rapid-vaults 1.2.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: eab7b432d2da9ded261c422b220051585469fdd3c93dad84b2e4b9c8b272f20a
-  data.tar.gz: ce1aa65551bea26216d87c1137cb076b75b501bac785380ae78dd3161b5b0d7a
+  metadata.gz: ff3321864a63230a5cb7c5c3b57dfbfc403e2cc06f4c903e78c3bcbf4f52a4c3
+  data.tar.gz: 302469d5ba1c2306c16a438552a47dcf895423f3b661f76088ac1c8eaab21770
 SHA512:
-  metadata.gz: 59f7a29f22852e58074bd85823028b178f23117c7adb3ce491a18271263f4cf92cc8e201e8bd31949a3d0b106879802755d4bd393909a57b21f295b6123585b6
-  data.tar.gz: 6048157efbe27b351b50b102fc2dcc19604de178d6282b45098beb3d51669ff4b833ae06051a727c5768a7b933b04c3cb6850bb9644e5d6b236df95117a081ad
+  metadata.gz: 6668ff3eb490e4b68335f602693ba84ffa9b2079bf614c9f730d006a26d8ac66caa324bdf8b29dd4a15141c3ae8bb230192d97255c124930c31f296038c5f3d1
+  data.tar.gz: d79506278d8708890866ee20a742a60cb9d36d4c75f552ff0e5d051ae32f1923cbf2094bb5b0ab580677be2c36e49d458b9e90a7f9cf4091cbad689693576392

data/CHANGELOG.md

@@ -0,0 +1,23 @@
+### 1.3.0
+- Bump minimum Ruby version to 2.6.
+- Code optimization and validation improvements.
+
+### 1.2.0
+- Add GRPC support (alpha).
+- Bump minimum Ruby version to 2.5.
+- Add additional validation for key, nonce, and encrypted file contents.
+- Fix erroneous argument validations for GPG when action is `generate`.
+
+### 1.1.2
+- Added checks on input files and directories.
+- Fix bugs blocking bindings output.
+
+### 1.1.1
+- Added Puppet and Chef bindings.
+- Add `outdir` CLI option.
+
+### 1.1.0
+- Added capability to encrypt and decrypt with GNUPG/GPG.
+
+### 1.0.0
+- Initial Release

data/LICENSE.md

@@ -0,0 +1,20 @@
+Copyright (c) 2018 Matt Schuchard
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -1,7 +1,4 @@
 # Rapid Vaults
-[![Build Status](https://travis-ci.org/mschuchard/rapid-vaults.svg?branch=master)](https://travis-ci.org/mschuchard/rapid-vaults)
-[![CircleCI](https://circleci.com/gh/mschuchard/rapid-vaults.svg?style=svg)](https://circleci.com/gh/mschuchard/rapid-vaults)
-
 - [Description](#description)
 - [Usage](#usage)
   - [CLI](#cli)
@@ -99,8 +96,7 @@ Currently you set the path to the keys and other files via the environment varia
 ```ruby
 require 'rapid-vaults'
 
-options = {}
-options[:action] = :generate
+options = { action: :generate }
 key, nonce = RapidVaults::API.main(options)
 File.write('key.txt', key)
 File.write('nonce.txt', nonce)
@@ -111,12 +107,13 @@ File.write('nonce.txt', nonce)
 ```ruby
 require 'rapid-vaults'
 
-options = {}
-options[:action] = :encrypt
-options[:file] = '/path/to/data.txt'
-options[:key] = '/path/to/key.txt'
-options[:nonce] = '/path/to/nonce.txt'
-options[:pw] = File.read('/path/to/password.txt') # optional
+options = {
+  action: :encrypt,
+  file: '/path/to/data.txt',
+  key: '/path/to/key.txt',
+  nonce: '/path/to/nonce.txt',
+  pw: File.read('/path/to/password.txt') # optional
+}
 encrypted_contents, tag = RapidVaults::API.main(options)
 ```
 
@@ -125,13 +122,14 @@ encrypted_contents, tag = RapidVaults::API.main(options)
 ```ruby
 require 'rapid-vaults'
 
-options = {}
-options[:action] = :decrypt
-options[:file] = '/path/to/encrypted_data.txt'
-options[:key] = '/path/to/key.txt'
-options[:nonce] = '/path/to/nonce.txt'
-options[:tag] = '/path/to/tag.txt'
-options[:pw] = File.read('/path/to/password.txt') # optional
+options = {
+  action: :decrypt,
+  file: '/path/to/encrypted_data.txt',
+  key: '/path/to/key.txt',
+  nonce: '/path/to/nonce.txt',
+  tag: '/path/to/tag.txt',
+  pw: File.read('/path/to/password.txt') # optional
+}
 decrypted_contents = RapidVaults::API.main(options)
 ```
 
@@ -141,10 +139,11 @@ require 'rapid-vaults'
 
 ENV['GNUPGHOME'] = '/home/alice/.gnupg'
 
-options = {}
-options[:action] = :generate
-options[:algorithm] = :gpgme
-options[:gpgparams] = File.read('gpgparams.txt')
+options = {
+  action: :generate,
+  algorithm: :gpgme,
+  gpgparams: File.read('gpgparams.txt')
+}
 RapidVaults::API.main(options)
 ```
 
@@ -171,11 +170,12 @@ require 'rapid-vaults'
 
 ENV['GNUPGHOME'] = '/home/bob/.gnupg' # optional
 
-options = {}
-options[:action] = :encrypt
-options[:algorithm] = :gpgme
-options[:file] = '/path/to/data.txt'
-options[:pw] = File.read('/path/to/password.txt')
+options = {
+  action: :encrypt,
+  algorithm: :gpgme,
+  file: '/path/to/data.txt',
+  pw: File.read('/path/to/password.txt')
+}
 encrypted_contents = RapidVaults::API.main(options)
 ```
 
@@ -186,11 +186,12 @@ require 'rapid-vaults'
 
 ENV['GNUPGHOME'] = '/home/chris/.gnupg' # optional
 
-options = {}
-options[:action] = :decrypt
-options[:algorithm] = :gpgme
-options[:file] = '/path/to/encrypted_data.txt'
-options[:pw] = File.read('/path/to/password.txt')
+options = {
+  action: :decrypt,
+  algorithm: :gpgme,
+  file: '/path/to/encrypted_data.txt',
+  pw: File.read('/path/to/password.txt')
+}
 decrypted_contents = RapidVaults::API.main(options)
 ```
 

data/lib/rapid-vaults/binding.rb

@@ -1,10 +1,14 @@
 # class to output bindings with other software
 class Binding
+  # bindings matrix consts
+  CRYPT = %w[gpg ssl].freeze
+  ACTION = %w[encrypt decrypt].freeze
+
   # outputs puppet bindings
   def self.puppet(settings)
     # output puppet bindings to output directory
-    %w[gpg ssl].each do |algo|
-      %w[encrypt decrypt].each do |action|
+    CRYPT.each do |algo|
+      ACTION.each do |action|
         content = File.read("#{__dir__}/bindings/puppet_#{algo}_#{action}.rb")
         File.write("#{settings[:outdir]}puppet_#{algo}_#{action}.rb", content)
       end

data/lib/rapid-vaults/bindings/chef.rb

@@ -2,31 +2,32 @@ require 'rapid-vaults'
 
 # returns key, nonce
 def ssl_generate
-  options = {}
-  options[:action] = :generate
+  options = { action: :generate }
   RapidVaults::API.main(options)
 end
 
 # returns encrypted_contents, tag
 def ssl_encrypt
-  options = {}
-  options[:action] = :encrypt
-  options[:file] = '/path/to/data.txt'
-  options[:key] = '/path/to/cert.key'
-  options[:nonce] = '/path/to/nonce.txt'
-  options[:pw] = File.read('/path/to/password.txt') # optional
+  options = {
+    action: :encrypt,
+    file: '/path/to/data.txt',
+    key: '/path/to/key.txt',
+    nonce: '/path/to/nonce.txt',
+    pw: File.read('/path/to/password.txt') # optional
+  }
   RapidVaults::API.main(options)
 end
 
 # returns decrypted_contents
 def ssl_decrypt
-  options = {}
-  options[:action] = :decrypt
-  options[:file] = '/path/to/encrypted_data.txt'
-  options[:key] = '/path/to/cert.key'
-  options[:nonce] = '/path/to/nonce.txt'
-  options[:tag] = '/path/to/tag.txt'
-  options[:pw] = File.read('/path/to/password.txt') # optional
+  options = {
+    action: :decrypt,
+    file: '/path/to/encrypted_data.txt',
+    key: '/path/to/key.txt',
+    nonce: '/path/to/nonce.txt',
+    tag: '/path/to/tag.txt',
+    pw: File.read('/path/to/password.txt') # optional
+  }
   RapidVaults::API.main(options)
 end
 
@@ -34,10 +35,11 @@ end
 def gpg_generate
   ENV['GNUPGHOME'] = '/home/alice/.gnupg'
 
-  options = {}
-  options[:action] = :generate
-  options[:algorithm] = :gpgme
-  options[:gpgparams] = File.read('gpgparams.txt')
+  options = {
+    action: :generate,
+    algorithm: :gpgme,
+    gpgparams: File.read('gpgparams.txt')
+  }
   RapidVaults::API.main(options)
 end
 
@@ -45,11 +47,12 @@ end
 def gpg_encrypt
   ENV['GNUPGHOME'] = '/home/bob/.gnupg'
 
-  options = {}
-  options[:action] = :encrypt
-  options[:algorithm] = :gpgme
-  options[:file] = '/path/to/data.txt'
-  options[:pw] = File.read('/path/to/password.txt')
+  options = {
+    action: :encrypt,
+    algorithm: :gpgme,
+    file: '/path/to/data.txt',
+    pw: File.read('/path/to/password.txt')
+  }
   RapidVaults::API.main(options)
 end
 
@@ -57,10 +60,11 @@ end
 def gpg_decrypt
   ENV['GNUPGHOME'] = '/home/chris/.gnupg'
 
-  options = {}
-  options[:action] = :decrypt
-  options[:algorithm] = :gpgme
-  options[:file] = '/path/to/encrypted_data.txt'
-  options[:pw] = File.read('/path/to/password.txt')
+  options = {
+    action: :decrypt,
+    algorithm: :gpgme,
+    file: '/path/to/encrypted_data.txt',
+    pw: File.read('/path/to/password.txt')
+  }
   RapidVaults::API.main(options)
 end

data/lib/rapid-vaults/bindings/rapid_vaults_pb.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: rapid_vaults.proto
+
+require 'google/protobuf'
+
+
+descriptor_data = "\n\x12rapid_vaults.proto\x12\x0brapidvaults\"\x0b\n\tGenInputs\"(\n\nGenOutputs\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05nonce\x18\x02 \x01(\t\"I\n\x0bUnencrypted\x12\x0c\n\x04text\x18\x01 \x01(\t\x12\x0b\n\x03key\x18\x02 \x01(\t\x12\r\n\x05nonce\x18\x03 \x01(\t\x12\x10\n\x08password\x18\x04 \x01(\t\"&\n\tEncrypted\x12\x0c\n\x04text\x18\x01 \x01(\t\x12\x0b\n\x03tag\x18\x02 \x01(\t\"V\n\x0bUndecrypted\x12\x0c\n\x04text\x18\x01 \x01(\t\x12\x0b\n\x03key\x18\x02 \x01(\t\x12\r\n\x05nonce\x18\x03 \x01(\t\x12\x0b\n\x03tag\x18\x04 \x01(\t\x12\x10\n\x08password\x18\x05 \x01(\t\"\x19\n\tDecrypted\x12\x0c\n\x04text\x18\x01 \x01(\t2\x99\x03\n\x0bRapidVaults\x12@\n\x0bSSLGenerate\x12\x16.rapidvaults.GenInputs\x1a\x17.rapidvaults.GenOutputs\"\x00\x12@\n\x0bGPGGenerate\x12\x16.rapidvaults.GenInputs\x1a\x17.rapidvaults.GenOutputs\"\x00\x12@\n\nSSLEncrypt\x12\x18.rapidvaults.Unencrypted\x1a\x16.rapidvaults.Encrypted\"\x00\x12@\n\nGPGEncrypt\x12\x18.rapidvaults.Unencrypted\x1a\x16.rapidvaults.Encrypted\"\x00\x12@\n\nSSLDecrypt\x12\x18.rapidvaults.Undecrypted\x1a\x16.rapidvaults.Decrypted\"\x00\x12@\n\nGPGDecrypt\x12\x18.rapidvaults.Undecrypted\x1a\x16.rapidvaults.Decrypted\"\x00\x62\x06proto3"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+pool.add_serialized_file(descriptor_data)
+
+module Rapidvaults
+  GenInputs = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("rapidvaults.GenInputs").msgclass
+  GenOutputs = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("rapidvaults.GenOutputs").msgclass
+  Unencrypted = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("rapidvaults.Unencrypted").msgclass
+  Encrypted = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("rapidvaults.Encrypted").msgclass
+  Undecrypted = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("rapidvaults.Undecrypted").msgclass
+  Decrypted = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("rapidvaults.Decrypted").msgclass
+end

data/lib/rapid-vaults/bindings/rapid_vaults_services_pb.rb

@@ -0,0 +1,33 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: rapid_vaults.proto for package 'rapidvaults'
+
+require 'grpc'
+require_relative 'rapid_vaults_pb'
+
+module Rapidvaults
+  module RapidVaults
+    class Service
+
+      include ::GRPC::GenericService
+
+      self.marshal_class_method = :encode
+      self.unmarshal_class_method = :decode
+      self.service_name = 'rapidvaults.RapidVaults'
+
+      # generate SSL key and nonce
+      rpc :SSLGenerate, ::Rapidvaults::GenInputs, ::Rapidvaults::GenOutputs
+      # generate GPG key and nonce
+      rpc :GPGGenerate, ::Rapidvaults::GenInputs, ::Rapidvaults::GenOutputs
+      # encrypt with SSL
+      rpc :SSLEncrypt, ::Rapidvaults::Unencrypted, ::Rapidvaults::Encrypted
+      # encrypt with GPG
+      rpc :GPGEncrypt, ::Rapidvaults::Unencrypted, ::Rapidvaults::Encrypted
+      # decrypt with SSL
+      rpc :SSLDecrypt, ::Rapidvaults::Undecrypted, ::Rapidvaults::Decrypted
+      # decrypt with GPG
+      rpc :GPGDecrypt, ::Rapidvaults::Undecrypted, ::Rapidvaults::Decrypted
+    end
+
+    Stub = Service.rpc_stub_class
+  end
+end

data/lib/rapid-vaults/cli.rb

@@ -6,7 +6,7 @@ class RapidVaults::CLI
   def self.main(args)
     # parse args in cli and denote using cli
     settings = parse(args)
-    if settings[:action] == :encrypt || settings[:action] == :decrypt
+    if %i[encrypt decrypt].include?(settings[:action])
       args.empty? ? (raise 'rapid-vaults: no file specified; try using --help') : settings[:file] = args.first
     end
 
@@ -31,7 +31,9 @@ class RapidVaults::CLI
 
       # base options
       opts.on('--version', 'Display the current version.') do
-        puts 'rapid-vaults 1.2.0'
+        require 'rubygems'
+
+        puts Gem::Specification.load("#{File.dirname(__FILE__)}/../../rapid-vaults.gemspec").version
         exit 0
       end
 
@@ -49,7 +51,7 @@ class RapidVaults::CLI
       opts.on('-t', '--tag tag', String, 'Tag file to be used for decryption (GPG: n/a).') { |arg| settings[:tag] = arg }
       opts.on('-p', '--password password', String, '(optional) Password to be used for encryption or decryption (GPG: required).') { |arg| settings[:pw] = arg }
       opts.on('-f', '--file-password password.txt', String, '(optional) Text file containing a password to be used for encryption or decryption (GPG: required).') do |arg|
-        raise "Password file #{arg} is not an existing file!" unless File.file?(arg)
+        raise "Password file #{arg} is not an existing readable file!" unless File.readable?(arg)
         settings[:pw] = File.read(arg)
       end
 
@@ -61,7 +63,7 @@ class RapidVaults::CLI
 
       # other
       opts.on('--gpgparams params.txt', String, 'GPG Key params input file used during generation of keys.') do |arg|
-        raise "GPG Parameters file #{arg} is not an existing file!" unless File.file?(arg)
+        raise "GPG Parameters file #{arg} is not an existing readable file!" unless File.readable?(arg)
         settings[:gpgparams] = File.read(arg)
       end
       opts.on('-o --outdir', String, 'Optional output directory for generated files (default: pwd). (GPG: optional)') do |arg|

data/lib/rapid-vaults/decrypt.rb

@@ -4,12 +4,6 @@ class Decrypt
   def self.openssl(settings)
     require 'openssl'
 
-    # validate key, nonce, encrypted, and tag
-    raise 'The key is not a valid 32 byte key.' unless settings[:key].bytesize == 32
-    raise 'The nonce is not a valid 12 byte nonce.' unless settings[:nonce].bytesize == 12
-    raise 'The encrypted data is not a valid multiple of 9 bytes.' unless (settings[:file].bytesize % 9).zero?
-    raise 'Tag is not 16 bytes.' unless settings[:tag].bytesize == 16
-
     # setup the decryption parameters
     decipher = OpenSSL::Cipher.new('aes-256-gcm').decrypt
     decipher.key = settings[:key]
@@ -34,7 +28,7 @@ class Decrypt
     require 'gpgme'
 
     # check if GPGHOME env was set
-    puts "Environment variable 'GNUPGHOME' was not set. Files in #{ENV['HOME']}/.gnupg will be used for authentication." unless ENV['GNUPGHOME']
+    puts "Environment variable 'GNUPGHOME' was not set. Files in #{Dir.home}/.gnupg will be used for authentication." unless ENV.fetch('GNUPGHOME', false)
 
     # setup the decryption parameters
     encrypted = GPGME::Data.new(settings[:file])

data/lib/rapid-vaults/encrypt.rb

@@ -4,10 +4,6 @@ class Encrypt
   def self.openssl(settings)
     require 'openssl'
 
-    # validate key and nonce
-    raise 'The key is not a valid 32 byte key.' unless settings[:key].bytesize == 32
-    raise 'The nonce is not a valid 12 byte nonce.' unless settings[:nonce].bytesize == 12
-
     # setup the encryption parameters
     cipher = OpenSSL::Cipher.new('aes-256-gcm').encrypt
     cipher.key = settings[:key]
@@ -32,7 +28,7 @@ class Encrypt
     require 'gpgme'
 
     # check if GPGHOME env was set
-    puts "Environment variable 'GNUPGHOME' was not set. Files in #{ENV['HOME']}/.gnupg will be used for authentication." unless ENV['GNUPGHOME']
+    puts "Environment variable 'GNUPGHOME' was not set. Files in #{Dir.home}/.gnupg will be used for authentication." unless ENV.fetch('GNUPGHOME', false)
 
     # setup the encryption parameters
     crypto = GPGME::Crypto.new(armor: true, pinentry_mode: GPGME::PINENTRY_MODE_LOOPBACK)

data/lib/rapid-vaults/generate.rb

@@ -24,10 +24,10 @@ class Generate
     require 'gpgme'
 
     # ensure we have a place to store these output files
-    raise 'Environment variable "GNUPGHOME" was not set.' unless ENV['GNUPGHOME']
+    raise 'Environment variable "GNUPGHOME" was not set.' unless ENV.fetch('GNUPGHOME', false)
 
     # create gpg keys
     GPGME::Ctx.new.generate_key(settings[:gpgparams], nil, nil)
-    puts "Your GPG keys have been generated in #{ENV['GNUPGHOME']}." if settings[:ui] == :cli
+    puts "Your GPG keys have been generated in #{ENV.fetch['GNUPGHOME']}." if settings[:ui] == :cli
   end
 end

data/lib/rapid_vaults.rb

@@ -11,7 +11,6 @@ class RapidVaults
     self.class.process(settings)
 
     # execute desired action and algorithm via dynamic call
-    # public_send("#{settings[:action].capitalize}.#{settings[:algorithm]}".to_sym, settings)
     case settings[:action]
     when :generate then Generate.public_send(settings[:algorithm], settings)
     when :encrypt then Encrypt.public_send(settings[:algorithm], settings)
@@ -22,9 +21,9 @@ class RapidVaults
 
   # method for processing the settings and inputs
   def self.process(settings)
-    # :outdir only relevant for :cli
+    # default to openssl algorithm and `pwd` output directory
     if settings[:ui] == :cli
-      # default to openssl algorithm and `pwd` output directory
+      # :outdir only relevant for :cli
       settings[:outdir] ||= Dir.pwd
       settings[:outdir] += '/' unless settings[:outdir][-1] == '/'
     end
@@ -33,7 +32,7 @@ class RapidVaults
     settings[:algorithm] ||= :openssl
 
     # check for problems with arguments and inputs
-    public_send("process_#{settings[:algorithm]}".to_sym, settings)
+    public_send(:"process_#{settings[:algorithm]}", settings)
   end
 
   # processing openssl
@@ -55,8 +54,17 @@ class RapidVaults
     # check inputs and read in files
     raise 'Password must be a string.' if settings.key?(:pw) && !settings[:pw].is_a?(String)
     %i[file key nonce].each(&process_input)
-    # only decrypt needs a tag input
+
+    # validate key and nonce
+    raise 'The key is not a valid 32 byte key.' unless settings[:key].bytesize == 32
+    raise 'The nonce is not a valid 12 byte nonce.' unless settings[:nonce].bytesize == 12
+
+    # decrypt: check inputs and read in files, and validate encrypted and tag
+    return unless settings[:action] == :decrypt
     process_input.call(:tag) if settings[:action] == :decrypt
+
+    raise 'The encrypted data is not a valid multiple of 9 bytes.' unless (settings[:file].bytesize % 9).zero?
+    raise 'Tag is not 16 bytes.' unless settings[:tag].bytesize == 16
   end
 
   # processing gpgme

data/lib/rapid_vaults.rbs

@@ -0,0 +1,40 @@
+# Classes
+class Binding
+  CRYPT: [String, String]
+  ACTION: [String, String]
+
+  def self.puppet: (Hash[Symbol, untyped]) -> nil
+  def self.chef: (Hash[Symbol, untyped]) -> nil
+end
+
+class Decrypt
+  def self.openssl: (Hash[Symbol, untyped]) -> String?
+  def self.gpgme: (Hash[Symbol, untyped]) -> String?
+end
+
+class Encrypt
+  def self.openssl: (Hash[Symbol, untyped]) -> [String, String]?
+  def self.gpgme: (Hash[Symbol, untyped]) -> String?
+end
+
+class Generate
+  def self.openssl: (Hash[Symbol, untyped]) -> [String, String]?
+  def self.gpgme: (Hash[Symbol, untyped]) -> nil
+end
+
+class RapidVaults
+  def main: (Hash[Symbol, untyped]) -> nil
+  def self.process: (Hash[Symbol, untyped]) -> nil
+  def self.process_openssl: (Hash[Symbol, untyped]) -> nil
+  def self.process_gpgme: (Hash[Symbol, untyped]) -> nil
+
+  class API
+    def self.main: (Hash[Symbol, untyped]) -> nil
+    def self.parse: (Hash[Symbol, untyped]) -> Hash[Symbol, untyped]
+  end
+
+  class CLI
+    def self.main: ([String]) -> Integer
+    def self.parse: ([String]) -> Hash[Symbol, untyped]
+  end
+end

data/rapid-vaults.gemspec

@@ -0,0 +1,23 @@
+Gem::Specification.new do |spec|
+  spec.name          = 'rapid-vaults'
+  spec.version       = '1.3.0'
+  spec.authors       = ['Matt Schuchard']
+  spec.description   = 'Ad-hoc encrypt and decrypt data behind multiple layers of protection via OpenSSL or GPG.'
+  spec.summary       = 'Ad-hoc encrypt and decrypt data.'
+  spec.homepage      = 'https://www.github.com/mschuchard/rapid-vaults'
+  spec.license       = 'MIT'
+
+  spec.files         = Dir['bin/**/*', 'lib/**/*', 'spec/**/*', 'CHANGELOG.md', 'LICENSE.md', 'README.md', 'rapid-vaults.gemspec']
+  spec.executables   = spec.files.grep(%r{^bin/}) { |file| File.basename(file) }
+  spec.require_paths = Dir['lib']
+
+  spec.required_ruby_version = '>= 2.6.0'
+  spec.add_dependency 'gpgme', '~> 2.0'
+  spec.add_development_dependency 'grpc', '~> 1.0'
+  spec.add_development_dependency 'grpc-tools', '~> 1.0'
+  spec.add_development_dependency 'rake', '~> 13.0'
+  spec.add_development_dependency 'reek', '~> 6.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'rubocop', '~> 1.0'
+  spec.add_development_dependency 'rubocop-performance', '~> 1.0'
+end

data/spec/rapid-vaults/cli_spec.rb

@@ -22,10 +22,10 @@ describe RapidVaults::CLI do
       expect(RapidVaults::CLI.parse(%w[-b puppet -o .])).to eq(ui: :cli, action: :binding, binding: :puppet, outdir: '.')
     end
     it 'raises an error for a nonexistent password file' do
-      expect { RapidVaults::CLI.parse(%w[-f /nopasswordhere]) }.to raise_error('Password file /nopasswordhere is not an existing file!')
+      expect { RapidVaults::CLI.parse(%w[-f /nopasswordhere]) }.to raise_error('Password file /nopasswordhere is not an existing readable file!')
     end
     it 'raises an error for a nonexistent gpg parameters file' do
-      expect { RapidVaults::CLI.parse(%w[--gpgparams /foo/bar]) }.to raise_error('GPG Parameters file /foo/bar is not an existing file!')
+      expect { RapidVaults::CLI.parse(%w[--gpgparams /foo/bar]) }.to raise_error('GPG Parameters file /foo/bar is not an existing readable file!')
     end
     it 'raises an error for a nonexistent output directory' do
       expect { RapidVaults::CLI.parse(%w[-o /foo/bar/baz]) }.to raise_error('The output directory /foo/bar/baz does not exist or is not a directory!')

data/spec/rapid-vaults/decrypt_spec.rb

@@ -5,7 +5,6 @@ require_relative '../../lib/rapid-vaults/decrypt'
 describe Decrypt do
   context '.openssl' do
     require 'openssl'
-    require 'securerandom'
     cipher = OpenSSL::Cipher.new('aes-256-gcm').encrypt
     key = cipher.random_key
     nonce = cipher.random_iv
@@ -28,41 +27,26 @@ describe Decrypt do
       expect(decrypt).to be_a(String)
       expect(decrypt).to eq("foo: bar\n")
     end
-    it 'raises an error for an invalid tag size' do
-      expect { Decrypt.openssl(file: File.read('encrypted.txt'), key: key, nonce: nonce, tag: SecureRandom.random_bytes(24).strip) }.to raise_error('Tag is not 16 bytes.')
-    end
-    it 'raises an error for an invalid key size' do
-      expect { Decrypt.openssl(key: SecureRandom.random_bytes(64).strip) }.to raise_error('The key is not a valid 32 byte key.')
-    end
-    it 'raises an error for an invalid nonce size' do
-      expect { Decrypt.openssl(key: key, nonce: SecureRandom.random_bytes(24).strip) }.to raise_error('The nonce is not a valid 12 byte nonce.')
-    end
-    it 'raises an error for corrupted encrypted file content' do
-      expect { Decrypt.openssl(file: SecureRandom.random_bytes(16).strip, key: key, nonce: nonce) }.to raise_error('The encrypted data is not a valid multiple of 9 bytes.')
-    end
   end
 
-  # travis ci cannot support non-interactive gpg encryption
-  unless ENV['TRAVIS'] == 'true'
-    context '.gpgme' do
-      before(:all) do
-        Encrypt.gpgme(ui: :cli, file: "foo: bar\n", key: '', pw: 'foo')
-      end
+  context '.gpgme' do
+    before(:all) do
+      Encrypt.gpgme(ui: :cli, file: "foo: bar\n", key: '', pw: 'foo')
+    end
 
-      after(:all) do
-        %w[encrypted.txt decrypted.txt].each { |file| File.delete(file) }
-      end
+    after(:all) do
+      %w[encrypted.txt decrypted.txt].each { |file| File.delete(file) }
+    end
 
-      it 'outputs a decrypted file with the key from the cli' do
-        Decrypt.gpgme(ui: :cli, file: File.read('encrypted.txt'), key: '', pw: 'foo')
-        expect(File.file?('decrypted.txt')).to be true
-        expect(File.read('decrypted.txt')).to eq("foo: bar\n")
-      end
-      it 'outputs decrypted content with the key from the api' do
-        decrypt = Decrypt.gpgme(ui: :api, file: File.read('encrypted.txt'), key: '', pw: 'foo')
-        expect(decrypt).to be_a(String)
-        expect(decrypt).to eq("foo: bar\n")
-      end
+    it 'outputs a decrypted file with the key from the cli' do
+      Decrypt.gpgme(ui: :cli, file: File.read('encrypted.txt'), key: '', pw: 'foo')
+      expect(File.file?('decrypted.txt')).to be true
+      expect(File.read('decrypted.txt')).to eq("foo: bar\n")
+    end
+    it 'outputs decrypted content with the key from the api' do
+      decrypt = Decrypt.gpgme(ui: :api, file: File.read('encrypted.txt'), key: '', pw: 'foo')
+      expect(decrypt).to be_a(String)
+      expect(decrypt).to eq("foo: bar\n")
     end
   end
 end

data/spec/rapid-vaults/encrypt_spec.rb

@@ -4,7 +4,6 @@ require_relative '../../lib/rapid-vaults/encrypt'
 describe Encrypt do
   context '.openssl' do
     require 'openssl'
-    require 'securerandom'
     cipher = OpenSSL::Cipher.new('aes-256-gcm').encrypt
     key = cipher.random_key
     nonce = cipher.random_iv
@@ -26,29 +25,20 @@ describe Encrypt do
     it 'outputs an array of encrypted content and tag with the key and nonce from the api' do
       encrypt = Encrypt.openssl(ui: :api, file: "foo: bar\n", key: key, nonce: nonce)
       expect(encrypt).to be_a(Array)
+      expect(encrypt.length).to eq(2)
       expect(encrypt[0]).to be_a(String)
       expect(encrypt[1]).to be_a(String)
-      expect(encrypt.length).to eq(2)
-    end
-    it 'raises an error for an invalid key size' do
-      expect { Encrypt.openssl(key: SecureRandom.random_bytes(64).strip) }.to raise_error('The key is not a valid 32 byte key.')
-    end
-    it 'raises an error for an invalid nonce size' do
-      expect { Encrypt.openssl(key: key, nonce: SecureRandom.random_bytes(24).strip) }.to raise_error('The nonce is not a valid 12 byte nonce.')
     end
   end
 
-  # travis ci cannot support non-interactive gpg encryption
-  unless ENV['TRAVIS'] == 'true'
-    context '.gpgme' do
-      it 'outputs an encrypted file with the key from the cli' do
-        Encrypt.gpgme(ui: :cli, file: "foo: bar\n", key: '', pw: 'foo')
-        expect(File.file?('encrypted.txt')).to be true
-      end
-      it 'outputs a string of encrypted content with the key from the api' do
-        encrypt = Encrypt.gpgme(ui: :api, file: "foo: bar\n", key: '', pw: 'foo')
-        expect(encrypt).to be_a(String)
-      end
+  context '.gpgme' do
+    it 'outputs an encrypted file with the key from the cli' do
+      Encrypt.gpgme(ui: :cli, file: "foo: bar\n", key: '', pw: 'foo')
+      expect(File.file?('encrypted.txt')).to be true
+    end
+    it 'outputs a string of encrypted content with the key from the api' do
+      encrypt = Encrypt.gpgme(ui: :api, file: "foo: bar\n", key: '', pw: 'foo')
+      expect(encrypt).to be_a(String)
     end
   end
 end

data/spec/rapid-vaults/generate_spec.rb

@@ -17,9 +17,9 @@ describe Generate do
     it 'outputs an array with the key and nonce from the api' do
       generate = Generate.openssl(ui: :api)
       expect(generate).to be_a(Array)
+      expect(generate.length).to eq(2)
       expect(generate[0]).to be_a(String)
       expect(generate[1]).to be_a(String)
-      expect(generate.length).to eq(2)
     end
   end
 
@@ -27,24 +27,21 @@ describe Generate do
     it 'raises an error for a missing GNUPGHOME variable' do
       expect { Generate.gpgme(gpgparams: File.read("#{fixtures_dir}/gpgparams.txt")) }.to raise_error('Environment variable "GNUPGHOME" was not set.')
     end
-    # travis ci cannot support non-interactive gpg
-    unless ENV['TRAVIS'] == 'true'
-      it 'generates the key files' do
-        require 'fileutils'
+    it 'generates the key files' do
+      require 'fileutils'
 
-        ENV['GNUPGHOME'] = fixtures_dir
+      ENV['GNUPGHOME'] = fixtures_dir
 
-        Generate.gpgme(gpgparams: File.read("#{fixtures_dir}/gpgparams.txt"))
-        %w[trustdb.gpg pubring.kbx pubring.kbx~].each do |file|
-          expect(File.file?("#{fixtures_dir}/#{file}")).to be true
-          File.delete("#{fixtures_dir}/#{file}")
-        end
-        %w[openpgp-revocs.d private-keys-v1.d].each do |dir|
-          expect(File.directory?("#{fixtures_dir}/#{dir}")).to be true
-          FileUtils.rm_r("#{fixtures_dir}/#{dir}")
-        end
-        %w[S.gpg-agent random_seed].each { |file| File.delete("#{fixtures_dir}/#{file}") if File.exist?(file) }
+      Generate.gpgme(gpgparams: File.read("#{fixtures_dir}/gpgparams.txt"))
+      %w[trustdb.gpg pubring.kbx pubring.kbx~].each do |file|
+        expect(File.file?("#{fixtures_dir}/#{file}")).to be true
+        File.delete("#{fixtures_dir}/#{file}")
+      end
+      %w[openpgp-revocs.d private-keys-v1.d].each do |dir|
+        expect(File.directory?("#{fixtures_dir}/#{dir}")).to be true
+        FileUtils.rm_r("#{fixtures_dir}/#{dir}")
       end
+      %w[S.gpg-agent random_seed].each { |file| File.delete("#{fixtures_dir}/#{file}") if File.file?(file) }
     end
   end
 end

data/spec/rapid-vaults/grpc_spec.rb

@@ -1,7 +1,15 @@
 require_relative '../../lib/rapid-vaults/grpc'
 
 # TODO: use RapidVaults::GRPC.server instead?
-stub = Rapidvaults::RapidVaults::Stub.new('localhost:0.0.0.0:8080', :this_channel_is_insecure)
+
+# stub = Rapidvaults::RapidVaults::Stub.new('localhost:0.0.0.0:8080', :this_channel_is_insecure)
+describe GRPC do
+  context '.Stub' do
+    it 'starts a rapaid-vaults api local server' do
+      expect { Rapidvaults::RapidVaults::Stub.new('localhost:0.0.0.0:8080', :this_channel_is_insecure) }.not_to raise_error
+    end
+  end
+end
 
 # need to create class with encode member method to pass in as dummy
 # ssl generate

data/spec/rapid_vaults_spec.rb

@@ -3,6 +3,23 @@ require_relative '../lib/rapid_vaults'
 
 describe RapidVaults do
   context '.process' do
+    # prepare for support file validation tests
+    require 'securerandom'
+    before(:all) do
+      File.write('key_bad.txt', SecureRandom.random_bytes(64).strip)
+      File.write('key_good.txt', SecureRandom.random_bytes(32).strip)
+      File.write('nonce_bad.txt', SecureRandom.random_bytes(24).strip)
+      File.write('nonce_good.txt', SecureRandom.random_bytes(12).strip)
+      File.write('tag_bad.txt', SecureRandom.random_bytes(24).strip)
+      File.write('tag_good.txt', SecureRandom.random_bytes(16).strip)
+      File.write('encrypted_bad.txt', SecureRandom.random_bytes(16).strip)
+      File.write('encrypted_good.txt', '')
+    end
+
+    after(:all) do
+      %w[key nonce tag encrypted].each { |file| File.delete("#{file}_bad.txt", "#{file}_good.txt") }
+    end
+
     it 'raises an error for a non-string password with openssl' do
       expect { RapidVaults.process(action: :encrypt, file: 'a', key: 'b', nonce: 'c', pw: 1) }.to raise_error('Password must be a string.')
     end
@@ -33,9 +50,20 @@ describe RapidVaults do
     it 'raises an error for a nonexistent input file with gpgme' do
       expect { RapidVaults.process(algorithm: :gpgme, action: :encrypt, file: 'a', pw: 'password') }.to raise_error('Input file \'a\' for argument \'file\' is not an existing readable file.')
     end
+    it 'raises an error for an invalid key size' do
+      expect { RapidVaults.process(action: :encrypt, file: "#{fixtures_dir}file.yaml", key: 'key_bad.txt', nonce: 'nonce_good.txt') }.to raise_error('The key is not a valid 32 byte key.')
+    end
+    it 'raises an error for an invalid nonce size' do
+      expect { RapidVaults.process(action: :encrypt, file: "#{fixtures_dir}file.yaml", key: 'key_good.txt', nonce: 'nonce_bad.txt') }.to raise_error('The nonce is not a valid 12 byte nonce.')
+    end
+    it 'raises an error for an invalid tag size' do
+      expect { RapidVaults.process(action: :decrypt, file: 'encrypted_good.txt', key: 'key_good.txt', nonce: 'nonce_good.txt', tag: 'tag_bad.txt') }.to raise_error('Tag is not 16 bytes.')
+    end
+    it 'raises an error for corrupted encrypted file content' do
+      expect { RapidVaults.process(action: :decrypt, file: 'encrypted_bad.txt', key: 'key_good.txt', nonce: 'nonce_good.txt', tag: 'tag_good.txt') }.to raise_error('The encrypted data is not a valid multiple of 9 bytes.')
+    end
     it 'reads in all input files correctly for openssl encryption' do
-      dummy = "#{fixtures_dir}file.yaml"
-      expect { RapidVaults.process(action: :encrypt, file: dummy, key: dummy, nonce: dummy, pw: 'password') }.not_to raise_exception
+      expect { RapidVaults.process(action: :decrypt, file: 'encrypted_good.txt', key: 'key_good.txt', nonce: 'nonce_good.txt', tag: 'tag_good.txt', pw: 'password') }.not_to raise_exception
     end
     it 'reads in all input files correctly for gpgme decryption' do
       dummy = "#{fixtures_dir}file.yaml"

data/spec/system/system_spec.rb

@@ -7,7 +7,7 @@ describe RapidVaults do
     require 'fileutils'
 
     %w[key.txt nonce.txt tag.txt encrypted.txt decrypted.txt chef.rb puppet_gpg_decrypt.rb puppet_gpg_encrypt.rb puppet_ssl_decrypt.rb puppet_ssl_encrypt.rb].each { |file| File.delete(file) }
-    unless ENV['TRAVIS'] == 'true' || ENV['CIRCLECI'] == 'true' || ENV['GITHUB_ACTIONS'] == 'true'
+    unless ENV['CIRCLECI'] == 'true' || ENV['GITHUB_ACTIONS'] == 'true'
       %w[random_seed pubring.kbx trustdb.gpg pubring.kbx~].each { |file| File.delete(file) }
       %w[openpgp-revocs.d private-keys-v1.d].each { |dir| FileUtils.rm_r(dir) }
     end
@@ -59,8 +59,8 @@ describe RapidVaults do
     end
   end
 
-  # all three ci cannot support end-to-end gpg generate/encrypt/decrypt
-  unless ENV['TRAVIS'] == 'true' || ENV['CIRCLECI'] == 'true' || ENV['GITHUB_ACTIONS'] == 'true'
+  # ci platforms cannot support end-to-end gpg generate/encrypt/decrypt
+  unless ENV['CIRCLECI'] == 'true' || ENV['GITHUB_ACTIONS'] == 'true'
     context 'executed wtih gpg algorithm as a system from the CLI with settings and a file to be processed' do
       it 'encrypts a file and then decrypts a file in order' do
         ENV['GNUPGHOME'] = fixtures_dir
@@ -68,8 +68,6 @@ describe RapidVaults do
         # generate and utilize files inside suitable directory
         Dir.chdir(fixtures_dir)
 
-        puts fixtures_dir
-
         # generate keys
         RapidVaults::CLI.main(%w[-g --gpg --gpgparams gpgparams.txt])
         %w[trustdb.gpg pubring.kbx pubring.kbx~].each { |file| expect(File.file?("#{fixtures_dir}/#{file}")).to be true }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rapid-vaults
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Matt Schuchard
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-08-05 00:00:00.000000000 Z
+date: 2025-09-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gpgme
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: reek
   requirement: !ruby/object:Gem::Requirement
@@ -98,22 +98,16 @@ dependencies:
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0.58'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '2'
+        version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0.58'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '2'
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
@@ -136,6 +130,8 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- CHANGELOG.md
+- LICENSE.md
 - README.md
 - bin/rapid-vaults
 - lib/rapid-vaults/api.rb
@@ -145,12 +141,16 @@ files:
 - lib/rapid-vaults/bindings/puppet_gpg_encrypt.rb
 - lib/rapid-vaults/bindings/puppet_ssl_decrypt.rb
 - lib/rapid-vaults/bindings/puppet_ssl_encrypt.rb
+- lib/rapid-vaults/bindings/rapid_vaults_pb.rb
+- lib/rapid-vaults/bindings/rapid_vaults_services_pb.rb
 - lib/rapid-vaults/cli.rb
 - lib/rapid-vaults/decrypt.rb
 - lib/rapid-vaults/encrypt.rb
 - lib/rapid-vaults/generate.rb
 - lib/rapid-vaults/grpc.rb
 - lib/rapid_vaults.rb
+- lib/rapid_vaults.rbs
+- rapid-vaults.gemspec
 - spec/fixtures/file.yaml
 - spec/fixtures/gpgparams.txt
 - spec/rapid-vaults/api_spec.rb
@@ -175,27 +175,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.5.0
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.5
+rubygems_version: 3.4.20
 signing_key:
 specification_version: 4
 summary: Ad-hoc encrypt and decrypt data.
-test_files:
-- spec/fixtures/file.yaml
-- spec/fixtures/gpgparams.txt
-- spec/rapid-vaults/api_spec.rb
-- spec/rapid-vaults/binding_spec.rb
-- spec/rapid-vaults/cli_spec.rb
-- spec/rapid-vaults/decrypt_spec.rb
-- spec/rapid-vaults/encrypt_spec.rb
-- spec/rapid-vaults/generate_spec.rb
-- spec/rapid-vaults/grpc_spec.rb
-- spec/rapid_vaults_spec.rb
-- spec/spec_helper.rb
-- spec/system/system_spec.rb
+test_files: []