nimbussecure 0.5.1 → 0.5.2

Sign up to get free protection for your applications and to get access to all the features.
data/README.md CHANGED
@@ -1,47 +1,60 @@
1
1
  # Nimbus Secure Store Client
2
2
  This gem provides the functionality required to talk to the Nimbus Secure
3
3
  service.
4
- Nimbus Secure is a service that provides highly encrypted storage of
5
- keys, passwords, tokens, and other private information necessary for running
6
- an application.
7
- For instance, you may store database credentials, service credentials,
4
+
5
+ Nimbus Secure is a service that provides your web application with just-in-time access
6
+ to the credentials and other sensitive data your application needs to operate,
7
+ without exposing those credentials to inappropriate outside access.
8
+
9
+ Examples of sensitive data you can store includes database credentials, service credentials,
8
10
  session cookie encryption keys, AWS keys, and other sensitive information
9
11
  without fear of them being stolen or accessible from any unauthorized
10
12
  individual.
11
- The data is stored encrypted, and the encryption keys are not communicated
12
- to the Nimbus Secure, meaning no one other than you may have access
13
- to this secure information.
13
+
14
+ Nimbus Secure stores your sensitive data encrypted using an encryption key,
15
+ and provides an API for your application to get access to the credentials in a safe and secure manner.
16
+ No one who has access to your application, even your application source code, needs access to your
17
+ production secret credentials. Nimbus Secure makes sure that only your application,
18
+ and those you specifically authorize, have access.
19
+
20
+ Security is essential to us, so you never have to send your unencrypted sensitive data, or your
21
+ encryption key to Nimbus Secure for any reason. All encryption and decryption occurs in your personal
22
+ web browser when you are accessing your data via our web site, and inside your
23
+ application when you are accessing your data via this gem from your application.
14
24
 
15
25
  # The Service
16
26
  To use this Gem, you must sign up for the service by visiting
17
- www.nimbus secure.com and signing up for an account. Both
27
+ www.nimbussecure.com and signing up for an account. Both
18
28
  paid and free accounts are available.
19
29
 
20
- Once you sign up for the service, you create crypt keys, which are
30
+ Once you sign up for the service, you create encryption keys, which are
21
31
  secured tokens used to encrypt and decrypt the data you store within
22
- the service. While you set up the crypt keys from the service
23
- website, the crypt keys themselves are never sent to our servers,
32
+ the service. While you set up the encryption keys from the service
33
+ website, the encryption keys themselves are never sent to our servers,
24
34
  only you and anyone or system you authorize by giving them your
25
- crypt key will have access to the stored data within the service.
35
+ encryption key will have access to the stored data within the service.
36
+ Within our service, we refer to your encryption key via a unique human
37
+ readable identifier you assign to your encryption keys.
26
38
 
27
- You may create as many crypt keys as you desire. Typically, one per
39
+ You may create as many encryption keys as you desire. Typically, one per
28
40
  service or system is a good choice. Additionally, you can add new
29
- crypt keys and roll your data over to use a new crypt key very
30
- easily in order to increase your security (key rotation). Each crypt
41
+ encryption keys and roll your data over to use a new encryption key very
42
+ easily in order to increase your security (key rotation). Each encryption
31
43
  key has a name for easy identification, and we store a salted digest
32
- of the key itself to verify correctness when it is provided.
44
+ of the key itself to verify correctness when it is used.
33
45
 
34
- Once your crypt keys are setup, you then enter all your sensitive data
35
- as "stored keys". Stored keys are encrypted using your specified
36
- crypt_keys before they are uploaded to our servers.
46
+ Once your encryption keys are setup, you then enter all your sensitive data
47
+ as "stored data". Stored data is encrypted using your specified
48
+ encryption keys *before* they are uploaded to our servers.
37
49
 
38
- For security purposes, anytime the website or this Gem require a
39
- crypt key, it must be provided by you (the user of the website or Gem),
40
- and the value provided is checked against a stored signed digest
41
- for valdity before it is used to perform the requested encryption/decryption.
50
+ For security purposes, anytime the website or this Gem require an
51
+ encryption key (in order to encrypt or decrypt your sensitive data),
52
+ it must be provided by you (the user of the website or your application configuration
53
+ using the gem). The value provided is checked against a stored signed digest
54
+ for validity before it is used to perform the requested encryption/decryption.
42
55
  The requested encryption/decryption occurs entirely within the client's
43
56
  computer (user's browser for the website, application server for users
44
- of the Gem), and is never communicated with Nimbus Secure directly.
57
+ of the gem), and is never communicated with Nimbus Secure directly.
45
58
 
46
59
  # Using the Secured Data
47
60
  Once you have your data uploaded to your service, you can then
@@ -50,33 +63,36 @@ interface (or command line) to download and decrypt the stored
50
63
  credential so you may use it within your application.
51
64
 
52
65
  # Needed Credentials
53
- In order to use this Gem, you need two pieces of secure information.
66
+ In order to use this gem, you need two pieces of secure information besides the name of your account.
54
67
  The first is an API key that provides access to the API and allows
55
68
  you to access your online account. You can create an API key by
56
69
  logging into the service.
57
70
 
58
- The second is the crypt key that you created above that is used
71
+ The second is the encryption key that you created above that is used
59
72
  to encrypt/decrypt your stored data. If you used more than one key,
60
73
  then you will need all the encrypted keys.
61
74
 
62
- Typically, you store these two pieces of information outside of your
63
- application source repository itself, and only provide them to your
64
- application during application startup (typically via ENVIRONMENT
65
- variables or other boot parameters). That way, you do not have
75
+ This information is stored in a configuration file on the computer
76
+ that will be using the gem. Typically, the configuration file is
77
+ stored outside of your application source repository, and is only
78
+ available on your application server to users with trusted access
79
+ to those servers. You do not typically need access to this file in order
80
+ to deploy or update your application, such as by using tools such
81
+ as Capistrano. That way, you do not have
66
82
  to share the credentials or persist them source repository.
67
83
 
68
- Given these two pieces of information, this Gem, and the properly
84
+ Given this configuration file and this gem, and the properly
69
85
  setup service, you can dynamically grab all your sensitive credentials
70
86
  and data needed to run your application. This typically happens during
71
87
  your application boot up process.
72
88
 
73
- # Setup
89
+ # Quick Setup
74
90
  For a complete set of instructions on how to setup and use Nimbus Secure,
75
91
  please go to https://www.nimbussecure.com, login, and click on "Instructions"
76
92
  in the top menu bar.
77
93
 
78
94
  # Command Line
79
- You must complete the set of instructions under 'Setup' above for this to work
95
+ You must complete the set of instructions under 'Quick Setup' above for this to work
80
96
  properly.
81
97
 
82
98
  Once ready, you can do things like this:
@@ -85,8 +101,8 @@ Once ready, you can do things like this:
85
101
 
86
102
  will return a list of information about your account.
87
103
 
88
- Assuming you have a stored key with a name "testmessage" setup, with an approprate encryption key.
89
- Then the following can be used to retrieve and decrypt a stored key:
104
+ Assuming you have setup a stored key with the name "testmessage" and an appropriate encryption key,
105
+ then the following can be used to retrieve and decrypt the stored key:
90
106
 
91
107
  nimbussecure lookup testmessage
92
108
 
@@ -96,8 +112,8 @@ The decrypted value in the stored key will be sent to stdout.
96
112
  You must complete the set of instructions under 'Setup' above for this to work
97
113
  properly.
98
114
 
99
- Assuming you have a stored key with a name "testmessage" setup, with an approprate encryption key.
100
- Then the following can be used to retrieve and decrypt a stored key:
115
+ Assuming you have setup a stored key with the name "testmessage" and an appropriate encryption key,
116
+ then the following can be used to retrieve and decrypt the stored key:
101
117
 
102
118
  require 'nimbussecure'
103
119
  stored_value=nimbussecure.lookup_value "testmessage"
@@ -19,6 +19,7 @@ Where:
19
19
  <value> is the specific value being encrypted and stored.
20
20
 
21
21
  Config File
22
+ -----------
22
23
  The config file should look like the following:
23
24
  ================
24
25
  account: myacct
@@ -39,9 +40,9 @@ NOTE:
39
40
  You can find your API Key by clicking on \"API Keys\" when you are logged into
40
41
  the Nimbus Secure website.
41
42
  crypt_keys:
42
- This is a set of key/value pairs. The key is the name as defined in your
43
- Nimbus Secure \"Encryption Keys\" section, and the value is the secret value
44
- you used when you created your encryption key.
43
+ This is a set of key/value pairs. The key is the name as defined in the
44
+ Nimbus Secure \"Encryption Keys\" section of the website, and the value is
45
+ the secret value you used when you created your encryption key.
45
46
 
46
47
  Version: #{NimbusSecure::VERSION}
47
48
  "
@@ -81,8 +82,8 @@ def account
81
82
  begin
82
83
  account=keystore.account
83
84
  puts " Name: #{account.name}"
84
- puts " # Crypt Keys: #{account.num_crypt_keys}"
85
- puts " # Stored Keys: #{account.num_stored_keys}"
85
+ puts " # Encryption Keys: #{account.num_crypt_keys}"
86
+ puts " # Stored Values: #{account.num_stored_keys}"
86
87
  rescue => error
87
88
  puts "Error: #{error}"
88
89
  end
@@ -13,7 +13,7 @@ Usage:
13
13
  nimbussecure_setup <account_id> <apikey> [filename]
14
14
 
15
15
  This program will generate a default ~/.nimbussecure.yml file for use by the Nimbus Secure
16
- Gem. It will fill in all the basic information needed, and will access Nimbus Secure to get
16
+ gem. It will fill in all the basic information needed, and will access Nimbus Secure to get
17
17
  a complete list of your encryption keys, adding a line for each.
18
18
 
19
19
  See https://www.nimbussecure.com for more information.
@@ -1,3 +1,3 @@
1
1
  class NimbusSecure
2
- VERSION = "0.5.1"
2
+ VERSION = "0.5.2"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nimbussecure
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.1
4
+ version: 0.5.2
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,11 +9,11 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-08-03 00:00:00.000000000 Z
12
+ date: 2012-08-05 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rspec
16
- requirement: &70345215642340 !ruby/object:Gem::Requirement
16
+ requirement: !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,10 +21,15 @@ dependencies:
21
21
  version: '0'
22
22
  type: :development
23
23
  prerelease: false
24
- version_requirements: *70345215642340
24
+ version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
26
+ requirements:
27
+ - - ! '>='
28
+ - !ruby/object:Gem::Version
29
+ version: '0'
25
30
  - !ruby/object:Gem::Dependency
26
31
  name: vcr
27
- requirement: &70345215641920 !ruby/object:Gem::Requirement
32
+ requirement: !ruby/object:Gem::Requirement
28
33
  none: false
29
34
  requirements:
30
35
  - - ! '>='
@@ -32,10 +37,15 @@ dependencies:
32
37
  version: '0'
33
38
  type: :development
34
39
  prerelease: false
35
- version_requirements: *70345215641920
40
+ version_requirements: !ruby/object:Gem::Requirement
41
+ none: false
42
+ requirements:
43
+ - - ! '>='
44
+ - !ruby/object:Gem::Version
45
+ version: '0'
36
46
  - !ruby/object:Gem::Dependency
37
47
  name: fakeweb
38
- requirement: &70345215641480 !ruby/object:Gem::Requirement
48
+ requirement: !ruby/object:Gem::Requirement
39
49
  none: false
40
50
  requirements:
41
51
  - - ! '>='
@@ -43,10 +53,15 @@ dependencies:
43
53
  version: '0'
44
54
  type: :development
45
55
  prerelease: false
46
- version_requirements: *70345215641480
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ none: false
58
+ requirements:
59
+ - - ! '>='
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
47
62
  - !ruby/object:Gem::Dependency
48
63
  name: faraday
49
- requirement: &70345215641000 !ruby/object:Gem::Requirement
64
+ requirement: !ruby/object:Gem::Requirement
50
65
  none: false
51
66
  requirements:
52
67
  - - ! '>='
@@ -54,10 +69,15 @@ dependencies:
54
69
  version: '0'
55
70
  type: :runtime
56
71
  prerelease: false
57
- version_requirements: *70345215641000
72
+ version_requirements: !ruby/object:Gem::Requirement
73
+ none: false
74
+ requirements:
75
+ - - ! '>='
76
+ - !ruby/object:Gem::Version
77
+ version: '0'
58
78
  - !ruby/object:Gem::Dependency
59
79
  name: gibberish
60
- requirement: &70345215640540 !ruby/object:Gem::Requirement
80
+ requirement: !ruby/object:Gem::Requirement
61
81
  none: false
62
82
  requirements:
63
83
  - - ! '>='
@@ -65,7 +85,12 @@ dependencies:
65
85
  version: '0'
66
86
  type: :runtime
67
87
  prerelease: false
68
- version_requirements: *70345215640540
88
+ version_requirements: !ruby/object:Gem::Requirement
89
+ none: false
90
+ requirements:
91
+ - - ! '>='
92
+ - !ruby/object:Gem::Version
93
+ version: '0'
69
94
  description: Client library for NimbusSecure
70
95
  email:
71
96
  - lee@nimbussecure.com
@@ -121,7 +146,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
121
146
  version: '0'
122
147
  requirements: []
123
148
  rubyforge_project: nimbussecure
124
- rubygems_version: 1.8.15
149
+ rubygems_version: 1.8.24
125
150
  signing_key:
126
151
  specification_version: 3
127
152
  summary: Client library for NimbusSecure