rcredstash 0.5.0 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +4 -0
- data/lib/cred_stash/cipher_key.rb +8 -4
- data/lib/cred_stash/secret.rb +5 -4
- data/lib/cred_stash/version.rb +1 -1
- data/lib/cred_stash.rb +4 -4
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b93824e08980e91459009d284538674f30024423
|
|
4
|
+
data.tar.gz: 34e5e97871003ec2da31e92a96629d5fbd0b3d1c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b500d8725b3404cc2deed45a3d0a68e5fc4d4b9383f4310cd4f7856bcdf158b55cfbc8f74428a554c800d0ee9521fbf853cdf041ab1bb7c354e4c8de3ebb7f52
|
|
7
|
+
data.tar.gz: e132dd8ff5873cccaa77f72e295c2875ad4b7d36da0eaa62a9db986fa593b3f78a203150d57f1660a4ccc53c47c0c9fea950aa2a5650d2cee8e44d02dddb40b1
|
data/README.md
CHANGED
|
@@ -23,7 +23,11 @@ Or install it yourself as:
|
|
|
23
23
|
|
|
24
24
|
```ruby
|
|
25
25
|
CredStash.get(key)
|
|
26
|
+
CredStash.get(key, context: { 'foo' => 'bar' })
|
|
27
|
+
|
|
26
28
|
CredStash.put(key, value)
|
|
29
|
+
CredStash.put(key, value, context: { 'foo' => 'bar' })
|
|
30
|
+
|
|
27
31
|
CredStash.list
|
|
28
32
|
CredStash.delete(key)
|
|
29
33
|
```
|
|
@@ -1,8 +1,12 @@
|
|
|
1
1
|
class CredStash::CipherKey
|
|
2
2
|
attr_reader :data_key, :hmac_key, :wrapped_key
|
|
3
3
|
|
|
4
|
-
def self.generate(client: Aws::KMS::Client.new)
|
|
5
|
-
res = client.generate_data_key(
|
|
4
|
+
def self.generate(client: Aws::KMS::Client.new, context: {})
|
|
5
|
+
res = client.generate_data_key(
|
|
6
|
+
key_id: 'alias/credstash',
|
|
7
|
+
number_of_bytes: 64,
|
|
8
|
+
encryption_context: context
|
|
9
|
+
)
|
|
6
10
|
new(
|
|
7
11
|
data_key: res.plaintext[0...32],
|
|
8
12
|
hmac_key: res.plaintext[32..-1],
|
|
@@ -10,8 +14,8 @@ class CredStash::CipherKey
|
|
|
10
14
|
)
|
|
11
15
|
end
|
|
12
16
|
|
|
13
|
-
def self.decrypt(wrapped_key, client: Aws::KMS::Client.new)
|
|
14
|
-
res = client.decrypt(ciphertext_blob: wrapped_key)
|
|
17
|
+
def self.decrypt(wrapped_key, client: Aws::KMS::Client.new, context: {})
|
|
18
|
+
res = client.decrypt(ciphertext_blob: wrapped_key, encryption_context: context)
|
|
15
19
|
new(
|
|
16
20
|
data_key: res.plaintext[0...32],
|
|
17
21
|
hmac_key: res.plaintext[32..-1],
|
data/lib/cred_stash/secret.rb
CHANGED
|
@@ -1,16 +1,17 @@
|
|
|
1
1
|
class CredStash::Secret
|
|
2
2
|
attr_reader :name, :value, :key, :encrypted_value, :hmac
|
|
3
3
|
|
|
4
|
-
def initialize(name:, value: nil, key: nil, encrypted_value: nil, hmac: nil)
|
|
4
|
+
def initialize(name:, value: nil, key: nil, encrypted_value: nil, hmac: nil, context: {})
|
|
5
5
|
@name = name
|
|
6
6
|
@value = value
|
|
7
7
|
@key = key
|
|
8
8
|
@encrypted_value = encrypted_value
|
|
9
9
|
@hmac = hmac
|
|
10
|
+
@context = context
|
|
10
11
|
end
|
|
11
12
|
|
|
12
13
|
def encrypt!
|
|
13
|
-
@key = CredStash::CipherKey.generate
|
|
14
|
+
@key = CredStash::CipherKey.generate(context: @context)
|
|
14
15
|
@encrypted_value = @key.encrypt(@value)
|
|
15
16
|
@hmac = @key.hmac(@encrypted_value)
|
|
16
17
|
end
|
|
@@ -28,11 +29,11 @@ class CredStash::Secret
|
|
|
28
29
|
end
|
|
29
30
|
|
|
30
31
|
class << self
|
|
31
|
-
def find(name)
|
|
32
|
+
def find(name, context: {})
|
|
32
33
|
item = repository.get(name)
|
|
33
34
|
new(
|
|
34
35
|
name: name,
|
|
35
|
-
key: CredStash::CipherKey.decrypt(Base64.decode64(item.key)),
|
|
36
|
+
key: CredStash::CipherKey.decrypt(Base64.decode64(item.key), context: context),
|
|
36
37
|
encrypted_value: Base64.decode64(item.contents),
|
|
37
38
|
hmac: item.hmac
|
|
38
39
|
)
|
data/lib/cred_stash/version.rb
CHANGED
data/lib/cred_stash.rb
CHANGED
|
@@ -2,8 +2,8 @@ require 'aws-sdk'
|
|
|
2
2
|
|
|
3
3
|
module CredStash
|
|
4
4
|
class << self
|
|
5
|
-
def get(name)
|
|
6
|
-
secret = Secret.find(name)
|
|
5
|
+
def get(name, context: {})
|
|
6
|
+
secret = Secret.find(name, context: context)
|
|
7
7
|
|
|
8
8
|
if secret.falsified?
|
|
9
9
|
raise "Invalid secret. #{name} has falsified"
|
|
@@ -15,8 +15,8 @@ module CredStash
|
|
|
15
15
|
nil
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
-
def put(name, value)
|
|
19
|
-
secret = Secret.new(name: name, value: value)
|
|
18
|
+
def put(name, value, context: {})
|
|
19
|
+
secret = Secret.new(name: name, value: value, context: context)
|
|
20
20
|
secret.encrypt!
|
|
21
21
|
secret.save
|
|
22
22
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rcredstash
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- adorechic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2017-01-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk
|