leml 0.2.1 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/leml/core.rb +16 -11
- data/lib/leml/railtie.rb +6 -4
- data/lib/leml/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 913c8d2ba0a5f32857a5bb0b466d6db9e7ef5f82
|
|
4
|
+
data.tar.gz: 7f51e64db3ed5f14319285c7e326cb897540b45e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f996e75582e56862e5fb12e866f3859fe40ce5b21d548bc158aaca3c79a5313032a84e8e11b1935e3113a716d35cdaf3e74c3155ade90f24677207969bedd095
|
|
7
|
+
data.tar.gz: 26a42abf97b4c94ae195a36dad613414e978b0e1830b7e3497321be0b829862e0bb0b4ad3a7e3680bbaca7d456d828de4257ac367af45593af2000dbf26588b1
|
data/lib/leml/core.rb
CHANGED
|
@@ -67,10 +67,11 @@ module Leml
|
|
|
67
67
|
raise NoLemlKeyError if @key.blank?
|
|
68
68
|
@encryptor = ActiveSupport::MessageEncryptor.new(@key, cipher: 'aes-256-cbc')
|
|
69
69
|
@secrets = YAML.load_file(SECRETS)
|
|
70
|
+
@previous_key_hash = {}
|
|
70
71
|
end
|
|
71
72
|
|
|
72
73
|
def merge_secrets
|
|
73
|
-
return unless @key.present? && File.
|
|
74
|
+
return unless @key.present? && File.exist?(SECRETS)
|
|
74
75
|
Rails.application.secrets.merge!(decrypt(@secrets)[Rails.env].deep_symbolize_keys) if @secrets
|
|
75
76
|
end
|
|
76
77
|
|
|
@@ -91,32 +92,36 @@ module Leml
|
|
|
91
92
|
|
|
92
93
|
private
|
|
93
94
|
|
|
94
|
-
def encrypt(raw_secret_hash)
|
|
95
|
+
def encrypt(raw_secret_hash, key_prefix = '')
|
|
95
96
|
raw_secret_hash.map do |key, value|
|
|
97
|
+
key_prefix = "#{key_prefix}_#{key}"
|
|
96
98
|
[
|
|
97
99
|
key,
|
|
98
|
-
value.kind_of?(Hash) ? encrypt(value) : encrypt_value(value)
|
|
100
|
+
value.kind_of?(Hash) ? encrypt(value, key_prefix) : encrypt_value(value, key_prefix)
|
|
99
101
|
]
|
|
100
102
|
end.to_h
|
|
101
103
|
end
|
|
102
104
|
|
|
103
|
-
def decrypt(secret_hash)
|
|
105
|
+
def decrypt(secret_hash, key_prefix = '')
|
|
104
106
|
secret_hash.map do |key, value|
|
|
107
|
+
key_prefix = "#{key_prefix}_#{key}"
|
|
105
108
|
[
|
|
106
109
|
key,
|
|
107
|
-
value.kind_of?(Hash) ? decrypt(value) : decrypt_value(value)
|
|
110
|
+
value.kind_of?(Hash) ? decrypt(value, key_prefix) : decrypt_value(value, key_prefix)
|
|
108
111
|
]
|
|
109
112
|
end.to_h
|
|
110
113
|
end
|
|
111
114
|
|
|
112
|
-
def encrypt_value(value)
|
|
113
|
-
@encryptor.encrypt_and_sign(value)
|
|
115
|
+
def encrypt_value(value, key_hash)
|
|
116
|
+
@previous_key_hash.dig(key_hash, :raw) == value ? @previous_key_hash.dig(key_hash, :encrypted) : @encryptor.encrypt_and_sign(value)
|
|
114
117
|
rescue ActiveSupport::MessageVerifier::InvalidSignature
|
|
115
118
|
raise InvalidLemlKey
|
|
116
119
|
end
|
|
117
120
|
|
|
118
|
-
def decrypt_value(value)
|
|
119
|
-
@encryptor.decrypt_and_verify(value)
|
|
121
|
+
def decrypt_value(value, key_hash)
|
|
122
|
+
raw_value = @encryptor.decrypt_and_verify(value)
|
|
123
|
+
@previous_key_hash[key_hash] = {raw: raw_value, encrypted: value}
|
|
124
|
+
raw_value
|
|
120
125
|
rescue ActiveSupport::MessageVerifier::InvalidSignature
|
|
121
126
|
raise InvalidLemlKey
|
|
122
127
|
end
|
|
@@ -129,8 +134,8 @@ module Leml
|
|
|
129
134
|
|
|
130
135
|
def create_decrypted_tmp_file(dir)
|
|
131
136
|
file = File.join(dir, 'tmp_leml.yml')
|
|
132
|
-
File.open(file, 'w') do |
|
|
133
|
-
|
|
137
|
+
File.open(file, 'w') do |fd|
|
|
138
|
+
fd.puts(decrypt(@secrets).to_yaml) if @secrets
|
|
134
139
|
end
|
|
135
140
|
file
|
|
136
141
|
end
|
data/lib/leml/railtie.rb
CHANGED
|
@@ -2,10 +2,12 @@ require 'rails/railtie'
|
|
|
2
2
|
|
|
3
3
|
module Leml
|
|
4
4
|
class Railtie < Rails::Railtie
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
5
|
+
unless ARGV.include? 'leml:init'
|
|
6
|
+
initializer 'leml.merge_secrets' do
|
|
7
|
+
config.before_initialize do
|
|
8
|
+
require 'leml/core'
|
|
9
|
+
Leml::Core.new.merge_secrets
|
|
10
|
+
end
|
|
9
11
|
end
|
|
10
12
|
end
|
|
11
13
|
|
data/lib/leml/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: leml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- onunu
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-10-
|
|
11
|
+
date: 2017-10-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|