spec.license = "MIT"
 
-  spec.metadata['homepage_uri'] = 'https://github.com/knapo/kubekrypt'
-  spec.metadata['source_code_uri'] = 'https://github.com/knapo/kubekrypt'
-  spec.metadata['changelog_uri'] = 'https://github.com/knapo/kubekrypt/blob/main/CHANGELOG.md'
-  spec.metadata['rubygems_mfa_required'] = 'true'
+  spec.metadata["homepage_uri"] = "https://github.com/knapo/kubekrypt"
+  spec.metadata["source_code_uri"] = "https://github.com/knapo/kubekrypt"
+  spec.metadata["changelog_uri"] = "https://github.com/knapo/kubekrypt/blob/main/CHANGELOG.md"
+  spec.metadata["rubygems_mfa_required"] = "true"
 
-  spec.required_ruby_version = Gem::Requirement.new('>= 3.4.0')
+  spec.required_ruby_version = Gem::Requirement.new(">= 3.4")
 
   spec.files = Dir.chdir(__dir__) do
     `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(bin/|spec/|\.rub)}) }
   end
-  spec.bindir = 'exe'
+  spec.bindir = "exe"
   spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ['lib']
+  spec.require_paths = ["lib"]
 
-  spec.add_dependency 'google-cloud-kms'
-  spec.add_dependency 'thor', '~> 1.0'
-  spec.add_dependency 'yaml'
+  spec.add_dependency "google-cloud-kms"
+  spec.add_dependency "grpc", "< 1.74.0" # 1.74.0 & google-cloud-kms produce segmentation fault errors
+  spec.add_dependency "thor", ">= 1.0"
+  spec.add_dependency "yaml"
 end

data/lib/kubekrypt/cli.rb

@@ -1,36 +1,37 @@
 module KubeKrypt
   class CLI < Thor
     include Thor::Shell
+
     def self.exit_on_failure?
       true
     end
 
-    desc 'version', 'Displays the current version of KubeKrypt'
+    desc "version", "Displays the current version of KubeKrypt"
     def version
       puts KubeKrypt::VERSION
     end
 
-    method_option KMS_KEY, aliases: '-k', desc: 'Google KMS encryption key id to use', required: true
-    desc 'encrypt FILE', 'Encrypts Kubernetes secrets manifest using the specified KMS key'
+    method_option KMS_KEY, aliases: "-k", desc: "Google KMS encryption key id to use", required: true
+    desc "encrypt FILE", "Encrypts Kubernetes secrets manifest using the specified KMS key"
     def encrypt(file_path)
       yaml_content = File.read(file_path)
       content = YAML.safe_load(yaml_content)
       key_name = options.fetch(KMS_KEY)
 
-      raise AlreadyEncrytpedError, "#{file_path} is already encrypted" if content['kubekrypt']
+      raise AlreadyEncrytpedError, "#{file_path} is already encrypted" if content["kubekrypt"]
 
       result = KubeKrypt::Encryptor.call(content:, key_name:)
       puts result
     end
 
-    method_option :base64, desc: 'Base64 encoded values', type: :boolean, required: false
-    desc 'decrypt FILE', 'Decrypts Kubernetes secrets manifest using embedded kubekrypt metadata'
+    method_option :base64, desc: "Base64 encoded values", type: :boolean, required: false
+    desc "decrypt FILE", "Decrypts Kubernetes secrets manifest using embedded kubekrypt metadata"
     def decrypt(file_path)
       yaml_content = File.read(file_path)
       content = YAML.safe_load(yaml_content)
       base64 = options.fetch(:base64, false)
 
-      raise NotEncrytpedError, "#{file_path} is not encrypted" unless content['kubekrypt']
+      raise NotEncrytpedError, "#{file_path} is not encrypted" unless content["kubekrypt"]
 
       result = KubeKrypt::Decryptor.call(content:, base64:)
       puts result

data/lib/kubekrypt/decryptor.rb

@@ -8,7 +8,7 @@ module KubeKrypt
     end
 
     def call(encodedtext, base64: false)
-      ciphertext = Base64.strict_decode64(encodedtext.sub("#{ENC_PREFIX}:", ''))
+      ciphertext = Base64.strict_decode64(encodedtext.sub("#{ENC_PREFIX}:", ""))
 
       result = client.decrypt(name: key_name, ciphertext:).plaintext
 
@@ -20,11 +20,11 @@ module KubeKrypt
     end
 
     def self.call(content:, base64:)
-      return content unless content['data']
+      return content unless content["data"]
 
       key_name = content.fetch(METADATA_KEY).fetch(KMS_KEY.to_s)
       decryptor = new(key_name)
-      content['data'].transform_values! { |encodedtext| decryptor.call(encodedtext, base64:) }
+      content["data"].transform_values! { |encodedtext| decryptor.call(encodedtext, base64:) }
       content.delete(METADATA_KEY)
       content.to_yaml
     end

data/lib/kubekrypt/encryptor.rb

@@ -14,16 +14,16 @@ module KubeKrypt
     end
 
     def self.call(content:, key_name:)
-      return content unless content['data']
+      return content unless content["data"]
 
       encryptor = new(key_name)
 
-      content['data'].transform_values! { |plaintext| encryptor.call(plaintext) }
+      content["data"].transform_values! { |plaintext| encryptor.call(plaintext) }
 
       content[METADATA_KEY] = {
         KMS_KEY.to_s => key_name,
-        'version' => VERSION,
-        'modified_at' => Time.now.utc.iso8601
+        "version" => VERSION,
+        "modified_at" => Time.now.utc.iso8601
       }
 
       content.to_yaml

data/lib/kubekrypt/version.rb

@@ -1,3 +1,3 @@
 module KubeKrypt
-  VERSION = '2.0.1'.freeze
+  VERSION = "2.1.0".freeze
 end

data/lib/kubekrypt.rb

@@ -1,19 +1,19 @@
-require 'base64'
-require 'google/cloud/kms'
-require 'optparse'
-require 'thor'
-require 'yaml'
+require "base64"
+require "google/cloud/kms"
+require "optparse"
+require "thor"
+require "yaml"
 
 module KubeKrypt
   AlreadyEncrytpedError = Class.new(StandardError)
   NotEncrytpedError = Class.new(StandardError)
   KMS_KEY = :kms_key
-  ENCRYPTION_METHOD = 'aes-256-gcm'.freeze
-  METADATA_KEY = 'kubekrypt'.freeze
-  ENC_PREFIX = 'enc'.freeze
+  ENCRYPTION_METHOD = "aes-256-gcm".freeze
+  METADATA_KEY = "kubekrypt".freeze
+  ENC_PREFIX = "enc".freeze
 end
 
-require 'kubekrypt/version'
-require 'kubekrypt/cli'
-require 'kubekrypt/encryptor'
-require 'kubekrypt/decryptor'
+require "kubekrypt/version"
+require "kubekrypt/cli"
+require "kubekrypt/encryptor"
+require "kubekrypt/decryptor"

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: kubekrypt
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 2.1.0
 platform: ruby
 authors:
 - Krzysztof Knapik
 bindir: exe
 cert_chain: []
-date: 2025-03-21 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-cloud-kms
@@ -23,18 +23,32 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: grpc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 1.74.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 1.74.0
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
@@ -89,14 +103,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 3.4.0
+      version: '3.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.6
+rubygems_version: 4.0.8
 specification_version: 4
 summary: KubeKrypt provides seamless encryption and decryption of Kubernetes Secret
   menifests using Google Cloud KMS