RubyGems - legion-crypt - Versions diffs - 0.1.0 - Mend

legion-crypt 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

checksums.yaml +7 -0
data/.circleci/config.yml +61 -0
data/.gitignore +11 -0
data/.idea/.rakeTasks +7 -0
data/.idea/legion-crypt.iml +45 -0
data/.idea/misc.xml +7 -0
data/.idea/modules.xml +8 -0
data/.idea/vagrant.xml +7 -0
data/.idea/workspace.xml +14 -0
data/.rspec +3 -0
data/.rubocop.yml +23 -0
data/Gemfile +5 -0
data/LICENSE.txt +21 -0
data/README.md +40 -0
data/Rakefile +8 -0
data/bin/console +15 -0
data/bin/setup +8 -0
data/legion-crypt.gemspec +39 -0
data/lib/legion/crypt.rb +36 -0
data/lib/legion/crypt/box.rb +95 -0
data/lib/legion/crypt/settings.rb +30 -0
data/lib/legion/crypt/vault.rb +80 -0
data/lib/legion/crypt/vault_renewer.rb +29 -0
data/lib/legion/crypt/version.rb +7 -0
metadata +209 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 07b24418ca073e0f27ac8b1971b3dff861e245f9e469a1d78bf14a500e02ded8
+  data.tar.gz: 73c531446637ff282583e5e74db187077dd0431493919db84b00348d592b262d
+SHA512:
+  metadata.gz: 4bee5884abd1308aad74fd342168f3622bd19aa213be6908e42178c02172a3682a44398bbad7a484533cd70b6c6e3203ae8589b4b79d9455a971cfda9dc61035
+  data.tar.gz: a4770c968abc0a5f8743a042238f2aa0225ee6189ae49854d1db45e3e6b2b7b442f1b40862d0135e3f901f731a57d4017765d8846c0888b61a014b118eff3849

data/.circleci/config.yml ADDED Viewed

@@ -0,0 +1,61 @@
+version: 2.1
+orbs:
+  ruby: circleci/ruby@0.2.1
+jobs:
+  "rubocop":
+    docker:
+      - image: circleci/ruby:2.5-node
+    steps:
+      - checkout
+      - ruby/load-cache
+      - ruby/install-deps
+      - run:
+          name: Run Rubocop
+          command: bundle exec rubocop
+      - ruby/save-cache
+  "ruby-two-five":
+    docker:
+      - image: circleci/ruby:2.5
+      - image: memcached:1.5-alpine
+    steps:
+      - checkout
+      - ruby/load-cache
+      - ruby/install-deps
+      - ruby/run-tests
+      - ruby/save-cache
+  "ruby-two-six":
+    docker:
+      - image: circleci/ruby:2.6
+      - image: memcached:1.5-alpine
+    steps:
+      - checkout
+      - ruby/load-cache
+      - ruby/install-deps
+      - ruby/run-tests
+      - ruby/save-cache
+  "ruby-two-seven":
+    docker:
+      - image: circleci/ruby:2.7
+      - image: memcached:1.5-alpine
+    steps:
+      - checkout
+      - ruby/load-cache
+      - ruby/install-deps
+      - ruby/run-tests
+      - ruby/save-cache
+workflows:
+  version: 2
+  rubocop-rspec:
+    jobs:
+      - rubocop
+      - ruby-two-five:
+          requires:
+            - rubocop
+      - ruby-two-six:
+          requires:
+            - ruby-two-five
+      - ruby-two-seven:
+          requires:
+            - ruby-two-five

data/.gitignore ADDED Viewed

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+# rspec failure tracking
+.rspec_status

data/.idea/.rakeTasks ADDED Viewed

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Settings><!--This file was automatically generated by Ruby plugin.
+You are allowed to:
+1. Remove rake task
+2. Add existing rake tasks
+To add existing rake tasks automatically delete this file and reload the project.
+--><RakeGroup description="" fullCmd="" taksId="rake"><RakeTask description="Build legion-crypt-0.1.0.gem into the pkg directory" fullCmd="build" taksId="build" /><RakeTask description="Remove any temporary products" fullCmd="clean" taksId="clean" /><RakeTask description="Remove any generated files" fullCmd="clobber" taksId="clobber" /><RakeTask description="Build and install legion-crypt-0.1.0.gem into system gems" fullCmd="install" taksId="install" /><RakeGroup description="" fullCmd="" taksId="install"><RakeTask description="Build and install legion-crypt-0.1.0.gem into system gems without network access" fullCmd="install:local" taksId="local" /></RakeGroup><RakeTask description="Create tag v0.1.0 and build and push legion-crypt-0.1.0.gem to rubygems.org" fullCmd="release[remote]" taksId="release[remote]" /><RakeTask description="Run RSpec code examples" fullCmd="spec" taksId="spec" /><RakeTask description="" fullCmd="default" taksId="default" /><RakeTask description="" fullCmd="release" taksId="release" /><RakeGroup description="" fullCmd="" taksId="release"><RakeTask description="" fullCmd="release:guard_clean" taksId="guard_clean" /><RakeTask description="" fullCmd="release:rubygem_push" taksId="rubygem_push" /><RakeTask description="" fullCmd="release:source_control_push" taksId="source_control_push" /></RakeGroup></RakeGroup></Settings>

data/.idea/legion-crypt.iml ADDED Viewed

@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="RUBY_MODULE" version="4">
+  <component name="ModuleRunConfigurationManager">
+    <shared />
+  </component>
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+    <orderEntry type="library" scope="PROVIDED" name="amq-protocol (v2.3.0, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="ast (v2.4.0, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="aws-eventstream (v1.0.3, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="aws-sigv4 (v1.1.1, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="bundler (v2.1.4, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="bunny (v2.14.4, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="diff-lcs (v1.3, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="docile (v1.3.2, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="ffi (v1.12.2, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="jaro_winkler (v1.5.4, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="json (v2.3.0, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="legion (v0.1.2, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="legion-json (v0.1.6, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="legion-logging (v1.0.0, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="legion-settings (v1.0.0, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="legion-transport (v0.1.0, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="oj (v3.10.5, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="parallel (v1.19.1, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="parser (v2.7.0.4, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rainbow (v3.0.0, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rake (v13.0.1, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rbnacl (v7.1.1, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rexml (v3.2.4, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rspec (v3.9.0, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rspec-core (v3.9.1, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rspec-expectations (v3.9.0, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rspec-mocks (v3.9.1, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rspec-support (v3.9.2, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rubocop (v0.80.1, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="ruby-progressbar (v1.10.1, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="simplecov (v0.18.5, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="simplecov-html (v0.12.2, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="unicode-display_width (v1.6.1, RVM: ruby-2.6.3) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="vault (v0.13.0, RVM: ruby-2.6.3) [gem]" level="application" />
+  </component>
+</module>

data/.idea/misc.xml ADDED Viewed

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="JavaScriptSettings">
+    <option name="languageLevel" value="ES6" />
+  </component>
+  <component name="ProjectRootManager" version="2" project-jdk-name="RVM: ruby-2.6.3" project-jdk-type="RUBY_SDK" />
+</project>

data/.idea/modules.xml ADDED Viewed

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/legion-crypt.iml" filepath="$PROJECT_DIR$/.idea/legion-crypt.iml" />
+    </modules>
+  </component>
+</project>

data/.idea/vagrant.xml ADDED Viewed

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VagrantProjectSettings">
+    <option name="instanceFolder" value="" />
+    <option name="provider" value="" />
+  </component>
+</project>

data/.idea/workspace.xml ADDED Viewed

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="CoverageOptionsProvider">
+    <option name="myAddOrReplace" value="0" />
+  </component>
+  <component name="Git.Settings">
+    <option name="PUSH_AUTO_UPDATE" value="true" />
+    <option name="ROOT_SYNC" value="DONT_SYNC" />
+  </component>
+  <component name="ProjectId" id="1Yk09ZatgP1aKTE1VrPrnkK2STE" />
+  <component name="PropertiesComponent">
+    <property name="settings.editor.selected.configurable" value="reference.settingsdialog.project.vagrant" />
+  </component>
+</project>

data/.rspec ADDED Viewed

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml ADDED Viewed

@@ -0,0 +1,23 @@
+Layout/LineLength:
+  Max: 140
+Metrics/MethodLength:
+  Max: 50
+Metrics/ClassLength:
+  Max: 1500
+Metrics/BlockLength:
+  Max: 50
+Layout/SpaceAroundEqualsInParameterDefault:
+  EnforcedStyle: space
+Style/SymbolArray:
+  Enabled: true
+Layout/HashAlignment:
+  EnforcedHashRocketStyle: table
+  EnforcedColonStyle: table
+Style/Documentation:
+  Enabled: false
+AllCops:
+  TargetRubyVersion: 2.5
+Style/FrozenStringLiteralComment:
+  Enabled: false
+Naming/FileName:
+  Enabled: false

data/Gemfile ADDED Viewed

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+source 'https://rubygems.org'
+gemspec

data/LICENSE.txt ADDED Viewed

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+Copyright (c) 2020 Esity
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,40 @@
+# Legion::Crypt
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/legion/crypt`. To experiment with that code, run `bin/console` for an interactive prompt.
+TODO: Delete this and the text above, and describe your gem
+## Installation
+Add this line to your application's Gemfile:
+```ruby
+gem 'legion-crypt'
+```
+And then execute:
+    $ bundle install
+Or install it yourself as:
+    $ gem install legion-crypt
+## Usage
+TODO: Write usage instructions here
+## Development
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+## Contributing
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/legion-crypt.
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile ADDED Viewed

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)
+task default: :spec

data/bin/console ADDED Viewed

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+require 'bundler/setup'
+require 'legion/crypt'
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+require 'irb'
+IRB.start(__FILE__)

data/bin/setup ADDED Viewed

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+bundle install
+# Do any other automated setup that you need to do here

data/legion-crypt.gemspec ADDED Viewed

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+require_relative 'lib/legion/crypt/version'
+Gem::Specification.new do |spec|
+  spec.name          = 'legion-crypt'
+  spec.version       = Legion::Crypt::VERSION
+  spec.authors       = ['Esity']
+  spec.email         = ['matthewdiverson@gmail.com']
+  spec.summary       = 'Legion::Vault is used to keep things safe'
+  spec.description   = 'Integrates with Hashicorps vault and other encryption type things'
+  spec.homepage      = 'https://bitbucket.org/legion-io/legion-vault/'
+  spec.license       = 'MIT'
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.5.0')
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = 'https://bitbucket.org/legion-io/legion/'
+  spec.metadata['changelog_uri'] = 'https://bitbucket.org/legion-io/legion/src/master/CHANGELOG.md'
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+  spec.add_dependency 'rbnacl'
+  spec.add_dependency 'vault'
+  spec.add_development_dependency 'legion'
+  spec.add_development_dependency 'legion-logging', '>= 1.0.0'
+  spec.add_development_dependency 'legion-settings', '>= 1.0.0'
+  spec.add_development_dependency 'legion-transport', '>= 0.1.0'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'rubocop'
+  spec.add_development_dependency 'simplecov'
+end

data/lib/legion/crypt.rb ADDED Viewed

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+require 'legion/crypt/version'
+require 'legion/crypt/settings'
+require 'rbnacl'
+require 'base64'
+require 'legion/crypt/box'
+require 'legion/crypt/vault'
+module Legion
+  module Crypt
+    class << self
+      attr_reader :public_key, :sessions
+      include Legion::Crypt::Box
+      include Legion::Crypt::Vault if Legion::Settings[:crypt][:vault][:enabled]
+      def start
+        Legion::Logging.debug 'Legion::Crypt is running start'
+        if Dir.exist?('./settings') && File.exist?('./settings/private.key') && File.exist?('./settings/public.key')
+          load_keys
+        else
+          delete_keys if Dir.exist? './settings'
+          create_keys
+        end
+        connect_vault
+      end
+      def shutdown
+        shutdown_renewer
+        close_sessions
+      end
+    end
+  end
+end

data/lib/legion/crypt/box.rb ADDED Viewed

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+module Legion
+  module Crypt
+    module Box
+      def create_keys
+        Legion::Logging.debug 'Legion::Crypt::Box.create_keys has been called'
+        @private_key = RbNaCl::PrivateKey.generate
+        @public_key = @private_key.public_key
+        return unless Dir.exist? './settings'
+        File.open('./settings/private.key', 'w').write(@private_key.to_s)
+        File.open('./settings/public.key', 'w').write(@public_key.to_s)
+      end
+      def delete_keys
+        File.delete('./settings/private.key') if File.exist? './settings/private.key'
+        File.delete('./settings/public.key') if File.exist? './settings/public.key'
+      end
+      def load_keys
+        return unless Dir.exist? './settings'
+        @private_key = RbNaCl::PrivateKey.new(File.read('./settings/private.key').force_encoding('BINARY'))
+        @public_key = RbNaCl::PrivateKey.new(File.read('./settings/public.key').force_encoding('BINARY'))
+      end
+      def encrypt_from_keypair(public_key:, message:, **_opts)
+        Legion::Logging.debug('encrypt_from_keypair')
+        Base64.encode64(RbNaCl::SimpleBox.from_keypair(Base64.decode64(public_key), @private_key).encrypt(message))
+      end
+      def decrypt_from_keypair(public_key, enciphered_message)
+        Legion::Logging.debug 'decrypt_from_keypair'
+        RbNaCl::SimpleBox
+          .from_keypair(Base64.decode64(public_key), @private_key)
+          .decrypt(Base64.decode64(enciphered_message))
+      end
+      def encrypt(message)
+        Legion::Logging.debug 'encrypting message'
+        Base64.encode64(@box.encrypt(message))
+      end
+      def decrypt(message)
+        Legion::Logging.debug 'decrypting message'
+        @box.decrypt(Base64.decode64(message))
+      end
+      def setup_safe # rubocop:disable Metrics/CyclomaticComplexity,Metrics/AbcSize,Metrics/PerceivedComplexity
+        Legion::Logging.debug 'Setting up Legion::Crypt safe'
+        if Legion::Settings[:crypt][:cluster_secret].nil?
+          if Legion::Settings[:crypt][:vault][:connected] && Legion::Crypt.exist?('crypt')
+            Legion::Settings[:crypt][:cluster_secret] = Base64.decode64(Legion::Crypt.get('crypt')[:cluster_secret])
+          elsif Legion::Transport::Queue.new('node.crypt', passive: true).consumer_count.zero?
+            Legion::Logging.info 'Legion::Crypt Generating new cluster_secret since this is the first node'
+            Legion::Settings[:crypt][:bootstrapped] = true
+            Legion::Settings[:crypt][:cluster_secret] = RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes)
+            if Legion::Settings[:crypt][:vault][:connected]
+              Legion::Crypt.write('crypt', :cluster_secret, Base64.encode64(Legion::Settings[:crypt][:cluster_secret]))
+            end
+          else
+            require 'legion/transport/messages/request_cluster_secret'
+            Legion::Logging.info 'Requesting cluster secret via public key'
+            start = Time.now
+            Legion::Transport::Messages::RequestClusterSecret.new.publish
+            sleep_time = 0.001
+            until !Legion::Settings[:crypt][:cluster_secret].nil? || (Time.now - start) > Legion::Settings[:crypt][:cluster_secret_timeout]
+              sleep(sleep_time)
+              sleep_time *= 2
+            end
+            unless Legion::Settings[:crypt][:cluster_secret].nil?
+              Legion::Logging.info "Received cluster secret in #{((Time.new - start) * 1000.0).round}ms"
+            end
+            Legion::Logging.warn 'Cluster secret is still nil' if Legion::Settings[:crypt][:cluster_secret].nil?
+          end
+        end
+        @key = Legion::Settings[:crypt][:cluster_secret].to_s
+        @box = RbNaCl::SimpleBox.from_secret_key(@key) unless @key.empty?
+        if !Legion::Settings[:crypt].key?(:encrypted_string) || !Legion::Settings[:crypt].key?(:validation_string)
+          unless Legion::Settings[:crypt][:bootstrapped]
+            Legion::Logging.warn 'Legion::Crypt has been set up but wasn\'t testing with a validation string!'
+          end
+          Legion::Settings[:crypt][:cs_encrypt_ready] = true
+        elsif Legion::Crypt.decrypt(Legion::Settings[:crypt][:encrypted_string]) == Legion::Settings[:crypt][:validation_string]
+          Legion::Logging.info 'Legion::Crypt was set up correctly after string match'
+          Legion::Settings[:crypt][:cs_encrypt_ready] = true
+        else
+          Legion::Logging.fatal 'idk wtf happened'
+        end
+      end
+    end
+  end
+end

data/lib/legion/crypt/settings.rb ADDED Viewed

@@ -0,0 +1,30 @@
+module Legion
+  module Crypt
+    module Settings
+      def self.default
+        {
+          vault:            vault,
+          cs_encrypt_ready: false,
+          dynamic_keys:     true
+        }
+      end
+      def self.vault
+        {
+          enabled:             !Gem::Specification.find_by_name('vault').nil?,
+          protocol:            'http',
+          address:             'localhost',
+          port:                8200,
+          token:               ENV['VAULT_DEV_ROOT_TOKEN_ID'] || ENV['VAULT_TOKEN_ID'] || nil,
+          connected:           false,
+          renewer_time:        5,
+          renewer:             true,
+          push_cluster_secret: false,
+          read_cluster_secret: false
+        }
+      end
+    end
+  end
+end
+Legion::Settings.merge_settings('crypt', Legion::Crypt::Settings.default) if Legion.const_defined?('Settings')

data/lib/legion/crypt/vault.rb ADDED Viewed

@@ -0,0 +1,80 @@
+require 'vault'
+module Legion
+  module Crypt
+    module Vault
+      attr_accessor :sessions
+      def settings
+        Legion::Settings[:crypt][:vault]
+      end
+      def connect_vault # rubocop:disable Metrics/AbcSize
+        @sessions = []
+        ::Vault.address = "#{Legion::Settings[:crypt][:vault][:protocol]}://#{Legion::Settings[:crypt][:vault][:address]}:#{Legion::Settings[:crypt][:vault][:port]}" # rubocop:disable Layout/LineLength
+        Legion::Settings[:crypt][:vault][:token] = ENV['VAULT_DEV_ROOT_TOKEN_ID'] if ENV.key? 'VAULT_DEV_ROOT_TOKEN_ID'
+        return nil if Legion::Settings[:crypt][:vault][:token].nil?
+        ::Vault.token = Legion::Settings[:crypt][:vault][:token]
+        Legion::Settings[:crypt][:vault][:connected] = true if ::Vault.sys.health_status.initialized?
+        return unless Legion.const_defined? 'Extensions::Actors::Every'
+        require_relative 'vault_renewer'
+        @renewer = Legion::Crypt::Vault::Renewer.new
+      end
+      def read(path, type = 'kv-v2')
+        lease = ::Vault.logical.read(type + '/' + path)
+        add_session(path: lease.lease_id) if lease.respond_to? :lease_id
+        lease.data
+      end
+      def get(path)
+        ::Vault.kv('kv-v2').read(path).data
+      end
+      def write(path, key, value)
+        hash = {}
+        hash[key.to_sym] = value
+        ::Vault.kv('kv-v2').write(path, **hash)
+      end
+      def exist?(path)
+        !::Vault.kv('kv-v2').read_metadata(path).nil?
+      end
+      def add_session(path:)
+        @sessions.push(path)
+      end
+      def close_sessions
+        Legion::Logging.info 'Closing all Legion::Crypt vault sessions'
+        @sessions.each do |session|
+          close_session(session: session)
+        end
+      end
+      def shutdown_renewer
+        return unless Legion::Settings[:crypt][:vault][:connected]
+        return if @renewer.nil?
+        Legion::Logging.debug 'Shutdown down Legion::Crypt::Vault::Renewer'
+        @renewer.cancel
+      end
+      def close_session(session:)
+        ::Vault.sys.revoke(session)
+      end
+      def renew_session(session:)
+        ::Vault.sys.renew(session)
+      end
+      def renew_sessions
+        @sessions.each do |session|
+          renew_session(session: session)
+        end
+      end
+    end
+  end
+end

data/lib/legion/crypt/vault_renewer.rb ADDED Viewed

@@ -0,0 +1,29 @@
+require 'legion/extensions/actors/every'
+module Legion
+  module Crypt
+    module Vault
+      class Renewer < Legion::Extensions::Actors::Every
+        def runner_function
+          'renew_sessions'
+        end
+        def klass
+          Legion::Crypt
+        end
+        def time
+          5
+        end
+        def check_subtask?
+          false
+        end
+        def generate_task?
+          false
+        end
+      end
+    end
+  end
+end

data/lib/legion/crypt/version.rb ADDED Viewed

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+module Legion
+  module Crypt
+    VERSION = '0.1.0'
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,209 @@
+--- !ruby/object:Gem::Specification
+name: legion-crypt
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Esity
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2020-03-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rbnacl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: vault
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: legion
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: legion-logging
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+- !ruby/object:Gem::Dependency
+  name: legion-settings
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+- !ruby/object:Gem::Dependency
+  name: legion-transport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Integrates with Hashicorps vault and other encryption type things
+email:
+- matthewdiverson@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".circleci/config.yml"
+- ".gitignore"
+- ".idea/.rakeTasks"
+- ".idea/legion-crypt.iml"
+- ".idea/misc.xml"
+- ".idea/modules.xml"
+- ".idea/vagrant.xml"
+- ".idea/workspace.xml"
+- ".rspec"
+- ".rubocop.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- legion-crypt.gemspec
+- lib/legion/crypt.rb
+- lib/legion/crypt/box.rb
+- lib/legion/crypt/settings.rb
+- lib/legion/crypt/vault.rb
+- lib/legion/crypt/vault_renewer.rb
+- lib/legion/crypt/version.rb
+homepage: https://bitbucket.org/legion-io/legion-vault/
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://bitbucket.org/legion-io/legion-vault/
+  source_code_uri: https://bitbucket.org/legion-io/legion/
+  changelog_uri: https://bitbucket.org/legion-io/legion/src/master/CHANGELOG.md
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.8
+signing_key:
+specification_version: 4
+summary: Legion::Vault is used to keep things safe
+test_files: []