mrf 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/Gemfile +4 -0
- data/Gemfile.lock +44 -0
- data/README.md +55 -0
- data/Rakefile +29 -0
- data/lib/mrf/capistrano.rb +18 -0
- data/lib/mrf/keyring.rb +68 -0
- data/lib/mrf/project.rb +25 -0
- data/lib/mrf/version.rb +3 -0
- data/lib/mrf.rb +4 -0
- data/mrf.gemspec +30 -0
- data/scripts/import_test_keys +5 -0
- data/spec/fixtures/app.yml.gpg +0 -0
- data/spec/fixtures/config/secrets.production.yml.gpg +0 -0
- data/spec/fixtures/config/secrets.sandbox.yml.gpg +0 -0
- data/spec/fixtures/tobias.public.key +20 -0
- data/spec/fixtures/tobias.secret.key +35 -0
- data/spec/mrf/keyring_spec.rb +29 -0
- data/spec/mrf/project_spec.rb +27 -0
- data/spec/spec_helper.rb +19 -0
- metadata +143 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 5fc41767656e9989ea870601651285a29fe56fae
|
4
|
+
data.tar.gz: 309300c96ba06e96bd5f6cd3d4da521b946257ca
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: f03cb839f4233d267a50cdbacaa703a9f99155f198e1e2d12edf389a83dd09677d61c9914827180e750c9e2235498ce02d32aa3a66180277efd655b2a1910699
|
7
|
+
data.tar.gz: df57b7057f34fa6afa6c916fe1e78b218597b390b964466c2d94ff48f5c27c504f7c58476b3b0430fd5bdbba1d529272f87652df1d51d4ff84c0510f57c34ef3
|
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,44 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
mrf (0.0.1)
|
5
|
+
capistrano
|
6
|
+
gpgme
|
7
|
+
|
8
|
+
GEM
|
9
|
+
remote: https://rubygems.org/
|
10
|
+
specs:
|
11
|
+
capistrano (2.15.5)
|
12
|
+
highline
|
13
|
+
net-scp (>= 1.0.0)
|
14
|
+
net-sftp (>= 2.0.0)
|
15
|
+
net-ssh (>= 2.0.14)
|
16
|
+
net-ssh-gateway (>= 1.1.0)
|
17
|
+
diff-lcs (1.2.4)
|
18
|
+
gpgme (2.0.2)
|
19
|
+
highline (1.6.19)
|
20
|
+
net-scp (1.1.2)
|
21
|
+
net-ssh (>= 2.6.5)
|
22
|
+
net-sftp (2.1.2)
|
23
|
+
net-ssh (>= 2.6.5)
|
24
|
+
net-ssh (2.7.0)
|
25
|
+
net-ssh-gateway (1.2.0)
|
26
|
+
net-ssh (>= 2.6.5)
|
27
|
+
rake (10.1.0)
|
28
|
+
rspec (2.14.1)
|
29
|
+
rspec-core (~> 2.14.0)
|
30
|
+
rspec-expectations (~> 2.14.0)
|
31
|
+
rspec-mocks (~> 2.14.0)
|
32
|
+
rspec-core (2.14.5)
|
33
|
+
rspec-expectations (2.14.2)
|
34
|
+
diff-lcs (>= 1.1.3, < 2.0)
|
35
|
+
rspec-mocks (2.14.3)
|
36
|
+
|
37
|
+
PLATFORMS
|
38
|
+
ruby
|
39
|
+
|
40
|
+
DEPENDENCIES
|
41
|
+
bundler
|
42
|
+
mrf!
|
43
|
+
rake
|
44
|
+
rspec
|
data/README.md
ADDED
@@ -0,0 +1,55 @@
|
|
1
|
+
# Mr F
|
2
|
+
|
3
|
+
## For british eyes only
|
4
|
+
|
5
|
+
A libary for uploading gpg secrets with capistrano.
|
6
|
+
|
7
|
+
put your secrets in a gpg encrypted file.
|
8
|
+
In rails the default is `config/secrets.{{Rails.env}}.yml.gpg`
|
9
|
+
|
10
|
+
Then add mrf to you deploy script like this
|
11
|
+
|
12
|
+
```ruby
|
13
|
+
require 'mrf/capistrano'
|
14
|
+
|
15
|
+
after "deploy", "mrf:upload_secrets"
|
16
|
+
```
|
17
|
+
|
18
|
+
This will upload the files listed in secrets to the same folder as your secrets
|
19
|
+
file but on the server.
|
20
|
+
|
21
|
+
## A Example secrets file
|
22
|
+
|
23
|
+
```yaml
|
24
|
+
database.yml:
|
25
|
+
production:
|
26
|
+
adapter: mysql
|
27
|
+
database: my_db
|
28
|
+
username: 0a1cd3bc-96fa-71d1-4338-27092ca4cfa5
|
29
|
+
password: 070f1f0b-2454-3ffa-4aa2-d6e0652d03fe
|
30
|
+
|
31
|
+
other_service.yml:
|
32
|
+
production:
|
33
|
+
password: 115024d2-7c74-326e-c9ec-064f42d08b31
|
34
|
+
username: 1e27a053-60a4-af61-f38d-9f1f123740d6
|
35
|
+
```
|
36
|
+
|
37
|
+
## Configuration
|
38
|
+
|
39
|
+
The above example is the default behavior but you can configure it with `MrF::Project.configure`
|
40
|
+
|
41
|
+
```ruby
|
42
|
+
MrF::Project.configure do |project|
|
43
|
+
project.project_root = Rails.root
|
44
|
+
project.gpg_passphrase = '1234' # default is to ask you for it with the console
|
45
|
+
project.env = 'sandbox' # default is to use MRF_ENV or RAILS_ENV
|
46
|
+
end
|
47
|
+
```
|
48
|
+
|
49
|
+
## Running the specs
|
50
|
+
|
51
|
+
```shell
|
52
|
+
bundle install # install deps
|
53
|
+
./scripts/import_test_keys
|
54
|
+
rake # runs the tests
|
55
|
+
```
|
data/Rakefile
ADDED
@@ -0,0 +1,29 @@
|
|
1
|
+
begin
|
2
|
+
require 'bundler/setup'
|
3
|
+
rescue LoadError
|
4
|
+
puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
|
5
|
+
end
|
6
|
+
|
7
|
+
require 'rdoc/task'
|
8
|
+
|
9
|
+
RDoc::Task.new(:rdoc) do |rdoc|
|
10
|
+
rdoc.rdoc_dir = 'rdoc'
|
11
|
+
rdoc.title = 'MrF'
|
12
|
+
rdoc.options << '--line-numbers'
|
13
|
+
rdoc.rdoc_files.include('README.rdoc')
|
14
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
15
|
+
end
|
16
|
+
|
17
|
+
Bundler::GemHelper.install_tasks
|
18
|
+
|
19
|
+
require 'rake/testtask'
|
20
|
+
|
21
|
+
require 'rspec/core'
|
22
|
+
require 'rspec/core/rake_task'
|
23
|
+
|
24
|
+
RSpec::Core::RakeTask.new do |t|
|
25
|
+
# t.warning = true # We would like to run with warning true, but capybara gives to many warnings.
|
26
|
+
end
|
27
|
+
|
28
|
+
desc "Run all specs in spec directory (excluding plugin specs)"
|
29
|
+
task :default => :spec
|
@@ -0,0 +1,18 @@
|
|
1
|
+
require 'mrf'
|
2
|
+
|
3
|
+
Capistrano::Configuration.instance(:must_exist).load do
|
4
|
+
namespace :mrf do
|
5
|
+
|
6
|
+
desc("Uppload Secrets")
|
7
|
+
task :upload_secrets do
|
8
|
+
secret_path = fetch(:mrf_secrets_path)
|
9
|
+
config_dir = fetch(:mrf_remote_config_dir, File.join(release_path, "config"))
|
10
|
+
|
11
|
+
MrF::Project.new(
|
12
|
+
secrets_path: secret_path
|
13
|
+
).unpack_secrets.each do |filepath, content|
|
14
|
+
upload(content, File.join(config_dir, filepath))
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
data/lib/mrf/keyring.rb
ADDED
@@ -0,0 +1,68 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'bundler'
|
3
|
+
require 'gpgme'
|
4
|
+
require 'yaml'
|
5
|
+
require 'io/console'
|
6
|
+
|
7
|
+
module MrF
|
8
|
+
class Keyring
|
9
|
+
attr_accessor :path, :recipients
|
10
|
+
attr_reader :gpg_passphrase
|
11
|
+
|
12
|
+
def initialize (opts = {})
|
13
|
+
@path = opts.fetch(:path)
|
14
|
+
@gpg_passphrase = opts[:gpg_passphrase]
|
15
|
+
end
|
16
|
+
|
17
|
+
def data
|
18
|
+
return @data if @data
|
19
|
+
if File.exists?(path)
|
20
|
+
raw_text = crypto.decrypt(File.open(path), passphrase_callback: method(:passfunc))
|
21
|
+
@data = YAML.load(raw_text.to_s)
|
22
|
+
else
|
23
|
+
@data = {}
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
def passfunc (obj, uid_hint, passphrase_info, prev_was_bad, fd)
|
28
|
+
# Use known passphrase when given
|
29
|
+
if @gpg_passphrase
|
30
|
+
io = IO.for_fd(fd, 'w')
|
31
|
+
io.puts(@gpg_passphrase)
|
32
|
+
io.flush
|
33
|
+
return
|
34
|
+
end
|
35
|
+
|
36
|
+
# Try from keychain
|
37
|
+
key_id = passphrase_info.split(' ').first
|
38
|
+
key_id = uid_hint[/<[^<>]*>$/].tr("<>", "")
|
39
|
+
dump = `security -q find-generic-password -s "gpg-#{key_id}" -g 2>&1`
|
40
|
+
password = dump[/password: "(.*)"/, 1]
|
41
|
+
|
42
|
+
if password
|
43
|
+
io = IO.for_fd(fd, 'w')
|
44
|
+
io.puts(password)
|
45
|
+
io.flush
|
46
|
+
return
|
47
|
+
end
|
48
|
+
|
49
|
+
# Prompt user
|
50
|
+
begin
|
51
|
+
console = IO.console
|
52
|
+
console.write("Passphrase for #{uid_hint}: ")
|
53
|
+
console.noecho do |noecho|
|
54
|
+
io = IO.for_fd(fd, 'w')
|
55
|
+
io.puts(noecho.gets)
|
56
|
+
io.flush
|
57
|
+
end
|
58
|
+
console.puts
|
59
|
+
ensure
|
60
|
+
(0 ... $_.length).each do |i| $_[i] = ?0 end if $_
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
def crypto
|
65
|
+
@crypto ||= GPGME::Crypto.new
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
data/lib/mrf/project.rb
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'yaml'
|
2
|
+
module MrF
|
3
|
+
class Project
|
4
|
+
attr_accessor :gpg_passphrase
|
5
|
+
attr_accessor :secrets_path
|
6
|
+
|
7
|
+
def initialize (opts={})
|
8
|
+
@secrets_path = opts.fetch(:secrets_path)
|
9
|
+
@gpg_passphrase = opts.fetch(:gpg_passphrase, nil)
|
10
|
+
end
|
11
|
+
|
12
|
+
def unpack_secrets
|
13
|
+
raise "File not found: #{secrets_path}" unless File.exists?(secrets_path)
|
14
|
+
keyring = Keyring.new(
|
15
|
+
path: secrets_path,
|
16
|
+
gpg_passphrase: gpg_passphrase
|
17
|
+
)
|
18
|
+
|
19
|
+
keyring.data.reduce({}) do |acc, (filename, data)|
|
20
|
+
content = StringIO.new(YAML.dump(data))
|
21
|
+
acc.merge(filename => content)
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
data/lib/mrf/version.rb
ADDED
data/lib/mrf.rb
ADDED
data/mrf.gemspec
ADDED
@@ -0,0 +1,30 @@
|
|
1
|
+
# -*- coding: utf-8 -*-
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'mrf/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "mrf"
|
8
|
+
spec.author = 'PugglePay Dev'
|
9
|
+
spec.version = MrF::VERSION
|
10
|
+
spec.summary = "Rails Application Secrets With GPG"
|
11
|
+
spec.description = "Rails Application Secrets With GPG"
|
12
|
+
spec.homepage = "https://github.com/pugglepay/mrf"
|
13
|
+
spec.license = "MIT"
|
14
|
+
spec.authors = ["Patrik Kårlin", "Jean-Louis Giordano", "Magnus Rex"]
|
15
|
+
spec.email = ["dev@pugglepay.com"]
|
16
|
+
|
17
|
+
spec.files = `git ls-files`.split($/)
|
18
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
19
|
+
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
20
|
+
spec.require_paths = ["lib"]
|
21
|
+
|
22
|
+
spec.required_ruby_version = '>= 1.9.3'
|
23
|
+
|
24
|
+
spec.add_dependency "gpgme"
|
25
|
+
spec.add_dependency "capistrano"
|
26
|
+
|
27
|
+
spec.add_development_dependency "bundler"
|
28
|
+
spec.add_development_dependency "rake"
|
29
|
+
spec.add_development_dependency 'rspec'
|
30
|
+
end
|
Binary file
|
Binary file
|
Binary file
|
@@ -0,0 +1,20 @@
|
|
1
|
+
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
2
|
+
Version: GnuPG v1.4.14 (Darwin)
|
3
|
+
|
4
|
+
mI0EUjhKkQEEALty6UZG8oUDqahv3TaLy7iKuDWNg/ha0kO00ygxsKOEuuMTeSBn
|
5
|
+
wj1/TGloEVnaQe4Pk6btcfXDU5D0bkQWIMFF4JOh77HPsYu0W4n+UPAtgtUcmJnI
|
6
|
+
9Ao6/riRnwX7Trd2vyPY2vIGEqIm9xMgXaXQtawjg6R9ugsBNU5S7VOrABEBAAG0
|
7
|
+
LVRvYmlhcyBGdW5rZSAoTXIgRikgPHRvYmlhc0BibHVlbWFuZ3JvdXAub3JnPoi4
|
8
|
+
BBMBAgAiBQJSOEqRAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBxhAM8
|
9
|
+
CRq3AUuzA/sEhWJXT73oS8pVQsZG0c87a9mKXsBH5YvwESTbZsaUWYaNHEFiZ+zh
|
10
|
+
NObMk874pKmVKCwDP+F5eXIpiUcvcKAzTUZSLTSCqmpn6mkyG+CzmXmBiZOj2zaK
|
11
|
+
4i42LUQXI0t/6hzAyAG0RCbbLOOFGpI6rhpMhuP68buxgZE3JESxlriNBFI4SpEB
|
12
|
+
BAC/vA4rhjxY/oKZi6niddzPSofRxvnSCt731sOG1uPVBQeMa9oboAbjKoeb5Rry
|
13
|
+
b6anotzGTYhFnoBw9OXa+3vygOql9D5U4JeIaL4VNhv9gyp98FwJgRY/GPfMtRgo
|
14
|
+
jxt3uvj3mZM73k5jW8lihS7pyUoG6LrxKUURFNyWmze3dQARAQABiJ8EGAECAAkF
|
15
|
+
AlI4SpECGwwACgkQcYQDPAkatwF6uQP9HlGTIqLwrin7Nfh1Jg/+L0+Etl5U/S2M
|
16
|
+
JiPjx5MmDXt+fIVt4rpXBnfRswrtVgEnM8IJ7NrnFOJmUEAL8EHJFmJIZZMSJ5zp
|
17
|
+
TjLoZKmR2Lx9atanwqQWEeb3K+ImTRSnyD1AujdrVbZ6DMPkJ5RU9JjEQiPsWAQw
|
18
|
+
Df1TFjBUAG8=
|
19
|
+
=i+s/
|
20
|
+
-----END PGP PUBLIC KEY BLOCK-----
|
@@ -0,0 +1,35 @@
|
|
1
|
+
-----BEGIN PGP PRIVATE KEY BLOCK-----
|
2
|
+
Version: GnuPG v1.4.14 (Darwin)
|
3
|
+
|
4
|
+
lQH+BFI4SpEBBAC7culGRvKFA6mob902i8u4irg1jYP4WtJDtNMoMbCjhLrjE3kg
|
5
|
+
Z8I9f0xpaBFZ2kHuD5Om7XH1w1OQ9G5EFiDBReCToe+xz7GLtFuJ/lDwLYLVHJiZ
|
6
|
+
yPQKOv64kZ8F+063dr8j2NryBhKiJvcTIF2l0LWsI4OkfboLATVOUu1TqwARAQAB
|
7
|
+
/gMDAremiA+pJjFcYPk8Ox0ynig50LCn1QuTja77+/ZjGoYsO9e7l11/6YcAGSb6
|
8
|
+
e6zKkQqiSXUOLS912pRQk976Xl0mXLzQCLEufkdooh9SrQjfRoZVulwIjtrJj/CC
|
9
|
+
r4iCSFyilrZOeSNIVGMXjkvSykHkiKc8XJiC3iXvaZa9nxJZOfvCVOW80NaNwDEv
|
10
|
+
h7a1va+vlQAtlkiplXt/n2Y+4TfY2PjZnBC2hXn7FRxj45upOxuTo1B4RSEiN+8q
|
11
|
+
IP3jbBSeq11Z7KMJXH/mEKRdjdxSFql9gnhX3XvWMifTULbw5ynur8ZKc8J99kGU
|
12
|
+
/NYEo197z5KjvG5iBlHgiv7tGQOcpETaN635X2er95itKwdOhda0chJY2u4TybSn
|
13
|
+
ali2e6GVk0qFmv5Q74I/j/YqzCX02K1LOkVsWvFS+7LE/tZejtovFSv8bTnXrxTa
|
14
|
+
Q4lEjfIKPXH1Ckw08mLx2FtpQYbSdIrGLZxPmfMsKXH2tC1Ub2JpYXMgRnVua2Ug
|
15
|
+
KE1yIEYpIDx0b2JpYXNAYmx1ZW1hbmdyb3VwLm9yZz6IuAQTAQIAIgUCUjhKkQIb
|
16
|
+
AwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQcYQDPAkatwFLswP7BIViV0+9
|
17
|
+
6EvKVULGRtHPO2vZil7AR+WL8BEk22bGlFmGjRxBYmfs4TTmzJPO+KSplSgsAz/h
|
18
|
+
eXlyKYlHL3CgM01GUi00gqpqZ+ppMhvgs5l5gYmTo9s2iuIuNi1EFyNLf+ocwMgB
|
19
|
+
tEQm2yzjhRqSOq4aTIbj+vG7sYGRNyREsZadAf0EUjhKkQEEAL+8DiuGPFj+gpmL
|
20
|
+
qeJ13M9Kh9HG+dIK3vfWw4bW49UFB4xr2hugBuMqh5vlGvJvpqei3MZNiEWegHD0
|
21
|
+
5dr7e/KA6qX0PlTgl4hovhU2G/2DKn3wXAmBFj8Y98y1GCiPG3e6+PeZkzveTmNb
|
22
|
+
yWKFLunJSgbouvEpRREU3JabN7d1ABEBAAH+AwMCt6aID6kmMVxgiqLxlLOL1l53
|
23
|
+
erOOeSIUMkGG9odtsVNCk/Ot/5nhMGbolZ5tZlCoatwC3T3ZBSbKG6pElTb53sXn
|
24
|
+
ORGRUPD/bUxDHLe+6jF8BuW0l/SkpBQ2265MTyF9EQE59JVibm+75nHhA8DZzUaz
|
25
|
+
fkKNXcEqQaB2oiBVD+BH5Io51aUFtZTcahSUtK+2GK1IKiSfRA/kF8ZkbjXMURcY
|
26
|
+
qil68hGVR6CNXgoCtbDK5TFueGiGu+p9lsrMexmvp+zxPtpQN+ewaWsIajfpcXPg
|
27
|
+
evl/Vw/5v/IPMJPMG3qiqZTEPaf/NWdO+wkCd1Q0CsIMiYQbBQmXgh7YOxK5y62q
|
28
|
+
J7biPD+G2txFWT1xlDjW9FTIiTp0vOvpD4YQ/ehxyhWgMmDHoSb6ed5pLpAiLkgb
|
29
|
+
/1TNVkdeigkRdO/2nu92uLMENJP2QSGKEH0cX5ao8jmiRz84T69pgOH9nyQeyy1C
|
30
|
+
pSpEQlhITl0m/YifBBgBAgAJBQJSOEqRAhsMAAoJEHGEAzwJGrcBerkD/R5RkyKi
|
31
|
+
8K4p+zX4dSYP/i9PhLZeVP0tjCYj48eTJg17fnyFbeK6VwZ30bMK7VYBJzPCCeza
|
32
|
+
5xTiZlBAC/BByRZiSGWTEiec6U4y6GSpkdi8fWrWp8KkFhHm9yviJk0Up8g9QLo3
|
33
|
+
a1W2egzD5CeUVPSYxEIj7FgEMA39UxYwVABv
|
34
|
+
=NGkh
|
35
|
+
-----END PGP PRIVATE KEY BLOCK-----
|
@@ -0,0 +1,29 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'io/console'
|
3
|
+
|
4
|
+
|
5
|
+
module MrF
|
6
|
+
describe Keyring do
|
7
|
+
it "can get retrive data from keyring" do
|
8
|
+
keyring = Keyring.new(
|
9
|
+
path: fixture_path('app.yml.gpg'),
|
10
|
+
gpg_passphrase: '1234'
|
11
|
+
)
|
12
|
+
|
13
|
+
expect(keyring.data).to eq('production' => { 'secret' => 'hello' })
|
14
|
+
end
|
15
|
+
|
16
|
+
it "can retrive passphrase from console if no passphrase is given" do
|
17
|
+
console = double("IO::Console")
|
18
|
+
expect(console).to receive(:write).with(
|
19
|
+
"Passphrase for EEF971D578000737 Tobias Funke (Mr F) <tobias@bluemangroup.org>: "
|
20
|
+
)
|
21
|
+
expect(console).to receive(:noecho).and_yield(double("FD", gets: "1234"))
|
22
|
+
expect(console).to receive(:puts)
|
23
|
+
expect(IO).to receive("console").and_return(console)
|
24
|
+
|
25
|
+
keyring = Keyring.new(path: fixture_path('app.yml.gpg'))
|
26
|
+
expect(keyring.data).to eq('production' => { 'secret' => 'hello' })
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module MrF
|
4
|
+
describe Project do
|
5
|
+
before do
|
6
|
+
@project = Project.new(
|
7
|
+
secrets_path: fixture_path("config/secrets.production.yml.gpg"),
|
8
|
+
gpg_passphrase: '1234'
|
9
|
+
)
|
10
|
+
end
|
11
|
+
|
12
|
+
it "can unpack secrets" do
|
13
|
+
files = @project.unpack_secrets
|
14
|
+
|
15
|
+
expect(YAML.load(files["database.yml"].string)).
|
16
|
+
to eq("production" => {"host" => "some_host"})
|
17
|
+
|
18
|
+
expect(YAML.load(files["app.yml"].string)).
|
19
|
+
to eq("production" => {"password" => "some_password"})
|
20
|
+
end
|
21
|
+
|
22
|
+
it "raises error if file does not exist" do
|
23
|
+
@project.secrets_path = "not_found"
|
24
|
+
expect { @project.unpack_secrets }.to raise_error
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
require 'rspec/autorun'
|
2
|
+
|
3
|
+
require_relative '../lib/mrf'
|
4
|
+
|
5
|
+
# Load support files
|
6
|
+
Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
|
7
|
+
|
8
|
+
RSpec.configure do |config|
|
9
|
+
config.mock_with :rspec
|
10
|
+
config.order = "random"
|
11
|
+
end
|
12
|
+
|
13
|
+
def fixture_path (path)
|
14
|
+
File.join(File.dirname(__FILE__), "fixtures/#{path}")
|
15
|
+
end
|
16
|
+
|
17
|
+
def fixture (path)
|
18
|
+
File.read(fixture_path(path))
|
19
|
+
end
|
metadata
ADDED
@@ -0,0 +1,143 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: mrf
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.2
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Patrik Kårlin
|
8
|
+
- Jean-Louis Giordano
|
9
|
+
- Magnus Rex
|
10
|
+
autorequire:
|
11
|
+
bindir: bin
|
12
|
+
cert_chain: []
|
13
|
+
date: 2013-09-23 00:00:00.000000000 Z
|
14
|
+
dependencies:
|
15
|
+
- !ruby/object:Gem::Dependency
|
16
|
+
name: gpgme
|
17
|
+
requirement: !ruby/object:Gem::Requirement
|
18
|
+
requirements:
|
19
|
+
- - '>='
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '0'
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
requirements:
|
26
|
+
- - '>='
|
27
|
+
- !ruby/object:Gem::Version
|
28
|
+
version: '0'
|
29
|
+
- !ruby/object:Gem::Dependency
|
30
|
+
name: capistrano
|
31
|
+
requirement: !ruby/object:Gem::Requirement
|
32
|
+
requirements:
|
33
|
+
- - '>='
|
34
|
+
- !ruby/object:Gem::Version
|
35
|
+
version: '0'
|
36
|
+
type: :runtime
|
37
|
+
prerelease: false
|
38
|
+
version_requirements: !ruby/object:Gem::Requirement
|
39
|
+
requirements:
|
40
|
+
- - '>='
|
41
|
+
- !ruby/object:Gem::Version
|
42
|
+
version: '0'
|
43
|
+
- !ruby/object:Gem::Dependency
|
44
|
+
name: bundler
|
45
|
+
requirement: !ruby/object:Gem::Requirement
|
46
|
+
requirements:
|
47
|
+
- - '>='
|
48
|
+
- !ruby/object:Gem::Version
|
49
|
+
version: '0'
|
50
|
+
type: :development
|
51
|
+
prerelease: false
|
52
|
+
version_requirements: !ruby/object:Gem::Requirement
|
53
|
+
requirements:
|
54
|
+
- - '>='
|
55
|
+
- !ruby/object:Gem::Version
|
56
|
+
version: '0'
|
57
|
+
- !ruby/object:Gem::Dependency
|
58
|
+
name: rake
|
59
|
+
requirement: !ruby/object:Gem::Requirement
|
60
|
+
requirements:
|
61
|
+
- - '>='
|
62
|
+
- !ruby/object:Gem::Version
|
63
|
+
version: '0'
|
64
|
+
type: :development
|
65
|
+
prerelease: false
|
66
|
+
version_requirements: !ruby/object:Gem::Requirement
|
67
|
+
requirements:
|
68
|
+
- - '>='
|
69
|
+
- !ruby/object:Gem::Version
|
70
|
+
version: '0'
|
71
|
+
- !ruby/object:Gem::Dependency
|
72
|
+
name: rspec
|
73
|
+
requirement: !ruby/object:Gem::Requirement
|
74
|
+
requirements:
|
75
|
+
- - '>='
|
76
|
+
- !ruby/object:Gem::Version
|
77
|
+
version: '0'
|
78
|
+
type: :development
|
79
|
+
prerelease: false
|
80
|
+
version_requirements: !ruby/object:Gem::Requirement
|
81
|
+
requirements:
|
82
|
+
- - '>='
|
83
|
+
- !ruby/object:Gem::Version
|
84
|
+
version: '0'
|
85
|
+
description: Rails Application Secrets With GPG
|
86
|
+
email:
|
87
|
+
- dev@pugglepay.com
|
88
|
+
executables: []
|
89
|
+
extensions: []
|
90
|
+
extra_rdoc_files: []
|
91
|
+
files:
|
92
|
+
- Gemfile
|
93
|
+
- Gemfile.lock
|
94
|
+
- README.md
|
95
|
+
- Rakefile
|
96
|
+
- lib/mrf.rb
|
97
|
+
- lib/mrf/capistrano.rb
|
98
|
+
- lib/mrf/keyring.rb
|
99
|
+
- lib/mrf/project.rb
|
100
|
+
- lib/mrf/version.rb
|
101
|
+
- mrf.gemspec
|
102
|
+
- scripts/import_test_keys
|
103
|
+
- spec/fixtures/app.yml.gpg
|
104
|
+
- spec/fixtures/config/secrets.production.yml.gpg
|
105
|
+
- spec/fixtures/config/secrets.sandbox.yml.gpg
|
106
|
+
- spec/fixtures/tobias.public.key
|
107
|
+
- spec/fixtures/tobias.secret.key
|
108
|
+
- spec/mrf/keyring_spec.rb
|
109
|
+
- spec/mrf/project_spec.rb
|
110
|
+
- spec/spec_helper.rb
|
111
|
+
homepage: https://github.com/pugglepay/mrf
|
112
|
+
licenses:
|
113
|
+
- MIT
|
114
|
+
metadata: {}
|
115
|
+
post_install_message:
|
116
|
+
rdoc_options: []
|
117
|
+
require_paths:
|
118
|
+
- lib
|
119
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
120
|
+
requirements:
|
121
|
+
- - '>='
|
122
|
+
- !ruby/object:Gem::Version
|
123
|
+
version: 1.9.3
|
124
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
125
|
+
requirements:
|
126
|
+
- - '>='
|
127
|
+
- !ruby/object:Gem::Version
|
128
|
+
version: '0'
|
129
|
+
requirements: []
|
130
|
+
rubyforge_project:
|
131
|
+
rubygems_version: 2.1.3
|
132
|
+
signing_key:
|
133
|
+
specification_version: 4
|
134
|
+
summary: Rails Application Secrets With GPG
|
135
|
+
test_files:
|
136
|
+
- spec/fixtures/app.yml.gpg
|
137
|
+
- spec/fixtures/config/secrets.production.yml.gpg
|
138
|
+
- spec/fixtures/config/secrets.sandbox.yml.gpg
|
139
|
+
- spec/fixtures/tobias.public.key
|
140
|
+
- spec/fixtures/tobias.secret.key
|
141
|
+
- spec/mrf/keyring_spec.rb
|
142
|
+
- spec/mrf/project_spec.rb
|
143
|
+
- spec/spec_helper.rb
|