lockness 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: ced30afb2d1a4d26bb196185016fd0913b8060f521c3649e42b141ca1661455d
+  data.tar.gz: 76087b974b7b737a97f16d104aa8c8ad36c04c041051023acd4adf30339f5ddd
+SHA512:
+  metadata.gz: 298e8af1e29199c2ad2b10c7d57f3fd579b978de8d49daf503e6b2103c41b29c59c10b33d1bf2c6a18ff53190d8b14c443c2d25cdeffce83c711985fbeeefac1
+  data.tar.gz: 98672ecc736d01b2ed521b3e57cc83180789531e5c6f142c3372fd7565c58dcbdbe212811ecb436e4d18d68f834e2b6f7a785e76733c2ebc90f96bd1bd19f99d

data/.gitignore

@@ -0,0 +1 @@
+*.gem

data/.rubocop.yml

@@ -0,0 +1,140 @@
+AllCops:
+  TargetRubyVersion: 3.0.2
+  NewCops: enable
+
+Gemspec/RequiredRubyVersion:
+  Enabled: false
+
+Layout/EmptyLinesAroundExceptionHandlingKeywords:
+  Enabled: false
+
+Layout/FirstArrayElementIndentation:
+  Enabled: false
+
+Layout/HashAlignment:
+  EnforcedColonStyle: table
+  EnforcedHashRocketStyle: table
+
+Layout/EmptyLinesAroundClassBody:
+  EnforcedStyle: empty_lines_except_namespace
+
+Layout/EmptyLinesAroundModuleBody:
+  EnforcedStyle: empty_lines_except_namespace
+
+Layout/ExtraSpacing:
+  ForceEqualSignAlignment: true
+
+Layout/LineLength:
+  Enabled: false
+
+Layout/SpaceAroundMethodCallOperator:
+  Enabled: true
+
+Lint/RaiseException:
+  Enabled: true
+
+Lint/StructNewOverride:
+  Enabled: true
+
+Layout/SpaceInLambdaLiteral:
+  EnforcedStyle: require_space
+
+Lint/RescueException:
+  Enabled: false
+
+Lint/ToJSON:
+  Enabled: false
+
+Lint/UnusedMethodArgument:
+  AutoCorrect: false
+
+Metrics/AbcSize:
+  Enabled: false
+
+Metrics/BlockLength:
+  Enabled: false
+
+Metrics/ClassLength:
+  Enabled: false
+
+Metrics/CyclomaticComplexity:
+  Enabled: false
+
+Metrics/MethodLength:
+  Enabled: false
+
+Metrics/ModuleLength:
+  Enabled: false
+
+Metrics/PerceivedComplexity:
+  Enabled: false
+
+Metrics/ParameterLists:
+  Enabled: false
+
+Naming/AccessorMethodName:
+  Enabled: false
+
+Naming/RescuedExceptionsVariableName:
+  Enabled: false
+
+Naming/VariableNumber:
+  Enabled: false
+
+Style/CaseEquality:
+  Enabled: false
+
+Style/ClassAndModuleChildren:
+  Enabled: false
+
+Style/ClassVars:
+  Enabled: false
+
+Style/Documentation:
+  Enabled: false
+
+Style/EmptyMethod:
+  Enabled: true
+  EnforcedStyle: expanded
+
+Style/FormatString:
+  Enabled: false
+
+Style/FormatStringToken:
+  Enabled: false
+
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
+Style/ExponentialNotation:
+  Enabled: true
+
+Style/HashEachMethods:
+  Enabled: true
+
+Style/HashTransformKeys:
+  Enabled: true
+
+Style/HashTransformValues:
+  Enabled: true
+
+Style/GlobalVars:
+  Enabled: false
+
+Style/IfUnlessModifier:
+  Enabled: false
+
+Style/MutableConstant:
+  Enabled: false
+
+Style/NumericLiterals:
+  Enabled: false
+
+Style/NumericPredicate:
+  Enabled: false
+
+Style/RedundantAssignment:
+  Enabled: false
+
+Style/StabbyLambdaParentheses:
+  EnforcedStyle: require_no_parentheses

data/Gemfile

@@ -0,0 +1,5 @@
+source 'https://rubygems.org'
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,68 @@
+PATH
+  remote: .
+  specs:
+    lockness (0.1.0)
+      activesupport (~> 7.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (7.0.3)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    ast (2.4.2)
+    coderay (1.1.3)
+    concurrent-ruby (1.1.10)
+    i18n (1.10.0)
+      concurrent-ruby (~> 1.0)
+    interesting_methods (0.1.2)
+    method_source (1.0.0)
+    minitest (5.15.0)
+    parallel (1.22.1)
+    parser (3.1.2.0)
+      ast (~> 2.4.1)
+    pry (0.14.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    regexp_parser (2.5.0)
+    rexml (3.2.5)
+    rubocop (1.30.0)
+      parallel (~> 1.10)
+      parser (>= 3.1.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.18.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.18.0)
+      parser (>= 3.1.1.0)
+    rubocop-minitest (0.20.0)
+      rubocop (>= 0.90, < 2.0)
+    rubocop-rake (0.6.0)
+      rubocop (~> 1.0)
+    ruby-progressbar (1.11.0)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (2.1.0)
+
+PLATFORMS
+  x86_64-darwin-20
+
+DEPENDENCIES
+  bundler (~> 2.3)
+  interesting_methods (~> 0.1)
+  lockness!
+  minitest (~> 5.15)
+  pry (~> 0.14)
+  rake (~> 13.0)
+  rubocop (~> 1.30)
+  rubocop-minitest (~> 0.20)
+  rubocop-rake (~> 0.6)
+
+BUNDLED WITH
+   2.3.3

data/README.md

@@ -0,0 +1,3 @@
+# Lockness
+
+TODO

data/Rakefile

@@ -0,0 +1,10 @@
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.libs << 'lib'
+  t.test_files = FileList['test/**/*_test.rb']
+end
+
+task default: :test

data/bin/lockness

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+
+require 'active_support/all'
+require 'base64'
+require 'digest/sha2'
+require 'openssl'
+require 'securerandom'
+require 'tempfile'
+
+lib_file_glob = "#{__dir__}/../lib/**/*.rb"
+
+Dir.glob(lib_file_glob).each do |file|
+  require_relative file
+end
+
+Lockness.start

data/lib/lockness/content.rb

@@ -0,0 +1,38 @@
+module Lockness
+  class Content
+
+    attr_reader :secret_file,
+                :message_encryptor,
+                :encrypted
+
+    def initialize
+      @secret_file       = SecretFile.new
+      @message_encryptor = ActiveSupport::MessageEncryptor.new(MasterKey.new.read)
+      @encrypted         = secret_file.read
+    end
+
+    def plain
+      message_encryptor.decrypt_and_verify(encrypted)
+    end
+
+    def update(new_plain_content)
+      ensure_content(new_plain_content)
+
+      encrypted_content = message_encryptor.encrypt_and_sign(new_plain_content)
+
+      secret_file.save(encrypted_content)
+    end
+
+    private
+
+    def ensure_content(new_plain_content)
+      return if new_plain_content.present?
+
+      puts 'No content provided.'
+      puts 'Aborting!'
+
+      exit 1
+    end
+
+  end
+end

data/lib/lockness/edit.rb

@@ -0,0 +1,53 @@
+module Lockness
+  class Edit
+
+    attr_reader :secret_file,
+                :content,
+                :temp_file
+
+    def initialize
+      @secret_file = SecretFile.new
+      @content     = Content.new
+      @temp_file   = Tempfile.new
+    end
+
+    def edit
+      ensure_temp_file_deleted
+
+      if secret_file.exist?
+        edit_existing
+      else
+        edit_new
+      end
+
+      puts "File saved: #{secret_file.encrypted_path}"
+    end
+
+    private
+
+    def edit_new
+      open_temp_file_in_editor
+      plain_content = temp_file.read
+      content.update(plain_content)
+    end
+
+    def edit_existing
+      temp_file.write(content.plain)
+      temp_file.close
+      open_temp_file_in_editor
+      plain_content = File.read(temp_file.path)
+      content.update(plain_content)
+    end
+
+    def open_temp_file_in_editor
+      `#{ENV.fetch('EDITOR')} #{temp_file.path}`
+    end
+
+    def ensure_temp_file_deleted
+      at_exit do
+        temp_file.unlink
+      end
+    end
+
+  end
+end

data/lib/lockness/ensure_master_key_git_ignored.rb

@@ -0,0 +1,29 @@
+module Lockness
+  class EnsureMasterKeyGitIgnored
+
+    def ensure_master_key_git_ignored
+      master_key = MasterKey.new
+
+      return unless git_repo?
+      return unless master_key.exist?
+      return if ignored_files.include?('master.key')
+
+      puts "You must git ignore #{master_key.path} to use lockness."
+
+      exit 1
+    end
+
+    def ignored_files
+      files = `git status --short --ignored`
+
+      files.split("\n")
+           .select { |status_line| status_line.starts_with?('!!') }
+           .map    { |status_line| status_line.split.last }
+    end
+
+    def git_repo?
+      `git -C #{Dir.pwd} rev-parse 2>/dev/null; echo $?`.chomp == '0'
+    end
+
+  end
+end

data/lib/lockness/help.rb

@@ -0,0 +1,20 @@
+module Lockness
+  module Help
+
+    def self.show
+      puts help
+    end
+
+    def self.help
+      <<~HELP
+        USAGE:
+
+        lockness init                 # generates a master.key
+        lockness edit  <filename>     # create or edit a new file
+        lockness show  <filename>     # view an encrypted file
+        lockness                      # show this help
+      HELP
+    end
+
+  end
+end

data/lib/lockness/master_key.rb

@@ -0,0 +1,48 @@
+module Lockness
+  class MasterKey
+
+    def read
+      ensure_exists
+
+      File.read(path)
+    end
+
+    def generate
+      ensure_does_not_exist
+
+      master_key = SecureRandom.hex
+
+      File.write(path, master_key)
+
+      puts "Generated master key and saved at #{path}"
+    end
+
+    def path
+      "#{Dir.pwd}/master.key"
+    end
+
+    def exist?
+      File.exist?(path)
+    end
+
+    private
+
+    def ensure_exists
+      return if exist?
+
+      puts "Expected to find #{path}"
+      puts 'Run `lockness init` to generate a master.key'
+      exit 1
+    end
+
+    def ensure_does_not_exist
+      return unless exist?
+
+      puts "Master key already exists at #{path}!"
+      puts 'Please delete and try again'
+
+      exit 1
+    end
+
+  end
+end

data/lib/lockness/secret_file.rb

@@ -0,0 +1,49 @@
+module Lockness
+  class SecretFile
+
+    attr_reader :path
+
+    def initialize
+      @path = build_path
+    end
+
+    def exist?
+      File.exist?(encrypted_path)
+    end
+
+    def unencrypted_path
+      path.chomp('.enc')
+    end
+
+    def encrypted_path
+      if path.ends_with?('.enc')
+        path
+      else
+        "#{path}.enc"
+      end
+    end
+
+    def read
+      return unless exist?
+
+      File.read(encrypted_path)
+    end
+
+    def save(encrypted_content)
+      File.write(encrypted_path, encrypted_content)
+    end
+
+    private
+
+    def build_path
+      path_arg = ARGV.last
+
+      if path_arg.starts_with?('/')
+        path_arg
+      else
+        File.join(Dir.pwd, path_arg)
+      end
+    end
+
+  end
+end

data/lib/lockness/show.rb

@@ -0,0 +1,21 @@
+module Lockness
+  class Show
+
+    attr_reader :secret_file
+
+    def initialize
+      @secret_file = SecretFile.new
+    end
+
+    def show
+      if secret_file.exist?
+        puts Content.new.plain
+      else
+        puts "No file at #{secret_file.encrypted_path}"
+
+        exit 1
+      end
+    end
+
+  end
+end

data/lib/lockness/version.rb

@@ -0,0 +1,5 @@
+module Lockness
+
+  VERSION = '0.1.0'
+
+end

data/lib/lockness.rb

@@ -0,0 +1,20 @@
+module Lockness
+
+  def self.start
+    EnsureMasterKeyGitIgnored.new.ensure_master_key_git_ignored
+
+    if ARGV.first == 'init' && ARGV.count == 1
+      MasterKey.new.generate
+    elsif ARGV.first == 'edit' && ARGV.count == 2
+      Edit.new.edit
+    elsif ARGV.first == 'show' && ARGV.count == 2
+      Show.new.show
+    elsif ARGV.first == 'help' && ARGV.count == 1 || ARGV.none?
+      Help.show
+    else
+      puts "Unable to process arguments: '#{ARGV.join(' ')}'"
+      exit 1
+    end
+  end
+
+end

data/lockness.gemspec

@@ -0,0 +1,29 @@
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+require 'lockness/version'
+
+Gem::Specification.new do |spec|
+  spec.name                              = 'lockness'
+  spec.authors                           = ['Sean Lerner']
+  spec.email                             = ['sean@@smallcity.ca']
+  spec.files                             = `git ls-files`.split.reject { |f| f.match('test') }
+  spec.homepage                          = 'https://github.com/seanlerner/lockness'
+  spec.license                           = 'MIT'
+  spec.metadata['rubygems_mfa_required'] = 'true'
+  spec.require_paths                     = ['lib']
+  spec.summary                           = 'Manage encrypted secrets'
+  spec.version                           = Lockness::VERSION
+  spec.executables                      << 'lockness'
+
+  spec.add_dependency 'activesupport', '~> 7.0'
+
+  spec.add_development_dependency 'bundler',             '~> 2.3'
+  spec.add_development_dependency 'interesting_methods', '~> 0.1'
+  spec.add_development_dependency 'minitest',            '~> 5.15'
+  spec.add_development_dependency 'pry',                 '~> 0.14'
+  spec.add_development_dependency 'rake',                '~> 13.0'
+  spec.add_development_dependency 'rubocop',             '~> 1.30'
+  spec.add_development_dependency 'rubocop-minitest',    '~> 0.20'
+  spec.add_development_dependency 'rubocop-rake',        '~> 0.6'
+end

metadata

@@ -0,0 +1,188 @@
+--- !ruby/object:Gem::Specification
+name: lockness
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Sean Lerner
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2022-05-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: interesting_methods
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.15'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.15'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.14'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.14'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.30'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.30'
+- !ruby/object:Gem::Dependency
+  name: rubocop-minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.20'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.20'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+description:
+email:
+- sean@@smallcity.ca
+executables:
+- lockness
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rubocop.yml"
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- bin/lockness
+- lib/lockness.rb
+- lib/lockness/content.rb
+- lib/lockness/edit.rb
+- lib/lockness/ensure_master_key_git_ignored.rb
+- lib/lockness/help.rb
+- lib/lockness/master_key.rb
+- lib/lockness/secret_file.rb
+- lib/lockness/show.rb
+- lib/lockness/version.rb
+- lockness.gemspec
+homepage: https://github.com/seanlerner/lockness
+licenses:
+- MIT
+metadata:
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.3
+signing_key:
+specification_version: 4
+summary: Manage encrypted secrets
+test_files: []