muchsecrets 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +19 -0
  3. data/README.md +66 -0
  4. data/lib/muchsecrets.rb +3 -0
  5. data/lib/muchsecrets/secret.rb +38 -0
  6. metadata +48 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 639350be4d0bce627d623560089b2cc2997657be
4
+ data.tar.gz: 523849a5697680c7edf53de4978e52d6bde445de
5
+ SHA512:
6
+ metadata.gz: f3a45736a0d5a015e5abc406dae0808f1e0805777509e3c4ec26cbb3ce78778a3626487711c5050c9a11f85dc11eb0661acc0f980bd5dc11881ac922c822d950
7
+ data.tar.gz: 55e41eab84259fa263f20a22fc1b8010b8c7a7f78ac5eff811869b39ef0159f20f5aa4e051339c91dfb600e2e23928d7858bf70dc3aefa7248c2f4afb8b2fcf8
data/LICENSE ADDED
@@ -0,0 +1,19 @@
1
+ The MIT License
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining a copy
4
+ of this software and associated documentation files (the "Software"), to deal
5
+ in the Software without restriction, including without limitation the rights
6
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7
+ copies of the Software, and to permit persons to whom the Software is
8
+ furnished to do so, subject to the following conditions:
9
+
10
+ The above copyright notice and this permission notice shall be included in
11
+ all copies or substantial portions of the Software.
12
+
13
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,66 @@
1
+ [![license](http://img.shields.io/badge/license-MIT-red.svg?style=flat)](https://raw.githubusercontent.com/poblahblahblah/muchsecrets/master/LICENSE)
2
+
3
+ **MuchSecrets** is a poorly named gem that handles encrypting and decrypting secrets to/from consul.
4
+
5
+ What's this useful for? Pulling encrypted secrets from [Consul](https://consul.io/), for one. Do you have multiple applications that need to fetch and decrypt secrets? Use a separate key pair for each application. Or not.
6
+
7
+ ## Setting up your keypairs ##
8
+
9
+ 1. create a passwordless keypair
10
+ ```bash
11
+ :$ openssl req -new -newkey rsa:4096 -nodes -x509 -keyout application.pem -out application.pem
12
+ ````
13
+
14
+ 2. store your private key some place safe
15
+
16
+ ## Usage ##
17
+
18
+ To encrypt a string:
19
+ ```ruby
20
+ require 'muchsecrets'
21
+ wow = MuchSecrets::Secret.new(:public_key => 'application.pem')
22
+ wow.encrypt_string("such_privacy")
23
+ # => "-----BEGIN PKCS7-----
24
+ MIIDIgYJKoZIhvcNAQcDoIIDEzCCAw8CAQAxggLNMIICyQIBADCBsDCBojELMAkG
25
+ A1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxHjAc
26
+ BgNVBAoTFUdvbGRzdGFyIEV2ZW50cywgSW5jLjETMBEGA1UECxMKT3BlcmF0aW9u
27
+ czEZMBcGA1UEAxMQd3d3LmdvbGRzdGFyLmNvbTEfMB0GCSqGSIb3DQEJARYQb3Bz
28
+ QGdvbGRzdGFyLmNvbQIJANt3J781eLGXMA0GCSqGSIb3DQEBAQUABIICACCoyYVm
29
+ 3moYb3hZCl9fjgLRAzr1aW6mVGCbmRcHuJf/sFD91tBFG7i0/pHctvDtRKBMugER
30
+ Te0GMKghfPkQwbg6f2ksmsmJe0np4rx9RT28ZMl3ME6ywucxI3/2Qv8DfBW1QM+I
31
+ Erwrzw678PKDZygwriDJ+mCDbDB4i/J7jFHG6mjIeV9KilFnCW1M3h54N76+zjds
32
+ 1wu4vQlG5x1F3zaJ/uDOTw4NbUBA3TGvTsWsPBQA86dbVjeONA7EEeIG4/pFINhe
33
+ qnMiii5zUpXymuM10vkjRWf081PH/V4Xc0LK93Ic5p5otO2kZTZfMFLMKxNTHlmP
34
+ /Bu+8kC2af6qXfGQZOYSZdU7/WDeo55xzC89lkN9q5Um1SrdUPIwUu7633/Mn9DJ
35
+ WHNad6ZIZdVHzA04u9OE0peR8aPb157PsU8OOWvtH22jAg9f60+qiCMaT+JSK4c2
36
+ VN81q1PL9jRfed48sz0fox/abCF14+oLEnWkU1yvToYFUD1kzmFgr4BApxIctM6B
37
+ COFy9Fxhwkznn5Xd7nH9ZAPB/t+pntgeLH65rqqAxgYovsw2hpXQKtiGdZlcpjH5
38
+ vobT/ULI+8xdBfzwR4sOZ1LCwwwMZuSqtaRRsJGkwCk1qmcfpt52VyWerCLYO/Z/
39
+ UYSWV18rcuBtpg0vnD8KbfUNI8K6Qggt2a+dMDkGCSqGSIb3DQEHATAdBglghkgB
40
+ ZQMEASwEEMVOg3shVq9U1O7CzSDJfSyADex+cL6h7RnV1tRwDqI=
41
+ -----END PKCS7-----"
42
+ ```
43
+
44
+ Push the encrypted string to consul.
45
+
46
+ To decrypt a raw key value from consul:
47
+ ```ruby
48
+ require 'muchsecrets'
49
+ wow = MuchSecrets::Secret.new(:public_key => 'application.pem', :private_key => 'application.pem')
50
+ super_secret = wow.get_http_secret('notprod/github_api_key/encrypted?raw')
51
+ # => "such_privacy"
52
+ ```
53
+
54
+ ## To Do ##
55
+
56
+ * come up with less awful method names
57
+ * write tests
58
+ * be able to encrypt and POST to consul
59
+ * more security
60
+
61
+ ## Please Note ##
62
+
63
+ I am not a security expert. If something I am doing is terribly wrong please let me know!
64
+
65
+ ## Contributors ##
66
+
data/lib/muchsecrets.rb ADDED
@@ -0,0 +1,3 @@
1
+ #require "goldstar/notifications/version"
2
+ require "muchsecrets/secret"
3
+
data/lib/muchsecrets/secret.rb ADDED
@@ -0,0 +1,38 @@
1
+ module MuchSecrets
2
+ class Secret
3
+ require 'openssl'
4
+ require 'net/http'
5
+
6
+ def initialize(options = {})
7
+ @private_key = options[:private_key]
8
+ @public_key = options[:public_key]
9
+ @base_url = options[:base_url] || "http://consul:8500/v1/kv"
10
+ @cipher = OpenSSL::Cipher.new(options[:cipher] || "AES-256-CFB")
11
+ end
12
+
13
+ def get_http_secret(uri)
14
+ encrypted_secret = fetch_encrypted_http_secret(uri)
15
+ return decrypt_string(encrypted_secret)
16
+ end
17
+
18
+ def encrypt_string(val)
19
+ cert = OpenSSL::X509::Certificate.new(File.read(@public_key))
20
+ return OpenSSL::PKCS7::encrypt([cert], val, @cipher, OpenSSL::PKCS7::BINARY)
21
+ end
22
+
23
+ private
24
+
25
+ def fetch_encrypted_http_secret(uri)
26
+ # get the secret from the http endpoint
27
+ uri = File.join(@base_url, uri)
28
+ return Net::HTTP.get(URI(uri)).chomp
29
+ end
30
+
31
+ def decrypt_string(val)
32
+ cert = OpenSSL::X509::Certificate.new(File.read(@public_key))
33
+ key = OpenSSL::PKey::RSA.new(File.read(@private_key))
34
+ return OpenSSL::PKCS7.new(val).decrypt(key, cert)
35
+ end
36
+ end
37
+ end
38
+
metadata ADDED
@@ -0,0 +1,48 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: muchsecrets
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.2
5
+ platform: ruby
6
+ authors:
7
+ - Pat O'Brien
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2015-03-13 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: handles encrypting and decrypting secrets to/from consul.
14
+ email:
15
+ - muchsecrets@tetrisbocks.net
16
+ executables: []
17
+ extensions: []
18
+ extra_rdoc_files: []
19
+ files:
20
+ - lib/muchsecrets/secret.rb
21
+ - lib/muchsecrets.rb
22
+ - LICENSE
23
+ - README.md
24
+ homepage: http://github.com/poblahblahblah/muchsecrets
25
+ licenses:
26
+ - MIT
27
+ metadata: {}
28
+ post_install_message:
29
+ rdoc_options: []
30
+ require_paths:
31
+ - lib
32
+ required_ruby_version: !ruby/object:Gem::Requirement
33
+ requirements:
34
+ - - '>='
35
+ - !ruby/object:Gem::Version
36
+ version: '0'
37
+ required_rubygems_version: !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - '>='
40
+ - !ruby/object:Gem::Version
41
+ version: '0'
42
+ requirements: []
43
+ rubyforge_project:
44
+ rubygems_version: 2.0.14
45
+ signing_key:
46
+ specification_version: 4
47
+ summary: much secrets, such security
48
+ test_files: []