rapid-vaults 1.3.0 → 1.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ff3321864a63230a5cb7c5c3b57dfbfc403e2cc06f4c903e78c3bcbf4f52a4c3
-  data.tar.gz: 302469d5ba1c2306c16a438552a47dcf895423f3b661f76088ac1c8eaab21770
+  metadata.gz: 3b0cdeb7f71f3f2a7ded9f820beb5ca0783be43de7601b513dfc678d78cc838d
+  data.tar.gz: b5b89f9d9842f9e52272e146635dcb173b3cbe6213b20b057e8d431f175fe318
 SHA512:
-  metadata.gz: 6668ff3eb490e4b68335f602693ba84ffa9b2079bf614c9f730d006a26d8ac66caa324bdf8b29dd4a15141c3ae8bb230192d97255c124930c31f296038c5f3d1
-  data.tar.gz: d79506278d8708890866ee20a742a60cb9d36d4c75f552ff0e5d051ae32f1923cbf2094bb5b0ab580677be2c36e49d458b9e90a7f9cf4091cbad689693576392
+  metadata.gz: 2499dc4629ed310eda5a6dc925576b7eba089ea541864ae43adbcb925162e77c97d6cc0a81c52d0b5052a9f809aa1a1e44e9173ae463b32213b0fab00ca87c56
+  data.tar.gz: dce32b3c164c16779bbaee284987d3884f8304f197d215d51c5a7ce9c68966afe114225ca1c0e8c66be5dc3bf8cb04a50d0fea461d5e8d32a2c71cac13aa99f1

data/CHANGELOG.md

@@ -1,3 +1,15 @@
+### 1.3.2
+- Add `--force` CLI flag, and do not overwrite files by default.
+- Improve output file pathing.
+- Fix password file setting in Puppet bindings.
+- Fix longform output directory CLI argument.
+
+### 1.3.1
+- Fix GPG keys output path message.
+- Fix encrypted data validation.
+- Enforce non-empty password when input.
+- Validate API settings analogous to CLI.
+
 ### 1.3.0
 - Bump minimum Ruby version to 2.6.
 - Code optimization and validation improvements.

data/lib/rapid-vaults/api.rb

@@ -10,6 +10,13 @@ class RapidVaults::API
 
   # parse api options; this is mostly here for unit testing
   def self.parse(settings)
+    # validate args
+    if %i[encrypt decrypt].include?(settings[:action])
+      raise 'no file specified for encryption or decryption' if !settings.key?(:file)
+    end
+
+    raise 'input password cannot be empty' if settings.key?(:pw) && settings[:pw].empty?
+
     # establish settings for api and denote using api
     settings.merge({ ui: :api })
   end

data/lib/rapid-vaults/binding.rb

@@ -10,7 +10,7 @@ class Binding
     CRYPT.each do |algo|
       ACTION.each do |action|
         content = File.read("#{__dir__}/bindings/puppet_#{algo}_#{action}.rb")
-        File.write("#{settings[:outdir]}puppet_#{algo}_#{action}.rb", content)
+        File.write(File.join(settings[:outdir], "puppet_#{algo}_#{action}.rb"), content)
       end
     end
   end
@@ -19,6 +19,6 @@ class Binding
   def self.chef(settings)
     # output chef bindings to output directory
     content = File.read("#{__dir__}/bindings/chef.rb")
-    File.write("#{settings[:outdir]}chef.rb", content)
+    File.write(File.join(settings[:outdir], 'chef.rb'), content)
   end
 end

data/lib/rapid-vaults/bindings/puppet_ssl_decrypt.rb

@@ -28,7 +28,7 @@ Puppet::Functions.create_function(:ssl_decrypt) do
     # initialize settings
     settings = { action: :decrypt, file: file, key: key, nonce: nonce, tag: tag }
     # update settings with password if input
-    settings[pw: File.read(password_file)] unless password_file.nil?
+    settings[:pw] = File.read(password_file) unless password_file.nil?
 
     RapidVaults::API.main(settings)
   end

data/lib/rapid-vaults/bindings/puppet_ssl_encrypt.rb

@@ -27,7 +27,7 @@ Puppet::Functions.create_function(:ssl_encrypt) do
     settings = { action: :encrypt, file: file, key: key, nonce: nonce }
     return_hash = {}
     # update settings with password if input
-    settings[pw: File.read(password_file)] unless password_file.nil?
+    settings[:pw] = File.read(password_file) unless password_file.nil?
 
     return_hash[:encrypted_contents], return_hash[:tag] = RapidVaults::API.main(settings)
 

data/lib/rapid-vaults/cli.rb

@@ -6,10 +6,14 @@ class RapidVaults::CLI
   def self.main(args)
     # parse args in cli and denote using cli
     settings = parse(args)
+
+    # validate args
     if %i[encrypt decrypt].include?(settings[:action])
       args.empty? ? (raise 'rapid-vaults: no file specified; try using --help') : settings[:file] = args.first
     end
 
+    raise 'input password cannot be empty' if settings.key?(:pw) && settings[:pw].empty?
+
     # run RapidVaults with specified file
     RapidVaults.new.main(settings)
     0
@@ -66,10 +70,11 @@ class RapidVaults::CLI
         raise "GPG Parameters file #{arg} is not an existing readable file!" unless File.readable?(arg)
         settings[:gpgparams] = File.read(arg)
       end
-      opts.on('-o --outdir', String, 'Optional output directory for generated files (default: pwd). (GPG: optional)') do |arg|
+      opts.on('-o', '--outdir output_directory', String, 'Optional output directory for generated files (default: pwd). (GPG: optional)') do |arg|
         raise "The output directory #{arg} does not exist or is not a directory!" unless File.directory?(arg)
         settings[:outdir] = arg
       end
+      opts.on('--force', 'Force overwrite of existing files during generation, encryption, and decryption.') { settings[:force] = true }
     end
 
     # parse args and return settings

data/lib/rapid-vaults/decrypt.rb

@@ -14,9 +14,18 @@ class Decrypt
     # output the decryption
     case settings[:ui]
     when :cli
+      # efficiency assignment
+      outdir = settings[:outdir]
+      decryptfile = File.join(outdir, 'decrypted.txt')
+
+      # check if already exists and no force flag
+      if File.exist?(decryptfile)
+        raise "decrypted.txt already exists in #{outdir}. Use the --force flag to overwrite existing files." unless settings[:force]
+      end
+
       # output to file
-      File.write("#{settings[:outdir]}decrypted.txt", decipher.update(settings[:file]) + decipher.final)
-      puts "Your decrypted.txt has been written out to #{settings[:outdir]}."
+      File.write(decryptfile, decipher.update(settings[:file]) + decipher.final)
+      puts "Your decrypted.txt has been written out to #{outdir}."
     when :api
       # output to string
       decipher.update(settings[:file]) + decipher.final
@@ -37,9 +46,18 @@ class Decrypt
     # output the decryption
     case settings[:ui]
     when :cli
+      # efficiency assignment
+      outdir = settings[:outdir]
+      decryptfile = File.join(outdir, 'decrypted.txt')
+
+      # check if already exists and no force flag
+      if File.exist?(decryptfile)
+        raise "decrypted.txt already exists in #{outdir}. Use the --force flag to overwrite existing files." unless settings[:force]
+      end
+
       # output to file
-      File.write("#{settings[:outdir]}decrypted.txt", crypto.decrypt(encrypted, password: settings[:pw]).read)
-      puts "Your decrypted.txt has been written out to #{settings[:outdir]}."
+      File.write(decryptfile, crypto.decrypt(encrypted, password: settings[:pw]).read)
+      puts "Your decrypted.txt has been written out to #{outdir}."
     when :api
       # output to string
       crypto.decrypt(encrypted, password: settings[:pw]).read

data/lib/rapid-vaults/encrypt.rb

@@ -13,10 +13,20 @@ class Encrypt
     # output the encryption and associated tag
     case settings[:ui]
     when :cli
+      # efficiency assignment
+      outdir = settings[:outdir]
+      encryptfile = File.join(outdir, 'encrypted.txt')
+      tagfile = File.join(outdir, 'tag.txt')
+
+      # check if already exists and no force flag
+      if File.exist?(encryptfile) || File.exist?(tagfile)
+        raise "encrypted.txt or tag.txt already exists in #{outdir}. Use the --force flag to overwrite existing files." unless settings[:force]
+      end
+
       # output to file
-      File.write("#{settings[:outdir]}encrypted.txt", cipher.update(settings[:file]) + cipher.final)
-      File.write("#{settings[:outdir]}tag.txt", cipher.auth_tag)
-      puts "Your encrypted.txt and associated tag.txt for this encryption have been generated in #{settings[:outdir]}."
+      File.write(encryptfile, cipher.update(settings[:file]) + cipher.final)
+      File.write(tagfile, cipher.auth_tag)
+      puts "Your encrypted.txt and associated tag.txt for this encryption have been generated in #{outdir}."
     when :api
       # return as array
       [cipher.update(settings[:file]) + cipher.final, cipher.auth_tag]
@@ -36,9 +46,18 @@ class Encrypt
     # output the encryption and associated tag
     case settings[:ui]
     when :cli
+      # efficiency assignment
+      outdir = settings[:outdir]
+      encryptfile = File.join(outdir, 'encrypted.txt')
+
+      # check if already exists and no force flag
+      if File.exist?(encryptfile)
+        raise "encrypted.txt already exists in #{outdir}. Use the --force flag to overwrite existing files." unless settings[:force]
+      end
+
       # output to file
-      File.write("#{settings[:outdir]}encrypted.txt", crypto.encrypt(settings[:file], symmetric: true, password: settings[:pw]).read)
-      puts "Your encrypted.txt for this encryption has been generated in #{settings[:outdir]}."
+      File.write(encryptfile, crypto.encrypt(settings[:file], symmetric: true, password: settings[:pw]).read)
+      puts "Your encrypted.txt for this encryption has been generated in #{outdir}."
     when :api
       # return as string
       crypto.encrypt(settings[:file], symmetric: true, password: settings[:pw]).read

data/lib/rapid-vaults/generate.rb

@@ -9,10 +9,20 @@ class Generate
 
     case settings[:ui]
     when :cli
+      # efficiency assignment
+      outdir = settings[:outdir]
+      keyfile = File.join(outdir, 'key.txt')
+      noncefile = File.join(outdir, 'nonce.txt')
+
+      # check if already exists and no force flag
+      if File.exist?(keyfile) || File.exist?(noncefile)
+        raise "key.txt or nonce.txt already exists in #{outdir}. Use the --force flag to overwrite existing files." unless settings[:force]
+      end
+
       # output to file
-      File.write("#{settings[:outdir]}key.txt", cipher.random_key)
-      File.write("#{settings[:outdir]}nonce.txt", cipher.random_iv)
-      puts "Your key.txt and nonce.txt have been generated in #{settings[:outdir]}."
+      File.write(keyfile, cipher.random_key)
+      File.write(noncefile, cipher.random_iv)
+      puts "Your key.txt and nonce.txt have been generated in #{outdir}."
     when :api
       # return as array
       [cipher.random_key, cipher.random_iv]
@@ -26,8 +36,13 @@ class Generate
     # ensure we have a place to store these output files
     raise 'Environment variable "GNUPGHOME" was not set.' unless ENV.fetch('GNUPGHOME', false)
 
+    # check if already exists and no force flag
+    if Dir.exist?(ENV['GNUPGHOME']) && !Dir.empty?(ENV['GNUPGHOME'])
+      raise "GPG keyring in #{ENV['GNUPGHOME']} already exists and is not empty. Use the --force flag to overwrite existing files." unless settings[:force]
+    end
+
     # create gpg keys
     GPGME::Ctx.new.generate_key(settings[:gpgparams], nil, nil)
-    puts "Your GPG keys have been generated in #{ENV.fetch['GNUPGHOME']}." if settings[:ui] == :cli
+    puts "Your GPG keys have been generated in #{ENV.fetch('GNUPGHOME')}." if settings[:ui] == :cli
   end
 end

data/lib/rapid_vaults.rb

@@ -25,7 +25,6 @@ class RapidVaults
     if settings[:ui] == :cli
       # :outdir only relevant for :cli
       settings[:outdir] ||= Dir.pwd
-      settings[:outdir] += '/' unless settings[:outdir][-1] == '/'
     end
 
     return if settings[:action] == :binding
@@ -35,9 +34,10 @@ class RapidVaults
     public_send(:"process_#{settings[:algorithm]}", settings)
   end
 
+  private
+
   # processing openssl
   def self.process_openssl(settings)
-    private_class_method :method
     # check arguments
     case settings[:action]
     when :generate then return
@@ -49,7 +49,7 @@ class RapidVaults
     end
 
     # lambda for input processing
-    process_input = ->(input) { File.readable?(settings[input]) ? settings[input] = File.read(settings[input]) : (raise "Input file '#{settings[input]}' for argument '#{input}' is not an existing readable file.") }
+    process_input = ->(input) { File.readable?(settings[input]) ? settings[input] = File.binread(settings[input]) : (raise "Input file '#{settings[input]}' for argument '#{input}' is not an existing readable file.") }
 
     # check inputs and read in files
     raise 'Password must be a string.' if settings.key?(:pw) && !settings[:pw].is_a?(String)
@@ -63,13 +63,12 @@ class RapidVaults
     return unless settings[:action] == :decrypt
     process_input.call(:tag) if settings[:action] == :decrypt
 
-    raise 'The encrypted data is not a valid multiple of 9 bytes.' unless (settings[:file].bytesize % 9).zero?
+    raise 'The encrypted data is empty.' if settings[:file].empty?
     raise 'Tag is not 16 bytes.' unless settings[:tag].bytesize == 16
   end
 
   # processing gpgme
   def self.process_gpgme(settings)
-    private_class_method :method
     # check arguments
     case settings[:action]
     when :generate

data/rapid-vaults.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |spec|
   spec.name          = 'rapid-vaults'
-  spec.version       = '1.3.0'
+  spec.version       = '1.3.2'
   spec.authors       = ['Matt Schuchard']
   spec.description   = 'Ad-hoc encrypt and decrypt data behind multiple layers of protection via OpenSSL or GPG.'
   spec.summary       = 'Ad-hoc encrypt and decrypt data.'

data/spec/rapid-vaults/api_spec.rb

@@ -15,5 +15,11 @@ describe RapidVaults::API do
     it 'correctly overrides the algorithm setting' do
       expect(RapidVaults::API.parse(algorithm: :gpgme)).to eq(algorithm: :gpgme, ui: :api)
     end
+    it 'raises an error for encrypt action with no file' do
+      expect { RapidVaults::API.parse(action: :encrypt) }.to raise_error('no file specified for encryption or decryption')
+    end
+    it 'raises an error for an empty password' do
+      expect { RapidVaults::API.parse(action: :encrypt, file: 'file.txt', pw: '') }.to raise_error('input password cannot be empty')
+    end
   end
 end

data/spec/rapid-vaults/binding_spec.rb

@@ -8,7 +8,7 @@ describe Binding do
     end
 
     it 'outputs the puppet bindings to the specified directory' do
-      Binding.puppet({})
+      Binding.puppet({outdir: Dir.pwd})
       %w[puppet_gpg_decrypt.rb puppet_gpg_encrypt.rb puppet_ssl_decrypt.rb puppet_ssl_encrypt.rb].each do |file|
         expect(File.file?(file)).to be true
       end
@@ -21,7 +21,7 @@ describe Binding do
     end
 
     it 'outputs the chef bindings to the specified directory' do
-      Binding.chef({})
+      Binding.chef({outdir: Dir.pwd})
       expect(File.file?('chef.rb')).to be true
     end
   end

data/spec/rapid-vaults/cli_spec.rb

@@ -16,11 +16,14 @@ describe RapidVaults::CLI do
       expect(RapidVaults::CLI.parse(%w[-g -o .])).to eq(ui: :cli, action: :generate, outdir: '.')
     end
     it 'correctly parses the arguments for gpg generate' do
-      expect(RapidVaults::CLI.parse(%W[--gpg -g --gpgparams #{fixtures_dir}/file.yaml])).to eq(algorithm: :gpgme, ui: :cli, action: :generate, gpgparams: "foo: bar\n")
+      expect(RapidVaults::CLI.parse(%W[--gpg -g --gpgparams #{FIXTURES_DIR}/file.yaml])).to eq(algorithm: :gpgme, ui: :cli, action: :generate, gpgparams: "foo: bar\n")
     end
     it 'correctly parses the arguments for puppet bindings' do
       expect(RapidVaults::CLI.parse(%w[-b puppet -o .])).to eq(ui: :cli, action: :binding, binding: :puppet, outdir: '.')
     end
+    it 'correctly parses the arguments with force option' do
+      expect(RapidVaults::CLI.parse(%w[--force])).to eq(ui: :cli, force: true)
+    end
     it 'raises an error for a nonexistent password file' do
       expect { RapidVaults::CLI.parse(%w[-f /nopasswordhere]) }.to raise_error('Password file /nopasswordhere is not an existing readable file!')
     end

data/spec/rapid-vaults/decrypt_spec.rb

@@ -3,6 +3,10 @@ require_relative '../../lib/rapid-vaults/encrypt'
 require_relative '../../lib/rapid-vaults/decrypt'
 
 describe Decrypt do
+  after(:all) do
+    %w[tag.txt encrypted.txt decrypted.txt].each { |file| File.delete(file) }
+  end
+
   context '.openssl' do
     require 'openssl'
     cipher = OpenSSL::Cipher.new('aes-256-gcm').encrypt
@@ -10,20 +14,16 @@ describe Decrypt do
     nonce = cipher.random_iv
 
     before(:all) do
-      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: key, nonce: nonce)
-    end
-
-    after(:all) do
-      %w[tag.txt encrypted.txt decrypted.txt].each { |file| File.delete(file) }
+      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: key, nonce: nonce, outdir: Dir.pwd)
     end
 
     it 'outputs a decrypted file with the key, nonce, and tag from the cli' do
-      Decrypt.openssl(ui: :cli, file: File.read('encrypted.txt'), key: key, nonce: nonce, tag: File.read('tag.txt'))
+      Decrypt.openssl(ui: :cli, file: File.read('encrypted.txt'), key: key, nonce: nonce, tag: File.read('tag.txt'), outdir: Dir.pwd)
       expect(File.file?('decrypted.txt')).to be true
       expect(File.read('decrypted.txt')).to eq("foo: bar\n")
     end
     it 'outputs decrypted content with the key, nonce, and tag from the api' do
-      decrypt = Decrypt.openssl(ui: :api, file: File.read('encrypted.txt'), key: key, nonce: nonce, tag: File.read('tag.txt'))
+      decrypt = Decrypt.openssl(ui: :api, file: File.read('encrypted.txt'), key: key, nonce: nonce, tag: File.read('tag.txt'), outdir: Dir.pwd)
       expect(decrypt).to be_a(String)
       expect(decrypt).to eq("foo: bar\n")
     end
@@ -31,20 +31,16 @@ describe Decrypt do
 
   context '.gpgme' do
     before(:all) do
-      Encrypt.gpgme(ui: :cli, file: "foo: bar\n", key: '', pw: 'foo')
-    end
-
-    after(:all) do
-      %w[encrypted.txt decrypted.txt].each { |file| File.delete(file) }
+      Encrypt.gpgme(ui: :cli, file: "foo: bar\n", key: '', pw: 'foo', outdir: Dir.pwd, force: true)
     end
 
     it 'outputs a decrypted file with the key from the cli' do
-      Decrypt.gpgme(ui: :cli, file: File.read('encrypted.txt'), key: '', pw: 'foo')
+      Decrypt.gpgme(ui: :cli, file: File.read('encrypted.txt'), key: '', pw: 'foo', outdir: Dir.pwd, force: true)
       expect(File.file?('decrypted.txt')).to be true
       expect(File.read('decrypted.txt')).to eq("foo: bar\n")
     end
     it 'outputs decrypted content with the key from the api' do
-      decrypt = Decrypt.gpgme(ui: :api, file: File.read('encrypted.txt'), key: '', pw: 'foo')
+      decrypt = Decrypt.gpgme(ui: :api, file: File.read('encrypted.txt'), key: '', pw: 'foo', outdir: Dir.pwd)
       expect(decrypt).to be_a(String)
       expect(decrypt).to eq("foo: bar\n")
     end

data/spec/rapid-vaults/encrypt_spec.rb

@@ -2,28 +2,28 @@ require_relative '../spec_helper'
 require_relative '../../lib/rapid-vaults/encrypt'
 
 describe Encrypt do
+  after(:all) do
+    %w[tag.txt encrypted.txt].each { |file| File.delete(file) }
+  end
+
   context '.openssl' do
     require 'openssl'
     cipher = OpenSSL::Cipher.new('aes-256-gcm').encrypt
     key = cipher.random_key
     nonce = cipher.random_iv
 
-    after(:all) do
-      %w[tag.txt encrypted.txt].each { |file| File.delete(file) }
-    end
-
     it 'outputs an encrypted file with the key and nonce from the cli' do
-      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: key, nonce: nonce)
+      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: key, nonce: nonce, outdir: Dir.pwd)
       expect(File.file?('tag.txt')).to be true
       expect(File.file?('encrypted.txt')).to be true
     end
     it 'outputs an encrypted file with the key, nonce, and password from the cli' do
-      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: key, nonce: nonce, pw: 'password')
+      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: key, nonce: nonce, pw: 'password', outdir: Dir.pwd, force: true)
       expect(File.file?('tag.txt')).to be true
       expect(File.file?('encrypted.txt')).to be true
     end
     it 'outputs an array of encrypted content and tag with the key and nonce from the api' do
-      encrypt = Encrypt.openssl(ui: :api, file: "foo: bar\n", key: key, nonce: nonce)
+      encrypt = Encrypt.openssl(ui: :api, file: "foo: bar\n", key: key, nonce: nonce, outdir: Dir.pwd)
       expect(encrypt).to be_a(Array)
       expect(encrypt.length).to eq(2)
       expect(encrypt[0]).to be_a(String)
@@ -33,11 +33,11 @@ describe Encrypt do
 
   context '.gpgme' do
     it 'outputs an encrypted file with the key from the cli' do
-      Encrypt.gpgme(ui: :cli, file: "foo: bar\n", key: '', pw: 'foo')
+      Encrypt.gpgme(ui: :cli, file: "foo: bar\n", key: '', pw: 'foo', outdir: Dir.pwd, force: true)
       expect(File.file?('encrypted.txt')).to be true
     end
     it 'outputs a string of encrypted content with the key from the api' do
-      encrypt = Encrypt.gpgme(ui: :api, file: "foo: bar\n", key: '', pw: 'foo')
+      encrypt = Encrypt.gpgme(ui: :api, file: "foo: bar\n", key: '', pw: 'foo', outdir: Dir.pwd)
       expect(encrypt).to be_a(String)
     end
   end

data/spec/rapid-vaults/generate_spec.rb

@@ -8,7 +8,7 @@ describe Generate do
     end
 
     it 'generates the key and nonce files from the cli' do
-      Generate.openssl(ui: :cli)
+      Generate.openssl(ui: :cli, outdir: Dir.pwd)
       expect(File.file?('key.txt')).to be true
       expect(File.file?('nonce.txt')).to be true
       expect(File.read('key.txt')).to be_a(String)
@@ -25,23 +25,23 @@ describe Generate do
 
   context '.gpgme' do
     it 'raises an error for a missing GNUPGHOME variable' do
-      expect { Generate.gpgme(gpgparams: File.read("#{fixtures_dir}/gpgparams.txt")) }.to raise_error('Environment variable "GNUPGHOME" was not set.')
+      expect { Generate.gpgme(gpgparams: File.read("#{FIXTURES_DIR}/gpgparams.txt")) }.to raise_error('Environment variable "GNUPGHOME" was not set.')
     end
     it 'generates the key files' do
       require 'fileutils'
 
-      ENV['GNUPGHOME'] = fixtures_dir
+      ENV['GNUPGHOME'] = FIXTURES_DIR
 
-      Generate.gpgme(gpgparams: File.read("#{fixtures_dir}/gpgparams.txt"))
+      Generate.gpgme(gpgparams: File.read("#{FIXTURES_DIR}/gpgparams.txt"), force: true)
       %w[trustdb.gpg pubring.kbx pubring.kbx~].each do |file|
-        expect(File.file?("#{fixtures_dir}/#{file}")).to be true
-        File.delete("#{fixtures_dir}/#{file}")
+        expect(File.file?("#{FIXTURES_DIR}/#{file}")).to be true
+        File.delete("#{FIXTURES_DIR}/#{file}")
       end
       %w[openpgp-revocs.d private-keys-v1.d].each do |dir|
-        expect(File.directory?("#{fixtures_dir}/#{dir}")).to be true
-        FileUtils.rm_r("#{fixtures_dir}/#{dir}")
+        expect(File.directory?("#{FIXTURES_DIR}/#{dir}")).to be true
+        FileUtils.rm_r("#{FIXTURES_DIR}/#{dir}")
       end
-      %w[S.gpg-agent random_seed].each { |file| File.delete("#{fixtures_dir}/#{file}") if File.file?(file) }
+      %w[S.gpg-agent random_seed].each { |file| File.delete("#{FIXTURES_DIR}/#{file}") if File.file?(file) }
     end
   end
 end

data/spec/rapid_vaults_spec.rb

@@ -12,8 +12,8 @@ describe RapidVaults do
       File.write('nonce_good.txt', SecureRandom.random_bytes(12).strip)
       File.write('tag_bad.txt', SecureRandom.random_bytes(24).strip)
       File.write('tag_good.txt', SecureRandom.random_bytes(16).strip)
-      File.write('encrypted_bad.txt', SecureRandom.random_bytes(16).strip)
-      File.write('encrypted_good.txt', '')
+      File.write('encrypted_bad.txt', '')
+      File.write('encrypted_good.txt', SecureRandom.random_bytes(16).strip)
     end
 
     after(:all) do
@@ -51,22 +51,22 @@ describe RapidVaults do
       expect { RapidVaults.process(algorithm: :gpgme, action: :encrypt, file: 'a', pw: 'password') }.to raise_error('Input file \'a\' for argument \'file\' is not an existing readable file.')
     end
     it 'raises an error for an invalid key size' do
-      expect { RapidVaults.process(action: :encrypt, file: "#{fixtures_dir}file.yaml", key: 'key_bad.txt', nonce: 'nonce_good.txt') }.to raise_error('The key is not a valid 32 byte key.')
+      expect { RapidVaults.process(action: :encrypt, file: "#{FIXTURES_DIR}file.yaml", key: 'key_bad.txt', nonce: 'nonce_good.txt') }.to raise_error('The key is not a valid 32 byte key.')
     end
     it 'raises an error for an invalid nonce size' do
-      expect { RapidVaults.process(action: :encrypt, file: "#{fixtures_dir}file.yaml", key: 'key_good.txt', nonce: 'nonce_bad.txt') }.to raise_error('The nonce is not a valid 12 byte nonce.')
+      expect { RapidVaults.process(action: :encrypt, file: "#{FIXTURES_DIR}file.yaml", key: 'key_good.txt', nonce: 'nonce_bad.txt') }.to raise_error('The nonce is not a valid 12 byte nonce.')
     end
     it 'raises an error for an invalid tag size' do
       expect { RapidVaults.process(action: :decrypt, file: 'encrypted_good.txt', key: 'key_good.txt', nonce: 'nonce_good.txt', tag: 'tag_bad.txt') }.to raise_error('Tag is not 16 bytes.')
     end
     it 'raises an error for corrupted encrypted file content' do
-      expect { RapidVaults.process(action: :decrypt, file: 'encrypted_bad.txt', key: 'key_good.txt', nonce: 'nonce_good.txt', tag: 'tag_good.txt') }.to raise_error('The encrypted data is not a valid multiple of 9 bytes.')
+      expect { RapidVaults.process(action: :decrypt, file: 'encrypted_bad.txt', key: 'key_good.txt', nonce: 'nonce_good.txt', tag: 'tag_good.txt') }.to raise_error('The encrypted data is empty.')
     end
     it 'reads in all input files correctly for openssl encryption' do
       expect { RapidVaults.process(action: :decrypt, file: 'encrypted_good.txt', key: 'key_good.txt', nonce: 'nonce_good.txt', tag: 'tag_good.txt', pw: 'password') }.not_to raise_exception
     end
     it 'reads in all input files correctly for gpgme decryption' do
-      dummy = "#{fixtures_dir}file.yaml"
+      dummy = "#{FIXTURES_DIR}file.yaml"
       expect { RapidVaults.process(algorithm: :gpgme, action: :decrypt, file: dummy, pw: 'password') }.not_to raise_exception
     end
   end

data/spec/spec_helper.rb

@@ -1,13 +1,8 @@
 require 'rspec'
 
 # for path to fixtures
-module Variables
-  extend RSpec::SharedContext
-
-  let(:fixtures_dir) { "#{File.dirname(__FILE__)}/fixtures/" }
-end
+FIXTURES_DIR = "#{File.dirname(__FILE__)}/fixtures/".freeze
 
 RSpec.configure do |config|
-  config.include Variables
   config.color = true
 end

data/spec/system/system_spec.rb

@@ -16,7 +16,7 @@ describe RapidVaults do
   context 'executed with openssl algorithm as a system from the CLI with settings and a file to be processed' do
     it 'generates key and nonce, encrypts a file, and then decrypts a file in order' do
       # generate and utilize files inside suitable directory
-      Dir.chdir(fixtures_dir)
+      Dir.chdir(FIXTURES_DIR)
 
       # generate key and nonce
       RapidVaults::CLI.main(%w[-g])
@@ -38,7 +38,7 @@ describe RapidVaults do
   context 'executed with openssl algorithm as a system from the API with settings and a file to be processed' do
     it 'generates key and nonce, encrypts a file, and then decrypts a file in order' do
       # generate and utilize files inside suitable directory
-      Dir.chdir(fixtures_dir)
+      Dir.chdir(FIXTURES_DIR)
 
       # generate key and nonce
       RapidVaults::API.main(action: :generate)
@@ -63,18 +63,18 @@ describe RapidVaults do
   unless ENV['CIRCLECI'] == 'true' || ENV['GITHUB_ACTIONS'] == 'true'
     context 'executed wtih gpg algorithm as a system from the CLI with settings and a file to be processed' do
       it 'encrypts a file and then decrypts a file in order' do
-        ENV['GNUPGHOME'] = fixtures_dir
+        ENV['GNUPGHOME'] = FIXTURES_DIR
 
         # generate and utilize files inside suitable directory
-        Dir.chdir(fixtures_dir)
+        Dir.chdir(FIXTURES_DIR)
 
         # generate keys
-        RapidVaults::CLI.main(%w[-g --gpg --gpgparams gpgparams.txt])
-        %w[trustdb.gpg pubring.kbx pubring.kbx~].each { |file| expect(File.file?("#{fixtures_dir}/#{file}")).to be true }
-        %w[openpgp-revocs.d private-keys-v1.d].each { |dir| expect(File.directory?("#{fixtures_dir}/#{dir}")).to be true }
+        RapidVaults::CLI.main(%w[-g --gpg --force --gpgparams gpgparams.txt])
+        %w[trustdb.gpg pubring.kbx pubring.kbx~].each { |file| expect(File.file?("#{FIXTURES_DIR}/#{file}")).to be true }
+        %w[openpgp-revocs.d private-keys-v1.d].each { |dir| expect(File.directory?("#{FIXTURES_DIR}/#{dir}")).to be true }
 
         # generate encrypted file
-        RapidVaults::CLI.main(%w[--gpg -e -p foo file.yaml])
+        RapidVaults::CLI.main(%w[--gpg -e --force -p foo file.yaml])
         expect(File.file?('encrypted.txt')).to be true
 
         # generate decrypted file
@@ -86,15 +86,15 @@ describe RapidVaults do
 
     context 'executed with gpg algorithm as a system from the API with settings and a file to be processed' do
       it 'encrypts a file and then decrypts a file in order' do
-        ENV['GNUPGHOME'] = fixtures_dir
+        ENV['GNUPGHOME'] = FIXTURES_DIR
 
         # generate and utilize files inside suitable directory
-        Dir.chdir(fixtures_dir)
+        Dir.chdir(FIXTURES_DIR)
 
         # generate keys
-        RapidVaults::API.main(action: :generate, algorithm: :gpgme, gpgparams: File.read('gpgparams.txt'))
-        %w[trustdb.gpg pubring.kbx pubring.kbx~].each { |file| expect(File.file?("#{fixtures_dir}/#{file}")).to be true }
-        %w[openpgp-revocs.d private-keys-v1.d].each { |dir| expect(File.directory?("#{fixtures_dir}/#{dir}")).to be true }
+        RapidVaults::API.main(action: :generate, algorithm: :gpgme, force: true, gpgparams: File.read('gpgparams.txt'))
+        %w[trustdb.gpg pubring.kbx pubring.kbx~].each { |file| expect(File.file?("#{FIXTURES_DIR}/#{file}")).to be true }
+        %w[openpgp-revocs.d private-keys-v1.d].each { |dir| expect(File.directory?("#{FIXTURES_DIR}/#{dir}")).to be true }
 
         # generate encrypted file
         encrypt = RapidVaults::API.main(algorithm: :gpgme, action: :encrypt, file: 'file.yaml', pw: 'password')
@@ -112,7 +112,7 @@ describe RapidVaults do
   context 'executed as a system to output bindings from the CLI' do
     it 'outputs the puppet and chef bindings' do
       # generate and utilize files inside suitable directory
-      Dir.chdir(fixtures_dir)
+      Dir.chdir(FIXTURES_DIR)
 
       # generate bindings
       RapidVaults::CLI.main(%w[-b puppet])

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rapid-vaults
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.3.2
 platform: ruby
 authors:
 - Matt Schuchard
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-09-14 00:00:00.000000000 Z
+date: 2026-03-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gpgme