opensecret 0.0.2 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +4 -0
- data/README.md +2 -2
- data/bin/opensecret +3 -6
- data/lib/opensecret-domain.ini +23 -0
- data/lib/opensecret.rb +30 -2
- data/lib/opensecret/additions/array.rb +117 -0
- data/lib/opensecret/additions/dir.rb +35 -0
- data/lib/opensecret/additions/string.rb +312 -0
- data/lib/opensecret/commons/eco.cmdline.rb +446 -0
- data/lib/opensecret/commons/eco.faculty.rb +364 -0
- data/lib/opensecret/commons/eco.system.rb +437 -0
- data/lib/opensecret/commons/eco.systems.rb +98 -0
- data/lib/opensecret/{safe.rb → delegate.rb} +4 -2
- data/lib/opensecret/eco.do.rb +46 -0
- data/lib/opensecret/executors/crypt.keys/crypt.keys.ini +79 -0
- data/lib/opensecret/executors/crypt.keys/crypt.keys.rb +68 -0
- data/lib/opensecret/executors/decrypt/decrypt.ini +64 -0
- data/lib/opensecret/executors/decrypt/decrypt.rb +49 -0
- data/lib/opensecret/executors/encrypt/encrypt.ini +55 -0
- data/lib/opensecret/executors/encrypt/encrypt.rb +82 -0
- data/lib/opensecret/factbase/hub-runtime.ini +123 -0
- data/lib/opensecret/factbase/known-hosts.ini +75 -0
- data/lib/opensecret/factbase/published.facts/blobbolicious-facts.ini +553 -0
- data/lib/opensecret/factbase/published.facts/credential-facts.ini +40 -0
- data/lib/opensecret/factbase/published.facts/infrastructure-facts.ini +63 -0
- data/lib/opensecret/factbase/readme.md +24 -0
- data/lib/opensecret/factbase/retired.facts/maven.database.ide.facts.ini +127 -0
- data/lib/opensecret/factbase/retired.facts/s3-upload-block-facts.ini +17 -0
- data/lib/opensecret/plugins.io/cipher/crypto.rb +174 -0
- data/lib/opensecret/plugins.io/error/eco.exceptions.rb +24 -0
- data/lib/opensecret/plugins.io/facts/fact.chars.rb +66 -0
- data/lib/opensecret/plugins.io/facts/fact.factor.rb +156 -0
- data/lib/opensecret/plugins.io/facts/fact.locator.rb +105 -0
- data/lib/opensecret/plugins.io/facts/fact.reader.rb +137 -0
- data/lib/opensecret/plugins.io/facts/fact.tree.rb +661 -0
- data/lib/opensecret/plugins.io/file/file.rb +483 -0
- data/lib/opensecret/plugins.io/git/git.flow.rb +388 -0
- data/lib/opensecret/plugins.io/logs/log.object.rb +89 -0
- data/lib/opensecret/plugins.io/logs/logging.rb +203 -0
- data/lib/opensecret/plugins.io/time/time.stamp.rb +425 -0
- data/lib/opensecret/version.rb +2 -2
- data/opensecret.gemspec +8 -13
- metadata +68 -18
@@ -0,0 +1,46 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
require 'pp'
|
4
|
+
require 'json'
|
5
|
+
require 'inifile'
|
6
|
+
require 'singleton'
|
7
|
+
require 'filesize'
|
8
|
+
require 'tmpdir'
|
9
|
+
require 'base64'
|
10
|
+
require 'date'
|
11
|
+
require 'etc'
|
12
|
+
require 'optparse'
|
13
|
+
require 'securerandom'
|
14
|
+
require 'digest'
|
15
|
+
require 'net/http'
|
16
|
+
require 'net/ssh'
|
17
|
+
require 'net/scp'
|
18
|
+
require 'aws-sdk'
|
19
|
+
require 'aws-sdk-resources'
|
20
|
+
require 'nokogiri'
|
21
|
+
require 'openssl'
|
22
|
+
require 'io/console'
|
23
|
+
|
24
|
+
# --
|
25
|
+
# -- Require modules that read config and require modules
|
26
|
+
# --
|
27
|
+
require_relative '../iaas.tool.collection/user.home'
|
28
|
+
require_relative '../iaas.tool.collection/throw.error'
|
29
|
+
require_relative '../iaas.tool.collection/ruby.require'
|
30
|
+
require_relative '../reusable.classes/logs/logging'
|
31
|
+
|
32
|
+
|
33
|
+
# --
|
34
|
+
# -- Flush logs destined for STDOUT immediately.
|
35
|
+
# -- Do not wait for a full cache or script end.
|
36
|
+
# --
|
37
|
+
$stdout.sync = true
|
38
|
+
|
39
|
+
include Logging
|
40
|
+
|
41
|
+
log.debug(ere) { "Require of ruby modules has been completed." }
|
42
|
+
|
43
|
+
EcoSystems.create
|
44
|
+
|
45
|
+
exit
|
46
|
+
|
@@ -0,0 +1,79 @@
|
|
1
|
+
[crypt.keys]
|
2
|
+
|
3
|
+
min.passwd.len = e>> 16
|
4
|
+
nickname = godzilla
|
5
|
+
root.domain = devopswiki.co.uk
|
6
|
+
env.var.name = SECRET_MATERIAL
|
7
|
+
ratio = e>> 3
|
8
|
+
bit.key.size = e>> 8192
|
9
|
+
key.cipher = e>> OpenSSL::Cipher.new 'AES-128-CBC'
|
10
|
+
secret.keyname = e>> @s[:nickname] + dot + @s[:root_domain] + dot + @f[:time][:stamp] + ".txt"
|
11
|
+
secret.keydir = e>> @f[@i[:workstation]][:secrets_dir]
|
12
|
+
secret.keypath = e>> File.join @s[:secret_keydir], @s[:secret_keyname]
|
13
|
+
|
14
|
+
repo.name = material_data
|
15
|
+
local.gitrepo = e>> File.join @i[:dir], @s[:repo_name]
|
16
|
+
public.gitrepo = https://www.eco-platform.co.uk/content/material.data.git
|
17
|
+
public.dirname = public_keys
|
18
|
+
|
19
|
+
public.keyroute = e>> File.join @s[:root_domain], @s[:public_dirname]
|
20
|
+
public.keydir = e>> File.join @s[:local_gitrepo], @s[:public_keyroute]
|
21
|
+
public.keyname = e>> "public_key." + @s[:nickname] + dot + @s[:root_domain] + ".txt"
|
22
|
+
public.keypath = e>> File.join @s[:public_keydir], @s[:public_keyname]
|
23
|
+
|
24
|
+
prompt.1 = Enter a Robust Password
|
25
|
+
prompt.2 = Re-enter that Password
|
26
|
+
|
27
|
+
#--
|
28
|
+
#-- ------------------------------------------
|
29
|
+
#-- How to Add the Secret Material on Windows
|
30
|
+
#-- ------------------------------------------
|
31
|
+
#--
|
32
|
+
#-- Check that the variable is not set.
|
33
|
+
#-- $ set
|
34
|
+
#--
|
35
|
+
#-- Run the commands below and then acquire another
|
36
|
+
#-- command prompt or emacs/cygwin window.
|
37
|
+
#--
|
38
|
+
#-- $ setx SECRET_MATERIAL ABC123
|
39
|
+
#-- $ set
|
40
|
+
#--
|
41
|
+
#-- Check (with last command) on new prompt that the
|
42
|
+
#-- environment variable is now set.
|
43
|
+
#--
|
44
|
+
#-- ----------------------------------------
|
45
|
+
#-- How to Add the Secret Material (Linux)
|
46
|
+
#-- ----------------------------------------
|
47
|
+
#--
|
48
|
+
#-- Check that the variable is not set.
|
49
|
+
#-- $ printenv | sort
|
50
|
+
#--
|
51
|
+
#-- Run the commands below and then reboot.
|
52
|
+
#-- (Ensure that the whole disk is encrypted so that the
|
53
|
+
#-- /etc/environment file cannot be accessed if your desktop
|
54
|
+
#-- or laptop is stolen.
|
55
|
+
#--
|
56
|
+
#-- $ sudo chmod 666 /etc/environment
|
57
|
+
#-- $ sudo echo "SECRET_MATERIAL=ABC123" >> /etc/environment
|
58
|
+
#-- $ sudo chmod 644 /etc/environment
|
59
|
+
#-- $ printenv | sort
|
60
|
+
#--
|
61
|
+
#-- Check (with last command) after the reboot to ensure
|
62
|
+
#-- that the environment variable is now set.
|
63
|
+
#--
|
64
|
+
#-- ---------------------------------------------------
|
65
|
+
#-- How to TEMPORARILY Add the Secret Material (Linux)
|
66
|
+
#-- ---------------------------------------------------
|
67
|
+
#--
|
68
|
+
#-- Check that the variable is not set.
|
69
|
+
#-- $ printenv | sort
|
70
|
+
#--
|
71
|
+
#-- We are only adding for the session (perhaps to test it)
|
72
|
+
#-- therefore we simply export. On closing the shell the
|
73
|
+
#-- environment variable will be gone.
|
74
|
+
#--
|
75
|
+
#-- $ export SECRET_MATERIAL=ABC123
|
76
|
+
#-- $ printenv | sort
|
77
|
+
#--
|
78
|
+
#-- Now the environment variable should be temporarily set.
|
79
|
+
#--
|
@@ -0,0 +1,68 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
# --
|
4
|
+
# -- This plugin creates cryptographic keys, installs them and then messages
|
5
|
+
# -- and notifies as required.
|
6
|
+
# --
|
7
|
+
# -- Input
|
8
|
+
# --
|
9
|
+
# -- [1] - memorable portion of password
|
10
|
+
# -- [2] - memorable password entered again for validation
|
11
|
+
# --
|
12
|
+
# -- Output
|
13
|
+
# --
|
14
|
+
# -- [1] - machine portion of password to be added as environment variable
|
15
|
+
# -- [2] - secured (password locked) private key to put on removable media
|
16
|
+
# -- [3] - an open [public key] to be placed on web accessible destination
|
17
|
+
# -- [4] - a message detailing that a new keypair is now created/installed
|
18
|
+
# --
|
19
|
+
class CryptKeys < EcoSystem
|
20
|
+
|
21
|
+
|
22
|
+
def core_provisioning
|
23
|
+
|
24
|
+
log.info(ere) { "# ## ####### ########################################## ## #" }
|
25
|
+
log.info(ere) { "# -- [crypt] ------------------------------------------ -- #" }
|
26
|
+
log.info(ere) { "# -- [crypt] This plugin encrypts a file or string. --- -- #" }
|
27
|
+
log.info(ere) { "# -- [crypt] ------------------------------------------ -- #" }
|
28
|
+
log.info(ere) { "# ## ####### ########################################## ## #" }
|
29
|
+
|
30
|
+
natural_password = Crypto.collect_secret @p[:min_passwd_len], @p[:prompt_1], @p[:prompt_2]
|
31
|
+
machine_password = Crypto.get_machine_password natural_password.length, @p[:ratio]
|
32
|
+
amalgam_password = Crypto.get_amalgam_password natural_password, machine_password, @p[:ratio]
|
33
|
+
|
34
|
+
asymmetric_keys = OpenSSL::PKey::RSA.new @p[:bit_key_size]
|
35
|
+
secured_keytext = asymmetric_keys.export @p[:key_cipher], amalgam_password
|
36
|
+
public_key_text = asymmetric_keys.public_key.to_pem
|
37
|
+
|
38
|
+
Dir.mkdir @p[:secret_keydir] unless File.exists? @p[:secret_keydir]
|
39
|
+
File.write @p[:secret_keypath], secured_keytext
|
40
|
+
|
41
|
+
Crypto.print_secret_env_var @p[:env_var_name], machine_password
|
42
|
+
|
43
|
+
GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
|
44
|
+
FileUtils.mkdir_p @p[:public_keydir]
|
45
|
+
File.write @p[:public_keypath], public_key_text
|
46
|
+
GitFlow.push @p[:local_gitrepo], @p[:public_keyname], @c[:time][:stamp]
|
47
|
+
|
48
|
+
exit
|
49
|
+
|
50
|
+
|
51
|
+
key4_pem = File.read 'private.secure.pem'
|
52
|
+
pass_phrase = 'superduperpasswordistoBeENTEREDRIGHT1234HereandRightNOW'
|
53
|
+
key4 = OpenSSL::PKey::RSA.new key4_pem, pass_phrase
|
54
|
+
decrypted_text = key4.private_decrypt(Base64.decode64(encrypted_string))
|
55
|
+
|
56
|
+
print "\nHey we have done the decryption.\n", "\n"
|
57
|
+
print decrypted_text, "\n"
|
58
|
+
|
59
|
+
|
60
|
+
|
61
|
+
|
62
|
+
log.info(ere) { "# -- [crypt] ------------------------------------------ -- #" }
|
63
|
+
log.info(ere) { "# ## ####### ########################################## ## #" }
|
64
|
+
|
65
|
+
end
|
66
|
+
|
67
|
+
|
68
|
+
end
|
@@ -0,0 +1,64 @@
|
|
1
|
+
[decrypt]
|
2
|
+
|
3
|
+
# ---> secret.id = DEVOPS_SECRET_MATERIAL
|
4
|
+
# ---> secret.part = e>> ENV[@s[:secret_id]]
|
5
|
+
# ---> secret.key = e>> @s[:secret_part] + CmdLine.instance.key_values[:key]
|
6
|
+
# ---> secret.dir = e>> @f[@i[:workstation]][:secrets_dir]
|
7
|
+
# ---> secret.file = e>> "DELETE_" + @f[:time][:stamp] + "_" + CmdLine.instance.key_values[:file]
|
8
|
+
# ---> secret.in = e>> File.join @s[:secret_dir], CmdLine.instance.key_values[:file]
|
9
|
+
# ---> secret.out = e>> File.join Dir.tmpdir, @s[:secret_file]
|
10
|
+
# ---> secret.crypt = e>> File.read(@s[:secret_in]).chomp
|
11
|
+
# ---> temporary.dir = e>> Dir.tmpdir
|
12
|
+
|
13
|
+
|
14
|
+
prompt.1 = Enter your Key Password
|
15
|
+
prompt.2 = Re-enter the Key Password
|
16
|
+
|
17
|
+
min.passwd.len = e>> 16
|
18
|
+
nickname = godzilla
|
19
|
+
root.domain = devopswiki.co.uk
|
20
|
+
env.var.name = SECRET_MATERIAL
|
21
|
+
machine.secret = e>> ENV[@s[:env_var_name]]
|
22
|
+
ratio = e>> 3
|
23
|
+
bit.key.size = e>> 8192
|
24
|
+
key.cipher = e>> OpenSSL::Cipher.new 'AES-128-CBC'
|
25
|
+
|
26
|
+
secret.leadtxt = e>> @s[:nickname] + dot + @s[:root_domain]
|
27
|
+
secret.keyname = e>> @s[:secret_leadtxt] + dot + @f[:time][:stamp] + ".txt"
|
28
|
+
secret.keydir = e>> @f[@i[:workstation]][:secrets_dir]
|
29
|
+
secret.rubydir = e>> Dir.new @s[:secret_keydir]
|
30
|
+
secret.newest = e>> @s[:secret_rubydir].ascii_order_file_starting_with @s[:secret_leadtxt]
|
31
|
+
secret.keytext = e>> File.read @s[:secret_newest]
|
32
|
+
|
33
|
+
repo.name = material_data
|
34
|
+
local.gitrepo = e>> File.join @i[:dir], @s[:repo_name]
|
35
|
+
public.gitrepo = https://www.eco-platform.co.uk/content/material.data.git
|
36
|
+
public.dirname = public_keys
|
37
|
+
|
38
|
+
public.keyroute = e>> File.join @s[:root_domain], @s[:public_dirname]
|
39
|
+
public.keydir = e>> File.join @s[:local_gitrepo], @s[:public_keyroute]
|
40
|
+
public.keyname = e>> "public_key." + @s[:nickname] + dot + @s[:root_domain] + ".txt"
|
41
|
+
public.keypath = e>> File.join @s[:public_keydir], @s[:public_keyname]
|
42
|
+
|
43
|
+
|
44
|
+
# --
|
45
|
+
# -- Note that we can only predict the crypt folder from looking at full path.
|
46
|
+
# -- This is because the user may enter a path string like the below.
|
47
|
+
# --
|
48
|
+
# -- --path=dates/bithdays/wife.birthday
|
49
|
+
# --
|
50
|
+
# -- So we extrapolate the crypt directory from the full file path.
|
51
|
+
# -- We also extrapolate the crypt filename from the final segment.
|
52
|
+
# --
|
53
|
+
crypt.dir.name = crypt_files
|
54
|
+
crypt.rel.base = e>> File.join @s[:root_domain], @s[:crypt_dir_name]
|
55
|
+
crypt.rel.path = e>> File.join @s[:crypt_rel_base], CmdLine.instance.key_values[:name]
|
56
|
+
crypt.sudopath = e>> File.join @s[:local_gitrepo], @s[:crypt_rel_path]
|
57
|
+
crypt.dir.path = e>> File.dirname @s[:crypt_sudopath]
|
58
|
+
crypt.filename = e>> File.basename(@s[:crypt_sudopath]) + dot + @s[:nickname] + ".crypt.txt"
|
59
|
+
crypt.filepath = e>> File.join @s[:crypt_dir_path], @s[:crypt_filename]
|
60
|
+
|
61
|
+
|
62
|
+
plaintext.name = e>> File.basename(@s[:crypt_sudopath]) + dot + @s[:nickname] + ".plain.txt"
|
63
|
+
plaintext.file = e>> "DELETE_" + @f[:time][:stamp] + "_" + @s[:plaintext_name]
|
64
|
+
plaintext.path = e>> File.join Dir.tmpdir, @s[:plaintext_file]
|
@@ -0,0 +1,49 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
# --
|
4
|
+
# -- This decryption plugin brings together many elements to
|
5
|
+
# -- decrypt text that is a union of the public key and the
|
6
|
+
# -- plaintext material.
|
7
|
+
# --
|
8
|
+
# -- To perform the decryption we
|
9
|
+
# --
|
10
|
+
# -- [1] - read the human entered relative path to the material
|
11
|
+
# -- [2] - request and read the human portion of the password
|
12
|
+
# -- [3] - read the machine password in the environment variable
|
13
|
+
# -- [4] - amalgamate (join) the human and the machine passwords
|
14
|
+
# -- [5] - download the encryptd material from a git repository
|
15
|
+
# -- [6] - access the private key from a [local] removable drive
|
16
|
+
# -- [7] - unlock the private key with the amalgamated password
|
17
|
+
# -- [8] - decrypt the text into the pre-configured destination
|
18
|
+
# --
|
19
|
+
class Decrypt < EcoSystem
|
20
|
+
|
21
|
+
|
22
|
+
def core_provisioning
|
23
|
+
|
24
|
+
log.info(ere) { "# ## ######### ######################################## ## #" }
|
25
|
+
log.info(ere) { "# -- [decrypt] ---------------------------------------- -- #" }
|
26
|
+
log.info(ere) { "# -- [decrypt] This plugin decrypts a filed string. --- -- #" }
|
27
|
+
log.info(ere) { "# -- [decrypt] ---------------------------------------- -- #" }
|
28
|
+
log.info(ere) { "# ## ######### ######################################## ## #" }
|
29
|
+
|
30
|
+
|
31
|
+
GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
|
32
|
+
Throw.if_not_exists @p[:crypt_filepath]
|
33
|
+
|
34
|
+
crypted_material = File.read @p[:crypt_filepath]
|
35
|
+
natural_password = Crypto.collect_secret @p[:min_passwd_len], @p[:prompt_1], @p[:prompt_2]
|
36
|
+
amalgam_password = Crypto.get_amalgam_password natural_password, @p[:machine_secret], @p[:ratio]
|
37
|
+
|
38
|
+
decryption_key = OpenSSL::PKey::RSA.new @p[:secret_keytext], amalgam_password
|
39
|
+
decrypted_text = decryption_key.private_decrypt(Base64.decode64(crypted_material))
|
40
|
+
|
41
|
+
File.write @p[:plaintext_path], decrypted_text
|
42
|
+
|
43
|
+
log.info(ere) { "# -- [decrypt] ------------------------------------------ -- #" }
|
44
|
+
log.info(ere) { "# ## ######### ########################################## ## #" }
|
45
|
+
|
46
|
+
end
|
47
|
+
|
48
|
+
|
49
|
+
end
|
@@ -0,0 +1,55 @@
|
|
1
|
+
[encrypt]
|
2
|
+
|
3
|
+
prompt.1 = Enter Secret Text
|
4
|
+
prompt.2 = Re-enter the Text
|
5
|
+
|
6
|
+
min.passwd.len = e>> 16
|
7
|
+
nickname = godzilla
|
8
|
+
root.domain = devopswiki.co.uk
|
9
|
+
env.var.name = SECRET_MATERIAL
|
10
|
+
ratio = e>> 3
|
11
|
+
bit.key.size = e>> 8192
|
12
|
+
key.cipher = e>> OpenSSL::Cipher.new 'AES-128-CBC'
|
13
|
+
secret.keyname = e>> @s[:nickname] + dot + @s[:root_domain] + dot + @f[:time][:stamp] + ".txt"
|
14
|
+
secret.keydir = e>> @f[@i[:workstation]][:secrets_dir]
|
15
|
+
secret.keypath = e>> File.join @s[:secret_keydir], @s[:secret_keyname]
|
16
|
+
|
17
|
+
repo.name = material_data
|
18
|
+
local.gitrepo = e>> File.join @i[:dir], @s[:repo_name]
|
19
|
+
public.gitrepo = https://www.eco-platform.co.uk/content/material.data.git
|
20
|
+
public.dirname = public_keys
|
21
|
+
|
22
|
+
public.keyroute = e>> File.join @s[:root_domain], @s[:public_dirname]
|
23
|
+
public.keydir = e>> File.join @s[:local_gitrepo], @s[:public_keyroute]
|
24
|
+
public.keyname = e>> "public_key." + @s[:nickname] + dot + @s[:root_domain] + ".txt"
|
25
|
+
public.keypath = e>> File.join @s[:public_keydir], @s[:public_keyname]
|
26
|
+
|
27
|
+
# --
|
28
|
+
# -- Note that we can only predict the crypt folder from looking at full path.
|
29
|
+
# -- This is because the user may enter a path string like the below.
|
30
|
+
# --
|
31
|
+
# -- --path=dates/bithdays/wife.birthday
|
32
|
+
# --
|
33
|
+
# -- So we extrapolate the crypt directory from the full file path.
|
34
|
+
# -- We also extrapolate the crypt filename from the final segment.
|
35
|
+
# --
|
36
|
+
crypt.dir.name = crypt_files
|
37
|
+
crypt.rel.base = e>> File.join @s[:root_domain], @s[:crypt_dir_name]
|
38
|
+
crypt.rel.path = e>> File.join @s[:crypt_rel_base], CmdLine.instance.key_values[:name]
|
39
|
+
crypt.sudopath = e>> File.join @s[:local_gitrepo], @s[:crypt_rel_path]
|
40
|
+
crypt.dir.path = e>> File.dirname @s[:crypt_sudopath]
|
41
|
+
crypt.filename = e>> File.basename(@s[:crypt_sudopath]) + dot + @s[:nickname] + ".crypt.txt"
|
42
|
+
crypt.filepath = e>> File.join @s[:crypt_dir_path], @s[:crypt_filename]
|
43
|
+
|
44
|
+
|
45
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
46
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
47
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
48
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
49
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
50
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
51
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
52
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
53
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
54
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
55
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
@@ -0,0 +1,82 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
# --
|
4
|
+
# -- This simple [cipher] plugin encrypts either the inputted string or
|
5
|
+
# -- file, using the configured public key and writes the cryptic material
|
6
|
+
# -- to a file that is checked into a git repository.
|
7
|
+
# --
|
8
|
+
# -- -----------------------
|
9
|
+
# -- Example Parameters
|
10
|
+
# -- -----------------------
|
11
|
+
# --
|
12
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
13
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
14
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
15
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
16
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
17
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
18
|
+
# --
|
19
|
+
# -- --name=dates/birthdays (mandatory)
|
20
|
+
# -- --file=/home/joe/laptop.key (optional)
|
21
|
+
# --
|
22
|
+
# -- ---------------------------------------------
|
23
|
+
# -- Escaping - Prefer BACKSLASH to DOUBLE QUOTES
|
24
|
+
# -- ---------------------------------------------
|
25
|
+
# --
|
26
|
+
# -- Sensitive keys and passwords usually contain non standard characters.
|
27
|
+
# -- Now you can use either BACKSLASHES or DOUBLE QUOTES to escape them.
|
28
|
+
# --
|
29
|
+
# -- Prefer backslash to double quotes.
|
30
|
+
# --
|
31
|
+
# -- Why? Example1 = --text=wow!wow!wee Will FAIL
|
32
|
+
# -- Example2 = --text=wow\!wow\!wee Will SUCCEED
|
33
|
+
# -- Example3 = --text=in(doubt)here Will FAIL
|
34
|
+
# -- Example4 = --text="in(doubt)here" Will SUCCEED
|
35
|
+
# -- Example5 = --text="no!way" Will FAIL
|
36
|
+
# -- Example6 = --text="no\!and(oh)my" SUCCEEDS BUT INCLUDES backslash
|
37
|
+
# -- Example7 = --text=no\!and\(oh\)my SUCCEEDS (NO backslash)
|
38
|
+
# --
|
39
|
+
# -- Example 6 will succeed but the decrypted string will include the
|
40
|
+
# -- backslash like => no\!and(oh)my
|
41
|
+
# --
|
42
|
+
# -- Example 7 is the best for when exclamation marks and soft quotes exist.
|
43
|
+
# -- Decrypted string is => no!and(oh)my
|
44
|
+
# --
|
45
|
+
class Encrypt < EcoSystem
|
46
|
+
|
47
|
+
def core_provisioning
|
48
|
+
|
49
|
+
log.info(ere) { "# ## ######### ########################################## ## #" }
|
50
|
+
log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
|
51
|
+
log.info(ere) { "# -- [encrypt] This plugin encrypts a file or string. --- -- #" }
|
52
|
+
log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
|
53
|
+
log.info(ere) { "# ## ######### ########################################## ## #" }
|
54
|
+
|
55
|
+
plaintext_secret = ""
|
56
|
+
|
57
|
+
if CmdLine.include? :file then
|
58
|
+
plaintext_filepath = CmdLine.instance.key_values[:file]
|
59
|
+
Throw.if_not_exists plaintext_filepath
|
60
|
+
plaintext_secret = File.read plaintext_filepath
|
61
|
+
else
|
62
|
+
plaintext_secret = Crypto.collect_secret 3, @p[:prompt_1], @p[:prompt_2]
|
63
|
+
end
|
64
|
+
|
65
|
+
GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
|
66
|
+
|
67
|
+
public_key_text = File.read @p[:public_keypath]
|
68
|
+
encryption_key = OpenSSL::PKey::RSA.new public_key_text
|
69
|
+
binary_crypt_text = encryption_key.public_encrypt plaintext_secret
|
70
|
+
crypt_material = Base64.encode64 binary_crypt_text
|
71
|
+
|
72
|
+
FileUtils.mkdir_p @p[:crypt_dir_path]
|
73
|
+
File.write @p[:crypt_filepath], crypt_material
|
74
|
+
GitFlow.push @p[:local_gitrepo], @p[:crypt_filename], @c[:time][:stamp]
|
75
|
+
|
76
|
+
log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
|
77
|
+
log.info(ere) { "# ## ######### ########################################## ## #" }
|
78
|
+
|
79
|
+
end
|
80
|
+
|
81
|
+
|
82
|
+
end
|