RubyGems - kubekrypt - Versions diffs - 2.2.2 → 2.2.3 - Mend

kubekrypt 2.2.2 → 2.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 29884a227adfa74c500a67af67cced8af277524b2a8231b6b9ae5c490e68e1de
-  data.tar.gz: a27408973011e115570f159c0797c9831a3d21d5e76abe70e239186535304f3a
+  metadata.gz: 101ea0dd17b015654925f7c24ff7101073f390a9d0784fa618017e1203392bc5
+  data.tar.gz: 6c1949385152a207dc3019723ab9709b171a871b3430f3d8cd900c6205119bde
 SHA512:
-  metadata.gz: 3056579c4174da4245f0294576aa2d6c1e00e0a561382fa66678629ee4b82da65be986137a746a9f9c0f04459312ed05b562de041004d4cf078f018b9ff16c8c
-  data.tar.gz: 11282cbbc9af75421ef62c97e32d9157169cd5705613b08f610de054300b26ebf79f2ead8f06984ad28a288a632144e9fcda98941d6297d1f906c71b95c6e4ec
+  metadata.gz: 8d562fc536f8c11e37068e03fafcbe053534306b4c6835677b414e3ddea568f0ef1d10e216968d8ae4805369eb18f994e89ab45c4a929c29e43ba694617529ad
+  data.tar.gz: f28b90f7de3488c3f64982d11e6571355b7e5a7f13fe31c758d480f821b5c941ba1ef3770d2bcc0529fba4b92c57c003c510f948b0f715639e51d7c80b21f46b

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,10 @@
 # Changelog
+## [2.2.3] - 2026-06-14
+### Fixed
+- `encrypt` and `decrypt` now raise `InvalidSecretError` when the manifest has no `data` key, instead of silently passing the content through. Previously such a manifest was printed back **unencrypted** in Ruby-inspect format — easy to redirect into an `.enc.yaml` file and commit plaintext secrets without noticing.
 ## [2.2.2] - 2026-03-31
 ### Changed

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    kubekrypt (2.2.2)
+    kubekrypt (2.2.3)
       google-cloud-kms
       grpc
       thor (>= 1.0)
@@ -10,15 +10,15 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.8.9)
+    addressable (2.9.0)
       public_suffix (>= 2.0.2, < 8.0)
     ast (2.4.3)
     base64 (0.3.0)
-    bigdecimal (4.1.0)
+    bigdecimal (4.1.2)
     coderay (1.1.3)
     date (3.5.1)
     diff-lcs (1.6.2)
-    erb (6.0.2)
+    erb (6.0.4)
     faraday (2.14.1)
       faraday-net_http (>= 2.0, < 3.5)
       json
@@ -55,19 +55,19 @@ GEM
     google-cloud-location (1.3.0)
       gapic-common (~> 1.2)
       google-cloud-errors (~> 1.0)
-    google-iam-v1 (1.5.1)
+    google-iam-v1 (1.6.1)
       gapic-common (~> 1.2)
       google-cloud-errors (~> 1.0)
       grpc-google-iam-v1 (~> 1.11)
     google-logging-utils (0.2.0)
-    google-protobuf (4.34.1)
+    google-protobuf (4.35.0)
       bigdecimal
       rake (~> 13.3)
     googleapis-common-protos (1.7.0)
       google-protobuf (>= 3.18, < 5.a)
       googleapis-common-protos-types (~> 1.7)
       grpc (~> 1.41)
-    googleapis-common-protos-types (1.22.0)
+    googleapis-common-protos-types (1.23.0)
       google-protobuf (~> 4.26)
     googleauth (1.16.2)
       faraday (>= 1.0, < 3.a)
@@ -77,7 +77,7 @@ GEM
       multi_json (~> 1.11)
       os (>= 0.9, < 2.0)
       signet (>= 0.16, < 2.a)
-    grpc (1.80.0)
+    grpc (1.81.0)
       google-protobuf (>= 3.25, < 5.0)
       googleapis-common-protos-types (~> 1.0)
     grpc-google-iam-v1 (1.11.0)
@@ -85,7 +85,7 @@ GEM
       googleapis-common-protos (~> 1.7.0)
       grpc (~> 1.41)
     io-console (0.8.2)
-    irb (1.17.0)
+    irb (1.18.0)
       pp (>= 0.6.0)
       prism (>= 1.3.0)
       rdoc (>= 4.0.0)
@@ -97,11 +97,11 @@ GEM
     lint_roller (1.1.0)
     logger (1.7.0)
     method_source (1.1.0)
-    multi_json (1.19.1)
+    multi_json (1.20.1)
     net-http (0.9.1)
       uri (>= 0.11.1)
     os (1.1.4)
-    parallel (1.27.0)
+    parallel (1.28.0)
     parser (3.3.11.1)
       ast (~> 2.4.1)
       racc
@@ -119,12 +119,12 @@ GEM
     public_suffix (7.0.5)
     racc (1.8.1)
     rainbow (3.1.1)
-    rake (13.3.1)
+    rake (13.4.2)
     rdoc (7.2.0)
       erb
       psych (>= 4.0.0)
       tsort
-    regexp_parser (2.11.3)
+    regexp_parser (2.12.0)
     reline (0.6.3)
       io-console (~> 0.5)
     rspec (3.13.2)

data/LICENSE CHANGED Viewed

@@ -1,6 +1,6 @@
 The MIT License (MIT)
-Copyright (c) 2025 Krzysztof Knapik
+Copyright (c) 2026 Krzysztof Knapik
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/lib/kubekrypt/decryptor.rb CHANGED Viewed

@@ -20,7 +20,9 @@ module KubeKrypt
     end
     def self.call(content:, base64:)
-      return content unless content["data"]
+      unless content["data"]
+        raise InvalidSecretError, "no data key found — nothing to decrypt"
+      end
       key_name = content.fetch(METADATA_KEY).fetch(KMS_KEY.to_s)
       decryptor = new(key_name)

data/lib/kubekrypt/encryptor.rb CHANGED Viewed

@@ -14,7 +14,10 @@ module KubeKrypt
     end
     def self.call(content:, key_name:)
-      return content unless content["data"]
+      unless content["data"]
+        raise InvalidSecretError,
+          "no data key found — refusing to write the manifest through unencrypted"
+      end
       encryptor = new(key_name)

data/lib/kubekrypt/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module KubeKrypt
-  VERSION = "2.2.2".freeze
+  VERSION = "2.2.3".freeze
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kubekrypt
 version: !ruby/object:Gem::Version
-  version: 2.2.2
+  version: 2.2.3
 platform: ruby
 authors:
 - Krzysztof Knapik
@@ -111,7 +111,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.8
+rubygems_version: 4.0.10
 specification_version: 4
 summary: KubeKrypt provides seamless encryption and decryption of Kubernetes Secret
   menifests using Google Cloud KMS