opensecret 0.0.2 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +4 -0
  3. data/README.md +2 -2
  4. data/bin/opensecret +3 -6
  5. data/lib/opensecret-domain.ini +23 -0
  6. data/lib/opensecret.rb +30 -2
  7. data/lib/opensecret/additions/array.rb +117 -0
  8. data/lib/opensecret/additions/dir.rb +35 -0
  9. data/lib/opensecret/additions/string.rb +312 -0
  10. data/lib/opensecret/commons/eco.cmdline.rb +446 -0
  11. data/lib/opensecret/commons/eco.faculty.rb +364 -0
  12. data/lib/opensecret/commons/eco.system.rb +437 -0
  13. data/lib/opensecret/commons/eco.systems.rb +98 -0
  14. data/lib/opensecret/{safe.rb → delegate.rb} +4 -2
  15. data/lib/opensecret/eco.do.rb +46 -0
  16. data/lib/opensecret/executors/crypt.keys/crypt.keys.ini +79 -0
  17. data/lib/opensecret/executors/crypt.keys/crypt.keys.rb +68 -0
  18. data/lib/opensecret/executors/decrypt/decrypt.ini +64 -0
  19. data/lib/opensecret/executors/decrypt/decrypt.rb +49 -0
  20. data/lib/opensecret/executors/encrypt/encrypt.ini +55 -0
  21. data/lib/opensecret/executors/encrypt/encrypt.rb +82 -0
  22. data/lib/opensecret/factbase/hub-runtime.ini +123 -0
  23. data/lib/opensecret/factbase/known-hosts.ini +75 -0
  24. data/lib/opensecret/factbase/published.facts/blobbolicious-facts.ini +553 -0
  25. data/lib/opensecret/factbase/published.facts/credential-facts.ini +40 -0
  26. data/lib/opensecret/factbase/published.facts/infrastructure-facts.ini +63 -0
  27. data/lib/opensecret/factbase/readme.md +24 -0
  28. data/lib/opensecret/factbase/retired.facts/maven.database.ide.facts.ini +127 -0
  29. data/lib/opensecret/factbase/retired.facts/s3-upload-block-facts.ini +17 -0
  30. data/lib/opensecret/plugins.io/cipher/crypto.rb +174 -0
  31. data/lib/opensecret/plugins.io/error/eco.exceptions.rb +24 -0
  32. data/lib/opensecret/plugins.io/facts/fact.chars.rb +66 -0
  33. data/lib/opensecret/plugins.io/facts/fact.factor.rb +156 -0
  34. data/lib/opensecret/plugins.io/facts/fact.locator.rb +105 -0
  35. data/lib/opensecret/plugins.io/facts/fact.reader.rb +137 -0
  36. data/lib/opensecret/plugins.io/facts/fact.tree.rb +661 -0
  37. data/lib/opensecret/plugins.io/file/file.rb +483 -0
  38. data/lib/opensecret/plugins.io/git/git.flow.rb +388 -0
  39. data/lib/opensecret/plugins.io/logs/log.object.rb +89 -0
  40. data/lib/opensecret/plugins.io/logs/logging.rb +203 -0
  41. data/lib/opensecret/plugins.io/time/time.stamp.rb +425 -0
  42. data/lib/opensecret/version.rb +2 -2
  43. data/opensecret.gemspec +8 -13
  44. metadata +68 -18
@@ -1,9 +1,11 @@
1
1
 
2
2
  module OpenSecret
3
3
 
4
- class Safe
4
+ class Delegate
5
5
 
6
- def verbose_lock
6
+ def command
7
+
8
+ return "hello world"
7
9
 
8
10
  time = Time.now
9
11
  minute = time.min
@@ -0,0 +1,46 @@
1
+ #!/usr/bin/ruby
2
+
3
+ require 'pp'
4
+ require 'json'
5
+ require 'inifile'
6
+ require 'singleton'
7
+ require 'filesize'
8
+ require 'tmpdir'
9
+ require 'base64'
10
+ require 'date'
11
+ require 'etc'
12
+ require 'optparse'
13
+ require 'securerandom'
14
+ require 'digest'
15
+ require 'net/http'
16
+ require 'net/ssh'
17
+ require 'net/scp'
18
+ require 'aws-sdk'
19
+ require 'aws-sdk-resources'
20
+ require 'nokogiri'
21
+ require 'openssl'
22
+ require 'io/console'
23
+
24
+ # --
25
+ # -- Require modules that read config and require modules
26
+ # --
27
+ require_relative '../iaas.tool.collection/user.home'
28
+ require_relative '../iaas.tool.collection/throw.error'
29
+ require_relative '../iaas.tool.collection/ruby.require'
30
+ require_relative '../reusable.classes/logs/logging'
31
+
32
+
33
+ # --
34
+ # -- Flush logs destined for STDOUT immediately.
35
+ # -- Do not wait for a full cache or script end.
36
+ # --
37
+ $stdout.sync = true
38
+
39
+ include Logging
40
+
41
+ log.debug(ere) { "Require of ruby modules has been completed." }
42
+
43
+ EcoSystems.create
44
+
45
+ exit
46
+
@@ -0,0 +1,79 @@
1
+ [crypt.keys]
2
+
3
+ min.passwd.len = e>> 16
4
+ nickname = godzilla
5
+ root.domain = devopswiki.co.uk
6
+ env.var.name = SECRET_MATERIAL
7
+ ratio = e>> 3
8
+ bit.key.size = e>> 8192
9
+ key.cipher = e>> OpenSSL::Cipher.new 'AES-128-CBC'
10
+ secret.keyname = e>> @s[:nickname] + dot + @s[:root_domain] + dot + @f[:time][:stamp] + ".txt"
11
+ secret.keydir = e>> @f[@i[:workstation]][:secrets_dir]
12
+ secret.keypath = e>> File.join @s[:secret_keydir], @s[:secret_keyname]
13
+
14
+ repo.name = material_data
15
+ local.gitrepo = e>> File.join @i[:dir], @s[:repo_name]
16
+ public.gitrepo = https://www.eco-platform.co.uk/content/material.data.git
17
+ public.dirname = public_keys
18
+
19
+ public.keyroute = e>> File.join @s[:root_domain], @s[:public_dirname]
20
+ public.keydir = e>> File.join @s[:local_gitrepo], @s[:public_keyroute]
21
+ public.keyname = e>> "public_key." + @s[:nickname] + dot + @s[:root_domain] + ".txt"
22
+ public.keypath = e>> File.join @s[:public_keydir], @s[:public_keyname]
23
+
24
+ prompt.1 = Enter a Robust Password
25
+ prompt.2 = Re-enter that Password
26
+
27
+ #--
28
+ #-- ------------------------------------------
29
+ #-- How to Add the Secret Material on Windows
30
+ #-- ------------------------------------------
31
+ #--
32
+ #-- Check that the variable is not set.
33
+ #-- $ set
34
+ #--
35
+ #-- Run the commands below and then acquire another
36
+ #-- command prompt or emacs/cygwin window.
37
+ #--
38
+ #-- $ setx SECRET_MATERIAL ABC123
39
+ #-- $ set
40
+ #--
41
+ #-- Check (with last command) on new prompt that the
42
+ #-- environment variable is now set.
43
+ #--
44
+ #-- ----------------------------------------
45
+ #-- How to Add the Secret Material (Linux)
46
+ #-- ----------------------------------------
47
+ #--
48
+ #-- Check that the variable is not set.
49
+ #-- $ printenv | sort
50
+ #--
51
+ #-- Run the commands below and then reboot.
52
+ #-- (Ensure that the whole disk is encrypted so that the
53
+ #-- /etc/environment file cannot be accessed if your desktop
54
+ #-- or laptop is stolen.
55
+ #--
56
+ #-- $ sudo chmod 666 /etc/environment
57
+ #-- $ sudo echo "SECRET_MATERIAL=ABC123" >> /etc/environment
58
+ #-- $ sudo chmod 644 /etc/environment
59
+ #-- $ printenv | sort
60
+ #--
61
+ #-- Check (with last command) after the reboot to ensure
62
+ #-- that the environment variable is now set.
63
+ #--
64
+ #-- ---------------------------------------------------
65
+ #-- How to TEMPORARILY Add the Secret Material (Linux)
66
+ #-- ---------------------------------------------------
67
+ #--
68
+ #-- Check that the variable is not set.
69
+ #-- $ printenv | sort
70
+ #--
71
+ #-- We are only adding for the session (perhaps to test it)
72
+ #-- therefore we simply export. On closing the shell the
73
+ #-- environment variable will be gone.
74
+ #--
75
+ #-- $ export SECRET_MATERIAL=ABC123
76
+ #-- $ printenv | sort
77
+ #--
78
+ #-- Now the environment variable should be temporarily set.
79
+ #--
@@ -0,0 +1,68 @@
1
+ #!/usr/bin/ruby
2
+
3
+ # --
4
+ # -- This plugin creates cryptographic keys, installs them and then messages
5
+ # -- and notifies as required.
6
+ # --
7
+ # -- Input
8
+ # --
9
+ # -- [1] - memorable portion of password
10
+ # -- [2] - memorable password entered again for validation
11
+ # --
12
+ # -- Output
13
+ # --
14
+ # -- [1] - machine portion of password to be added as environment variable
15
+ # -- [2] - secured (password locked) private key to put on removable media
16
+ # -- [3] - an open [public key] to be placed on web accessible destination
17
+ # -- [4] - a message detailing that a new keypair is now created/installed
18
+ # --
19
+ class CryptKeys < EcoSystem
20
+
21
+
22
+ def core_provisioning
23
+
24
+ log.info(ere) { "# ## ####### ########################################## ## #" }
25
+ log.info(ere) { "# -- [crypt] ------------------------------------------ -- #" }
26
+ log.info(ere) { "# -- [crypt] This plugin encrypts a file or string. --- -- #" }
27
+ log.info(ere) { "# -- [crypt] ------------------------------------------ -- #" }
28
+ log.info(ere) { "# ## ####### ########################################## ## #" }
29
+
30
+ natural_password = Crypto.collect_secret @p[:min_passwd_len], @p[:prompt_1], @p[:prompt_2]
31
+ machine_password = Crypto.get_machine_password natural_password.length, @p[:ratio]
32
+ amalgam_password = Crypto.get_amalgam_password natural_password, machine_password, @p[:ratio]
33
+
34
+ asymmetric_keys = OpenSSL::PKey::RSA.new @p[:bit_key_size]
35
+ secured_keytext = asymmetric_keys.export @p[:key_cipher], amalgam_password
36
+ public_key_text = asymmetric_keys.public_key.to_pem
37
+
38
+ Dir.mkdir @p[:secret_keydir] unless File.exists? @p[:secret_keydir]
39
+ File.write @p[:secret_keypath], secured_keytext
40
+
41
+ Crypto.print_secret_env_var @p[:env_var_name], machine_password
42
+
43
+ GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
44
+ FileUtils.mkdir_p @p[:public_keydir]
45
+ File.write @p[:public_keypath], public_key_text
46
+ GitFlow.push @p[:local_gitrepo], @p[:public_keyname], @c[:time][:stamp]
47
+
48
+ exit
49
+
50
+
51
+ key4_pem = File.read 'private.secure.pem'
52
+ pass_phrase = 'superduperpasswordistoBeENTEREDRIGHT1234HereandRightNOW'
53
+ key4 = OpenSSL::PKey::RSA.new key4_pem, pass_phrase
54
+ decrypted_text = key4.private_decrypt(Base64.decode64(encrypted_string))
55
+
56
+ print "\nHey we have done the decryption.\n", "\n"
57
+ print decrypted_text, "\n"
58
+
59
+
60
+
61
+
62
+ log.info(ere) { "# -- [crypt] ------------------------------------------ -- #" }
63
+ log.info(ere) { "# ## ####### ########################################## ## #" }
64
+
65
+ end
66
+
67
+
68
+ end
@@ -0,0 +1,64 @@
1
+ [decrypt]
2
+
3
+ # ---> secret.id = DEVOPS_SECRET_MATERIAL
4
+ # ---> secret.part = e>> ENV[@s[:secret_id]]
5
+ # ---> secret.key = e>> @s[:secret_part] + CmdLine.instance.key_values[:key]
6
+ # ---> secret.dir = e>> @f[@i[:workstation]][:secrets_dir]
7
+ # ---> secret.file = e>> "DELETE_" + @f[:time][:stamp] + "_" + CmdLine.instance.key_values[:file]
8
+ # ---> secret.in = e>> File.join @s[:secret_dir], CmdLine.instance.key_values[:file]
9
+ # ---> secret.out = e>> File.join Dir.tmpdir, @s[:secret_file]
10
+ # ---> secret.crypt = e>> File.read(@s[:secret_in]).chomp
11
+ # ---> temporary.dir = e>> Dir.tmpdir
12
+
13
+
14
+ prompt.1 = Enter your Key Password
15
+ prompt.2 = Re-enter the Key Password
16
+
17
+ min.passwd.len = e>> 16
18
+ nickname = godzilla
19
+ root.domain = devopswiki.co.uk
20
+ env.var.name = SECRET_MATERIAL
21
+ machine.secret = e>> ENV[@s[:env_var_name]]
22
+ ratio = e>> 3
23
+ bit.key.size = e>> 8192
24
+ key.cipher = e>> OpenSSL::Cipher.new 'AES-128-CBC'
25
+
26
+ secret.leadtxt = e>> @s[:nickname] + dot + @s[:root_domain]
27
+ secret.keyname = e>> @s[:secret_leadtxt] + dot + @f[:time][:stamp] + ".txt"
28
+ secret.keydir = e>> @f[@i[:workstation]][:secrets_dir]
29
+ secret.rubydir = e>> Dir.new @s[:secret_keydir]
30
+ secret.newest = e>> @s[:secret_rubydir].ascii_order_file_starting_with @s[:secret_leadtxt]
31
+ secret.keytext = e>> File.read @s[:secret_newest]
32
+
33
+ repo.name = material_data
34
+ local.gitrepo = e>> File.join @i[:dir], @s[:repo_name]
35
+ public.gitrepo = https://www.eco-platform.co.uk/content/material.data.git
36
+ public.dirname = public_keys
37
+
38
+ public.keyroute = e>> File.join @s[:root_domain], @s[:public_dirname]
39
+ public.keydir = e>> File.join @s[:local_gitrepo], @s[:public_keyroute]
40
+ public.keyname = e>> "public_key." + @s[:nickname] + dot + @s[:root_domain] + ".txt"
41
+ public.keypath = e>> File.join @s[:public_keydir], @s[:public_keyname]
42
+
43
+
44
+ # --
45
+ # -- Note that we can only predict the crypt folder from looking at full path.
46
+ # -- This is because the user may enter a path string like the below.
47
+ # --
48
+ # -- --path=dates/bithdays/wife.birthday
49
+ # --
50
+ # -- So we extrapolate the crypt directory from the full file path.
51
+ # -- We also extrapolate the crypt filename from the final segment.
52
+ # --
53
+ crypt.dir.name = crypt_files
54
+ crypt.rel.base = e>> File.join @s[:root_domain], @s[:crypt_dir_name]
55
+ crypt.rel.path = e>> File.join @s[:crypt_rel_base], CmdLine.instance.key_values[:name]
56
+ crypt.sudopath = e>> File.join @s[:local_gitrepo], @s[:crypt_rel_path]
57
+ crypt.dir.path = e>> File.dirname @s[:crypt_sudopath]
58
+ crypt.filename = e>> File.basename(@s[:crypt_sudopath]) + dot + @s[:nickname] + ".crypt.txt"
59
+ crypt.filepath = e>> File.join @s[:crypt_dir_path], @s[:crypt_filename]
60
+
61
+
62
+ plaintext.name = e>> File.basename(@s[:crypt_sudopath]) + dot + @s[:nickname] + ".plain.txt"
63
+ plaintext.file = e>> "DELETE_" + @f[:time][:stamp] + "_" + @s[:plaintext_name]
64
+ plaintext.path = e>> File.join Dir.tmpdir, @s[:plaintext_file]
@@ -0,0 +1,49 @@
1
+ #!/usr/bin/ruby
2
+
3
+ # --
4
+ # -- This decryption plugin brings together many elements to
5
+ # -- decrypt text that is a union of the public key and the
6
+ # -- plaintext material.
7
+ # --
8
+ # -- To perform the decryption we
9
+ # --
10
+ # -- [1] - read the human entered relative path to the material
11
+ # -- [2] - request and read the human portion of the password
12
+ # -- [3] - read the machine password in the environment variable
13
+ # -- [4] - amalgamate (join) the human and the machine passwords
14
+ # -- [5] - download the encryptd material from a git repository
15
+ # -- [6] - access the private key from a [local] removable drive
16
+ # -- [7] - unlock the private key with the amalgamated password
17
+ # -- [8] - decrypt the text into the pre-configured destination
18
+ # --
19
+ class Decrypt < EcoSystem
20
+
21
+
22
+ def core_provisioning
23
+
24
+ log.info(ere) { "# ## ######### ######################################## ## #" }
25
+ log.info(ere) { "# -- [decrypt] ---------------------------------------- -- #" }
26
+ log.info(ere) { "# -- [decrypt] This plugin decrypts a filed string. --- -- #" }
27
+ log.info(ere) { "# -- [decrypt] ---------------------------------------- -- #" }
28
+ log.info(ere) { "# ## ######### ######################################## ## #" }
29
+
30
+
31
+ GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
32
+ Throw.if_not_exists @p[:crypt_filepath]
33
+
34
+ crypted_material = File.read @p[:crypt_filepath]
35
+ natural_password = Crypto.collect_secret @p[:min_passwd_len], @p[:prompt_1], @p[:prompt_2]
36
+ amalgam_password = Crypto.get_amalgam_password natural_password, @p[:machine_secret], @p[:ratio]
37
+
38
+ decryption_key = OpenSSL::PKey::RSA.new @p[:secret_keytext], amalgam_password
39
+ decrypted_text = decryption_key.private_decrypt(Base64.decode64(crypted_material))
40
+
41
+ File.write @p[:plaintext_path], decrypted_text
42
+
43
+ log.info(ere) { "# -- [decrypt] ------------------------------------------ -- #" }
44
+ log.info(ere) { "# ## ######### ########################################## ## #" }
45
+
46
+ end
47
+
48
+
49
+ end
@@ -0,0 +1,55 @@
1
+ [encrypt]
2
+
3
+ prompt.1 = Enter Secret Text
4
+ prompt.2 = Re-enter the Text
5
+
6
+ min.passwd.len = e>> 16
7
+ nickname = godzilla
8
+ root.domain = devopswiki.co.uk
9
+ env.var.name = SECRET_MATERIAL
10
+ ratio = e>> 3
11
+ bit.key.size = e>> 8192
12
+ key.cipher = e>> OpenSSL::Cipher.new 'AES-128-CBC'
13
+ secret.keyname = e>> @s[:nickname] + dot + @s[:root_domain] + dot + @f[:time][:stamp] + ".txt"
14
+ secret.keydir = e>> @f[@i[:workstation]][:secrets_dir]
15
+ secret.keypath = e>> File.join @s[:secret_keydir], @s[:secret_keyname]
16
+
17
+ repo.name = material_data
18
+ local.gitrepo = e>> File.join @i[:dir], @s[:repo_name]
19
+ public.gitrepo = https://www.eco-platform.co.uk/content/material.data.git
20
+ public.dirname = public_keys
21
+
22
+ public.keyroute = e>> File.join @s[:root_domain], @s[:public_dirname]
23
+ public.keydir = e>> File.join @s[:local_gitrepo], @s[:public_keyroute]
24
+ public.keyname = e>> "public_key." + @s[:nickname] + dot + @s[:root_domain] + ".txt"
25
+ public.keypath = e>> File.join @s[:public_keydir], @s[:public_keyname]
26
+
27
+ # --
28
+ # -- Note that we can only predict the crypt folder from looking at full path.
29
+ # -- This is because the user may enter a path string like the below.
30
+ # --
31
+ # -- --path=dates/bithdays/wife.birthday
32
+ # --
33
+ # -- So we extrapolate the crypt directory from the full file path.
34
+ # -- We also extrapolate the crypt filename from the final segment.
35
+ # --
36
+ crypt.dir.name = crypt_files
37
+ crypt.rel.base = e>> File.join @s[:root_domain], @s[:crypt_dir_name]
38
+ crypt.rel.path = e>> File.join @s[:crypt_rel_base], CmdLine.instance.key_values[:name]
39
+ crypt.sudopath = e>> File.join @s[:local_gitrepo], @s[:crypt_rel_path]
40
+ crypt.dir.path = e>> File.dirname @s[:crypt_sudopath]
41
+ crypt.filename = e>> File.basename(@s[:crypt_sudopath]) + dot + @s[:nickname] + ".crypt.txt"
42
+ crypt.filepath = e>> File.join @s[:crypt_dir_path], @s[:crypt_filename]
43
+
44
+
45
+ # -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
46
+ # -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
47
+ # -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
48
+ # -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
49
+ # -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
50
+ # -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
51
+ # -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
52
+ # -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
53
+ # -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
54
+ # -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
55
+ # -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
@@ -0,0 +1,82 @@
1
+ #!/usr/bin/ruby
2
+
3
+ # --
4
+ # -- This simple [cipher] plugin encrypts either the inputted string or
5
+ # -- file, using the configured public key and writes the cryptic material
6
+ # -- to a file that is checked into a git repository.
7
+ # --
8
+ # -- -----------------------
9
+ # -- Example Parameters
10
+ # -- -----------------------
11
+ # --
12
+ # -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
13
+ # -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
14
+ # -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
15
+ # -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
16
+ # -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
17
+ # -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
18
+ # --
19
+ # -- --name=dates/birthdays (mandatory)
20
+ # -- --file=/home/joe/laptop.key (optional)
21
+ # --
22
+ # -- ---------------------------------------------
23
+ # -- Escaping - Prefer BACKSLASH to DOUBLE QUOTES
24
+ # -- ---------------------------------------------
25
+ # --
26
+ # -- Sensitive keys and passwords usually contain non standard characters.
27
+ # -- Now you can use either BACKSLASHES or DOUBLE QUOTES to escape them.
28
+ # --
29
+ # -- Prefer backslash to double quotes.
30
+ # --
31
+ # -- Why? Example1 = --text=wow!wow!wee Will FAIL
32
+ # -- Example2 = --text=wow\!wow\!wee Will SUCCEED
33
+ # -- Example3 = --text=in(doubt)here Will FAIL
34
+ # -- Example4 = --text="in(doubt)here" Will SUCCEED
35
+ # -- Example5 = --text="no!way" Will FAIL
36
+ # -- Example6 = --text="no\!and(oh)my" SUCCEEDS BUT INCLUDES backslash
37
+ # -- Example7 = --text=no\!and\(oh\)my SUCCEEDS (NO backslash)
38
+ # --
39
+ # -- Example 6 will succeed but the decrypted string will include the
40
+ # -- backslash like => no\!and(oh)my
41
+ # --
42
+ # -- Example 7 is the best for when exclamation marks and soft quotes exist.
43
+ # -- Decrypted string is => no!and(oh)my
44
+ # --
45
+ class Encrypt < EcoSystem
46
+
47
+ def core_provisioning
48
+
49
+ log.info(ere) { "# ## ######### ########################################## ## #" }
50
+ log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
51
+ log.info(ere) { "# -- [encrypt] This plugin encrypts a file or string. --- -- #" }
52
+ log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
53
+ log.info(ere) { "# ## ######### ########################################## ## #" }
54
+
55
+ plaintext_secret = ""
56
+
57
+ if CmdLine.include? :file then
58
+ plaintext_filepath = CmdLine.instance.key_values[:file]
59
+ Throw.if_not_exists plaintext_filepath
60
+ plaintext_secret = File.read plaintext_filepath
61
+ else
62
+ plaintext_secret = Crypto.collect_secret 3, @p[:prompt_1], @p[:prompt_2]
63
+ end
64
+
65
+ GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
66
+
67
+ public_key_text = File.read @p[:public_keypath]
68
+ encryption_key = OpenSSL::PKey::RSA.new public_key_text
69
+ binary_crypt_text = encryption_key.public_encrypt plaintext_secret
70
+ crypt_material = Base64.encode64 binary_crypt_text
71
+
72
+ FileUtils.mkdir_p @p[:crypt_dir_path]
73
+ File.write @p[:crypt_filepath], crypt_material
74
+ GitFlow.push @p[:local_gitrepo], @p[:crypt_filename], @c[:time][:stamp]
75
+
76
+ log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
77
+ log.info(ere) { "# ## ######### ########################################## ## #" }
78
+
79
+ end
80
+
81
+
82
+ end