opensecret 0.0.2 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +4 -0
- data/README.md +2 -2
- data/bin/opensecret +3 -6
- data/lib/opensecret-domain.ini +23 -0
- data/lib/opensecret.rb +30 -2
- data/lib/opensecret/additions/array.rb +117 -0
- data/lib/opensecret/additions/dir.rb +35 -0
- data/lib/opensecret/additions/string.rb +312 -0
- data/lib/opensecret/commons/eco.cmdline.rb +446 -0
- data/lib/opensecret/commons/eco.faculty.rb +364 -0
- data/lib/opensecret/commons/eco.system.rb +437 -0
- data/lib/opensecret/commons/eco.systems.rb +98 -0
- data/lib/opensecret/{safe.rb → delegate.rb} +4 -2
- data/lib/opensecret/eco.do.rb +46 -0
- data/lib/opensecret/executors/crypt.keys/crypt.keys.ini +79 -0
- data/lib/opensecret/executors/crypt.keys/crypt.keys.rb +68 -0
- data/lib/opensecret/executors/decrypt/decrypt.ini +64 -0
- data/lib/opensecret/executors/decrypt/decrypt.rb +49 -0
- data/lib/opensecret/executors/encrypt/encrypt.ini +55 -0
- data/lib/opensecret/executors/encrypt/encrypt.rb +82 -0
- data/lib/opensecret/factbase/hub-runtime.ini +123 -0
- data/lib/opensecret/factbase/known-hosts.ini +75 -0
- data/lib/opensecret/factbase/published.facts/blobbolicious-facts.ini +553 -0
- data/lib/opensecret/factbase/published.facts/credential-facts.ini +40 -0
- data/lib/opensecret/factbase/published.facts/infrastructure-facts.ini +63 -0
- data/lib/opensecret/factbase/readme.md +24 -0
- data/lib/opensecret/factbase/retired.facts/maven.database.ide.facts.ini +127 -0
- data/lib/opensecret/factbase/retired.facts/s3-upload-block-facts.ini +17 -0
- data/lib/opensecret/plugins.io/cipher/crypto.rb +174 -0
- data/lib/opensecret/plugins.io/error/eco.exceptions.rb +24 -0
- data/lib/opensecret/plugins.io/facts/fact.chars.rb +66 -0
- data/lib/opensecret/plugins.io/facts/fact.factor.rb +156 -0
- data/lib/opensecret/plugins.io/facts/fact.locator.rb +105 -0
- data/lib/opensecret/plugins.io/facts/fact.reader.rb +137 -0
- data/lib/opensecret/plugins.io/facts/fact.tree.rb +661 -0
- data/lib/opensecret/plugins.io/file/file.rb +483 -0
- data/lib/opensecret/plugins.io/git/git.flow.rb +388 -0
- data/lib/opensecret/plugins.io/logs/log.object.rb +89 -0
- data/lib/opensecret/plugins.io/logs/logging.rb +203 -0
- data/lib/opensecret/plugins.io/time/time.stamp.rb +425 -0
- data/lib/opensecret/version.rb +2 -2
- data/opensecret.gemspec +8 -13
- metadata +68 -18
@@ -0,0 +1,46 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
require 'pp'
|
4
|
+
require 'json'
|
5
|
+
require 'inifile'
|
6
|
+
require 'singleton'
|
7
|
+
require 'filesize'
|
8
|
+
require 'tmpdir'
|
9
|
+
require 'base64'
|
10
|
+
require 'date'
|
11
|
+
require 'etc'
|
12
|
+
require 'optparse'
|
13
|
+
require 'securerandom'
|
14
|
+
require 'digest'
|
15
|
+
require 'net/http'
|
16
|
+
require 'net/ssh'
|
17
|
+
require 'net/scp'
|
18
|
+
require 'aws-sdk'
|
19
|
+
require 'aws-sdk-resources'
|
20
|
+
require 'nokogiri'
|
21
|
+
require 'openssl'
|
22
|
+
require 'io/console'
|
23
|
+
|
24
|
+
# --
|
25
|
+
# -- Require modules that read config and require modules
|
26
|
+
# --
|
27
|
+
require_relative '../iaas.tool.collection/user.home'
|
28
|
+
require_relative '../iaas.tool.collection/throw.error'
|
29
|
+
require_relative '../iaas.tool.collection/ruby.require'
|
30
|
+
require_relative '../reusable.classes/logs/logging'
|
31
|
+
|
32
|
+
|
33
|
+
# --
|
34
|
+
# -- Flush logs destined for STDOUT immediately.
|
35
|
+
# -- Do not wait for a full cache or script end.
|
36
|
+
# --
|
37
|
+
$stdout.sync = true
|
38
|
+
|
39
|
+
include Logging
|
40
|
+
|
41
|
+
log.debug(ere) { "Require of ruby modules has been completed." }
|
42
|
+
|
43
|
+
EcoSystems.create
|
44
|
+
|
45
|
+
exit
|
46
|
+
|
@@ -0,0 +1,79 @@
|
|
1
|
+
[crypt.keys]
|
2
|
+
|
3
|
+
min.passwd.len = e>> 16
|
4
|
+
nickname = godzilla
|
5
|
+
root.domain = devopswiki.co.uk
|
6
|
+
env.var.name = SECRET_MATERIAL
|
7
|
+
ratio = e>> 3
|
8
|
+
bit.key.size = e>> 8192
|
9
|
+
key.cipher = e>> OpenSSL::Cipher.new 'AES-128-CBC'
|
10
|
+
secret.keyname = e>> @s[:nickname] + dot + @s[:root_domain] + dot + @f[:time][:stamp] + ".txt"
|
11
|
+
secret.keydir = e>> @f[@i[:workstation]][:secrets_dir]
|
12
|
+
secret.keypath = e>> File.join @s[:secret_keydir], @s[:secret_keyname]
|
13
|
+
|
14
|
+
repo.name = material_data
|
15
|
+
local.gitrepo = e>> File.join @i[:dir], @s[:repo_name]
|
16
|
+
public.gitrepo = https://www.eco-platform.co.uk/content/material.data.git
|
17
|
+
public.dirname = public_keys
|
18
|
+
|
19
|
+
public.keyroute = e>> File.join @s[:root_domain], @s[:public_dirname]
|
20
|
+
public.keydir = e>> File.join @s[:local_gitrepo], @s[:public_keyroute]
|
21
|
+
public.keyname = e>> "public_key." + @s[:nickname] + dot + @s[:root_domain] + ".txt"
|
22
|
+
public.keypath = e>> File.join @s[:public_keydir], @s[:public_keyname]
|
23
|
+
|
24
|
+
prompt.1 = Enter a Robust Password
|
25
|
+
prompt.2 = Re-enter that Password
|
26
|
+
|
27
|
+
#--
|
28
|
+
#-- ------------------------------------------
|
29
|
+
#-- How to Add the Secret Material on Windows
|
30
|
+
#-- ------------------------------------------
|
31
|
+
#--
|
32
|
+
#-- Check that the variable is not set.
|
33
|
+
#-- $ set
|
34
|
+
#--
|
35
|
+
#-- Run the commands below and then acquire another
|
36
|
+
#-- command prompt or emacs/cygwin window.
|
37
|
+
#--
|
38
|
+
#-- $ setx SECRET_MATERIAL ABC123
|
39
|
+
#-- $ set
|
40
|
+
#--
|
41
|
+
#-- Check (with last command) on new prompt that the
|
42
|
+
#-- environment variable is now set.
|
43
|
+
#--
|
44
|
+
#-- ----------------------------------------
|
45
|
+
#-- How to Add the Secret Material (Linux)
|
46
|
+
#-- ----------------------------------------
|
47
|
+
#--
|
48
|
+
#-- Check that the variable is not set.
|
49
|
+
#-- $ printenv | sort
|
50
|
+
#--
|
51
|
+
#-- Run the commands below and then reboot.
|
52
|
+
#-- (Ensure that the whole disk is encrypted so that the
|
53
|
+
#-- /etc/environment file cannot be accessed if your desktop
|
54
|
+
#-- or laptop is stolen.
|
55
|
+
#--
|
56
|
+
#-- $ sudo chmod 666 /etc/environment
|
57
|
+
#-- $ sudo echo "SECRET_MATERIAL=ABC123" >> /etc/environment
|
58
|
+
#-- $ sudo chmod 644 /etc/environment
|
59
|
+
#-- $ printenv | sort
|
60
|
+
#--
|
61
|
+
#-- Check (with last command) after the reboot to ensure
|
62
|
+
#-- that the environment variable is now set.
|
63
|
+
#--
|
64
|
+
#-- ---------------------------------------------------
|
65
|
+
#-- How to TEMPORARILY Add the Secret Material (Linux)
|
66
|
+
#-- ---------------------------------------------------
|
67
|
+
#--
|
68
|
+
#-- Check that the variable is not set.
|
69
|
+
#-- $ printenv | sort
|
70
|
+
#--
|
71
|
+
#-- We are only adding for the session (perhaps to test it)
|
72
|
+
#-- therefore we simply export. On closing the shell the
|
73
|
+
#-- environment variable will be gone.
|
74
|
+
#--
|
75
|
+
#-- $ export SECRET_MATERIAL=ABC123
|
76
|
+
#-- $ printenv | sort
|
77
|
+
#--
|
78
|
+
#-- Now the environment variable should be temporarily set.
|
79
|
+
#--
|
@@ -0,0 +1,68 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
# --
|
4
|
+
# -- This plugin creates cryptographic keys, installs them and then messages
|
5
|
+
# -- and notifies as required.
|
6
|
+
# --
|
7
|
+
# -- Input
|
8
|
+
# --
|
9
|
+
# -- [1] - memorable portion of password
|
10
|
+
# -- [2] - memorable password entered again for validation
|
11
|
+
# --
|
12
|
+
# -- Output
|
13
|
+
# --
|
14
|
+
# -- [1] - machine portion of password to be added as environment variable
|
15
|
+
# -- [2] - secured (password locked) private key to put on removable media
|
16
|
+
# -- [3] - an open [public key] to be placed on web accessible destination
|
17
|
+
# -- [4] - a message detailing that a new keypair is now created/installed
|
18
|
+
# --
|
19
|
+
class CryptKeys < EcoSystem
|
20
|
+
|
21
|
+
|
22
|
+
def core_provisioning
|
23
|
+
|
24
|
+
log.info(ere) { "# ## ####### ########################################## ## #" }
|
25
|
+
log.info(ere) { "# -- [crypt] ------------------------------------------ -- #" }
|
26
|
+
log.info(ere) { "# -- [crypt] This plugin encrypts a file or string. --- -- #" }
|
27
|
+
log.info(ere) { "# -- [crypt] ------------------------------------------ -- #" }
|
28
|
+
log.info(ere) { "# ## ####### ########################################## ## #" }
|
29
|
+
|
30
|
+
natural_password = Crypto.collect_secret @p[:min_passwd_len], @p[:prompt_1], @p[:prompt_2]
|
31
|
+
machine_password = Crypto.get_machine_password natural_password.length, @p[:ratio]
|
32
|
+
amalgam_password = Crypto.get_amalgam_password natural_password, machine_password, @p[:ratio]
|
33
|
+
|
34
|
+
asymmetric_keys = OpenSSL::PKey::RSA.new @p[:bit_key_size]
|
35
|
+
secured_keytext = asymmetric_keys.export @p[:key_cipher], amalgam_password
|
36
|
+
public_key_text = asymmetric_keys.public_key.to_pem
|
37
|
+
|
38
|
+
Dir.mkdir @p[:secret_keydir] unless File.exists? @p[:secret_keydir]
|
39
|
+
File.write @p[:secret_keypath], secured_keytext
|
40
|
+
|
41
|
+
Crypto.print_secret_env_var @p[:env_var_name], machine_password
|
42
|
+
|
43
|
+
GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
|
44
|
+
FileUtils.mkdir_p @p[:public_keydir]
|
45
|
+
File.write @p[:public_keypath], public_key_text
|
46
|
+
GitFlow.push @p[:local_gitrepo], @p[:public_keyname], @c[:time][:stamp]
|
47
|
+
|
48
|
+
exit
|
49
|
+
|
50
|
+
|
51
|
+
key4_pem = File.read 'private.secure.pem'
|
52
|
+
pass_phrase = 'superduperpasswordistoBeENTEREDRIGHT1234HereandRightNOW'
|
53
|
+
key4 = OpenSSL::PKey::RSA.new key4_pem, pass_phrase
|
54
|
+
decrypted_text = key4.private_decrypt(Base64.decode64(encrypted_string))
|
55
|
+
|
56
|
+
print "\nHey we have done the decryption.\n", "\n"
|
57
|
+
print decrypted_text, "\n"
|
58
|
+
|
59
|
+
|
60
|
+
|
61
|
+
|
62
|
+
log.info(ere) { "# -- [crypt] ------------------------------------------ -- #" }
|
63
|
+
log.info(ere) { "# ## ####### ########################################## ## #" }
|
64
|
+
|
65
|
+
end
|
66
|
+
|
67
|
+
|
68
|
+
end
|
@@ -0,0 +1,64 @@
|
|
1
|
+
[decrypt]
|
2
|
+
|
3
|
+
# ---> secret.id = DEVOPS_SECRET_MATERIAL
|
4
|
+
# ---> secret.part = e>> ENV[@s[:secret_id]]
|
5
|
+
# ---> secret.key = e>> @s[:secret_part] + CmdLine.instance.key_values[:key]
|
6
|
+
# ---> secret.dir = e>> @f[@i[:workstation]][:secrets_dir]
|
7
|
+
# ---> secret.file = e>> "DELETE_" + @f[:time][:stamp] + "_" + CmdLine.instance.key_values[:file]
|
8
|
+
# ---> secret.in = e>> File.join @s[:secret_dir], CmdLine.instance.key_values[:file]
|
9
|
+
# ---> secret.out = e>> File.join Dir.tmpdir, @s[:secret_file]
|
10
|
+
# ---> secret.crypt = e>> File.read(@s[:secret_in]).chomp
|
11
|
+
# ---> temporary.dir = e>> Dir.tmpdir
|
12
|
+
|
13
|
+
|
14
|
+
prompt.1 = Enter your Key Password
|
15
|
+
prompt.2 = Re-enter the Key Password
|
16
|
+
|
17
|
+
min.passwd.len = e>> 16
|
18
|
+
nickname = godzilla
|
19
|
+
root.domain = devopswiki.co.uk
|
20
|
+
env.var.name = SECRET_MATERIAL
|
21
|
+
machine.secret = e>> ENV[@s[:env_var_name]]
|
22
|
+
ratio = e>> 3
|
23
|
+
bit.key.size = e>> 8192
|
24
|
+
key.cipher = e>> OpenSSL::Cipher.new 'AES-128-CBC'
|
25
|
+
|
26
|
+
secret.leadtxt = e>> @s[:nickname] + dot + @s[:root_domain]
|
27
|
+
secret.keyname = e>> @s[:secret_leadtxt] + dot + @f[:time][:stamp] + ".txt"
|
28
|
+
secret.keydir = e>> @f[@i[:workstation]][:secrets_dir]
|
29
|
+
secret.rubydir = e>> Dir.new @s[:secret_keydir]
|
30
|
+
secret.newest = e>> @s[:secret_rubydir].ascii_order_file_starting_with @s[:secret_leadtxt]
|
31
|
+
secret.keytext = e>> File.read @s[:secret_newest]
|
32
|
+
|
33
|
+
repo.name = material_data
|
34
|
+
local.gitrepo = e>> File.join @i[:dir], @s[:repo_name]
|
35
|
+
public.gitrepo = https://www.eco-platform.co.uk/content/material.data.git
|
36
|
+
public.dirname = public_keys
|
37
|
+
|
38
|
+
public.keyroute = e>> File.join @s[:root_domain], @s[:public_dirname]
|
39
|
+
public.keydir = e>> File.join @s[:local_gitrepo], @s[:public_keyroute]
|
40
|
+
public.keyname = e>> "public_key." + @s[:nickname] + dot + @s[:root_domain] + ".txt"
|
41
|
+
public.keypath = e>> File.join @s[:public_keydir], @s[:public_keyname]
|
42
|
+
|
43
|
+
|
44
|
+
# --
|
45
|
+
# -- Note that we can only predict the crypt folder from looking at full path.
|
46
|
+
# -- This is because the user may enter a path string like the below.
|
47
|
+
# --
|
48
|
+
# -- --path=dates/bithdays/wife.birthday
|
49
|
+
# --
|
50
|
+
# -- So we extrapolate the crypt directory from the full file path.
|
51
|
+
# -- We also extrapolate the crypt filename from the final segment.
|
52
|
+
# --
|
53
|
+
crypt.dir.name = crypt_files
|
54
|
+
crypt.rel.base = e>> File.join @s[:root_domain], @s[:crypt_dir_name]
|
55
|
+
crypt.rel.path = e>> File.join @s[:crypt_rel_base], CmdLine.instance.key_values[:name]
|
56
|
+
crypt.sudopath = e>> File.join @s[:local_gitrepo], @s[:crypt_rel_path]
|
57
|
+
crypt.dir.path = e>> File.dirname @s[:crypt_sudopath]
|
58
|
+
crypt.filename = e>> File.basename(@s[:crypt_sudopath]) + dot + @s[:nickname] + ".crypt.txt"
|
59
|
+
crypt.filepath = e>> File.join @s[:crypt_dir_path], @s[:crypt_filename]
|
60
|
+
|
61
|
+
|
62
|
+
plaintext.name = e>> File.basename(@s[:crypt_sudopath]) + dot + @s[:nickname] + ".plain.txt"
|
63
|
+
plaintext.file = e>> "DELETE_" + @f[:time][:stamp] + "_" + @s[:plaintext_name]
|
64
|
+
plaintext.path = e>> File.join Dir.tmpdir, @s[:plaintext_file]
|
@@ -0,0 +1,49 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
# --
|
4
|
+
# -- This decryption plugin brings together many elements to
|
5
|
+
# -- decrypt text that is a union of the public key and the
|
6
|
+
# -- plaintext material.
|
7
|
+
# --
|
8
|
+
# -- To perform the decryption we
|
9
|
+
# --
|
10
|
+
# -- [1] - read the human entered relative path to the material
|
11
|
+
# -- [2] - request and read the human portion of the password
|
12
|
+
# -- [3] - read the machine password in the environment variable
|
13
|
+
# -- [4] - amalgamate (join) the human and the machine passwords
|
14
|
+
# -- [5] - download the encryptd material from a git repository
|
15
|
+
# -- [6] - access the private key from a [local] removable drive
|
16
|
+
# -- [7] - unlock the private key with the amalgamated password
|
17
|
+
# -- [8] - decrypt the text into the pre-configured destination
|
18
|
+
# --
|
19
|
+
class Decrypt < EcoSystem
|
20
|
+
|
21
|
+
|
22
|
+
def core_provisioning
|
23
|
+
|
24
|
+
log.info(ere) { "# ## ######### ######################################## ## #" }
|
25
|
+
log.info(ere) { "# -- [decrypt] ---------------------------------------- -- #" }
|
26
|
+
log.info(ere) { "# -- [decrypt] This plugin decrypts a filed string. --- -- #" }
|
27
|
+
log.info(ere) { "# -- [decrypt] ---------------------------------------- -- #" }
|
28
|
+
log.info(ere) { "# ## ######### ######################################## ## #" }
|
29
|
+
|
30
|
+
|
31
|
+
GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
|
32
|
+
Throw.if_not_exists @p[:crypt_filepath]
|
33
|
+
|
34
|
+
crypted_material = File.read @p[:crypt_filepath]
|
35
|
+
natural_password = Crypto.collect_secret @p[:min_passwd_len], @p[:prompt_1], @p[:prompt_2]
|
36
|
+
amalgam_password = Crypto.get_amalgam_password natural_password, @p[:machine_secret], @p[:ratio]
|
37
|
+
|
38
|
+
decryption_key = OpenSSL::PKey::RSA.new @p[:secret_keytext], amalgam_password
|
39
|
+
decrypted_text = decryption_key.private_decrypt(Base64.decode64(crypted_material))
|
40
|
+
|
41
|
+
File.write @p[:plaintext_path], decrypted_text
|
42
|
+
|
43
|
+
log.info(ere) { "# -- [decrypt] ------------------------------------------ -- #" }
|
44
|
+
log.info(ere) { "# ## ######### ########################################## ## #" }
|
45
|
+
|
46
|
+
end
|
47
|
+
|
48
|
+
|
49
|
+
end
|
@@ -0,0 +1,55 @@
|
|
1
|
+
[encrypt]
|
2
|
+
|
3
|
+
prompt.1 = Enter Secret Text
|
4
|
+
prompt.2 = Re-enter the Text
|
5
|
+
|
6
|
+
min.passwd.len = e>> 16
|
7
|
+
nickname = godzilla
|
8
|
+
root.domain = devopswiki.co.uk
|
9
|
+
env.var.name = SECRET_MATERIAL
|
10
|
+
ratio = e>> 3
|
11
|
+
bit.key.size = e>> 8192
|
12
|
+
key.cipher = e>> OpenSSL::Cipher.new 'AES-128-CBC'
|
13
|
+
secret.keyname = e>> @s[:nickname] + dot + @s[:root_domain] + dot + @f[:time][:stamp] + ".txt"
|
14
|
+
secret.keydir = e>> @f[@i[:workstation]][:secrets_dir]
|
15
|
+
secret.keypath = e>> File.join @s[:secret_keydir], @s[:secret_keyname]
|
16
|
+
|
17
|
+
repo.name = material_data
|
18
|
+
local.gitrepo = e>> File.join @i[:dir], @s[:repo_name]
|
19
|
+
public.gitrepo = https://www.eco-platform.co.uk/content/material.data.git
|
20
|
+
public.dirname = public_keys
|
21
|
+
|
22
|
+
public.keyroute = e>> File.join @s[:root_domain], @s[:public_dirname]
|
23
|
+
public.keydir = e>> File.join @s[:local_gitrepo], @s[:public_keyroute]
|
24
|
+
public.keyname = e>> "public_key." + @s[:nickname] + dot + @s[:root_domain] + ".txt"
|
25
|
+
public.keypath = e>> File.join @s[:public_keydir], @s[:public_keyname]
|
26
|
+
|
27
|
+
# --
|
28
|
+
# -- Note that we can only predict the crypt folder from looking at full path.
|
29
|
+
# -- This is because the user may enter a path string like the below.
|
30
|
+
# --
|
31
|
+
# -- --path=dates/bithdays/wife.birthday
|
32
|
+
# --
|
33
|
+
# -- So we extrapolate the crypt directory from the full file path.
|
34
|
+
# -- We also extrapolate the crypt filename from the final segment.
|
35
|
+
# --
|
36
|
+
crypt.dir.name = crypt_files
|
37
|
+
crypt.rel.base = e>> File.join @s[:root_domain], @s[:crypt_dir_name]
|
38
|
+
crypt.rel.path = e>> File.join @s[:crypt_rel_base], CmdLine.instance.key_values[:name]
|
39
|
+
crypt.sudopath = e>> File.join @s[:local_gitrepo], @s[:crypt_rel_path]
|
40
|
+
crypt.dir.path = e>> File.dirname @s[:crypt_sudopath]
|
41
|
+
crypt.filename = e>> File.basename(@s[:crypt_sudopath]) + dot + @s[:nickname] + ".crypt.txt"
|
42
|
+
crypt.filepath = e>> File.join @s[:crypt_dir_path], @s[:crypt_filename]
|
43
|
+
|
44
|
+
|
45
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
46
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
47
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
48
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
49
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
50
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
51
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
52
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
53
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
54
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
55
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
@@ -0,0 +1,82 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
# --
|
4
|
+
# -- This simple [cipher] plugin encrypts either the inputted string or
|
5
|
+
# -- file, using the configured public key and writes the cryptic material
|
6
|
+
# -- to a file that is checked into a git repository.
|
7
|
+
# --
|
8
|
+
# -- -----------------------
|
9
|
+
# -- Example Parameters
|
10
|
+
# -- -----------------------
|
11
|
+
# --
|
12
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
13
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
14
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
15
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
16
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
17
|
+
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
18
|
+
# --
|
19
|
+
# -- --name=dates/birthdays (mandatory)
|
20
|
+
# -- --file=/home/joe/laptop.key (optional)
|
21
|
+
# --
|
22
|
+
# -- ---------------------------------------------
|
23
|
+
# -- Escaping - Prefer BACKSLASH to DOUBLE QUOTES
|
24
|
+
# -- ---------------------------------------------
|
25
|
+
# --
|
26
|
+
# -- Sensitive keys and passwords usually contain non standard characters.
|
27
|
+
# -- Now you can use either BACKSLASHES or DOUBLE QUOTES to escape them.
|
28
|
+
# --
|
29
|
+
# -- Prefer backslash to double quotes.
|
30
|
+
# --
|
31
|
+
# -- Why? Example1 = --text=wow!wow!wee Will FAIL
|
32
|
+
# -- Example2 = --text=wow\!wow\!wee Will SUCCEED
|
33
|
+
# -- Example3 = --text=in(doubt)here Will FAIL
|
34
|
+
# -- Example4 = --text="in(doubt)here" Will SUCCEED
|
35
|
+
# -- Example5 = --text="no!way" Will FAIL
|
36
|
+
# -- Example6 = --text="no\!and(oh)my" SUCCEEDS BUT INCLUDES backslash
|
37
|
+
# -- Example7 = --text=no\!and\(oh\)my SUCCEEDS (NO backslash)
|
38
|
+
# --
|
39
|
+
# -- Example 6 will succeed but the decrypted string will include the
|
40
|
+
# -- backslash like => no\!and(oh)my
|
41
|
+
# --
|
42
|
+
# -- Example 7 is the best for when exclamation marks and soft quotes exist.
|
43
|
+
# -- Decrypted string is => no!and(oh)my
|
44
|
+
# --
|
45
|
+
class Encrypt < EcoSystem
|
46
|
+
|
47
|
+
def core_provisioning
|
48
|
+
|
49
|
+
log.info(ere) { "# ## ######### ########################################## ## #" }
|
50
|
+
log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
|
51
|
+
log.info(ere) { "# -- [encrypt] This plugin encrypts a file or string. --- -- #" }
|
52
|
+
log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
|
53
|
+
log.info(ere) { "# ## ######### ########################################## ## #" }
|
54
|
+
|
55
|
+
plaintext_secret = ""
|
56
|
+
|
57
|
+
if CmdLine.include? :file then
|
58
|
+
plaintext_filepath = CmdLine.instance.key_values[:file]
|
59
|
+
Throw.if_not_exists plaintext_filepath
|
60
|
+
plaintext_secret = File.read plaintext_filepath
|
61
|
+
else
|
62
|
+
plaintext_secret = Crypto.collect_secret 3, @p[:prompt_1], @p[:prompt_2]
|
63
|
+
end
|
64
|
+
|
65
|
+
GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
|
66
|
+
|
67
|
+
public_key_text = File.read @p[:public_keypath]
|
68
|
+
encryption_key = OpenSSL::PKey::RSA.new public_key_text
|
69
|
+
binary_crypt_text = encryption_key.public_encrypt plaintext_secret
|
70
|
+
crypt_material = Base64.encode64 binary_crypt_text
|
71
|
+
|
72
|
+
FileUtils.mkdir_p @p[:crypt_dir_path]
|
73
|
+
File.write @p[:crypt_filepath], crypt_material
|
74
|
+
GitFlow.push @p[:local_gitrepo], @p[:crypt_filename], @c[:time][:stamp]
|
75
|
+
|
76
|
+
log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
|
77
|
+
log.info(ere) { "# ## ######### ########################################## ## #" }
|
78
|
+
|
79
|
+
end
|
80
|
+
|
81
|
+
|
82
|
+
end
|