rcredstash 0.5.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +4 -0
- data/lib/cred_stash/cipher_key.rb +8 -4
- data/lib/cred_stash/secret.rb +5 -4
- data/lib/cred_stash/version.rb +1 -1
- data/lib/cred_stash.rb +4 -4
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b93824e08980e91459009d284538674f30024423
|
|
4
|
+
data.tar.gz: 34e5e97871003ec2da31e92a96629d5fbd0b3d1c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b500d8725b3404cc2deed45a3d0a68e5fc4d4b9383f4310cd4f7856bcdf158b55cfbc8f74428a554c800d0ee9521fbf853cdf041ab1bb7c354e4c8de3ebb7f52
|
|
7
|
+
data.tar.gz: e132dd8ff5873cccaa77f72e295c2875ad4b7d36da0eaa62a9db986fa593b3f78a203150d57f1660a4ccc53c47c0c9fea950aa2a5650d2cee8e44d02dddb40b1
|
data/README.md
CHANGED
|
@@ -23,7 +23,11 @@ Or install it yourself as:
|
|
|
23
23
|
|
|
24
24
|
```ruby
|
|
25
25
|
CredStash.get(key)
|
|
26
|
+
CredStash.get(key, context: { 'foo' => 'bar' })
|
|
27
|
+
|
|
26
28
|
CredStash.put(key, value)
|
|
29
|
+
CredStash.put(key, value, context: { 'foo' => 'bar' })
|
|
30
|
+
|
|
27
31
|
CredStash.list
|
|
28
32
|
CredStash.delete(key)
|
|
29
33
|
```
|
|
@@ -1,8 +1,12 @@
|
|
|
1
1
|
class CredStash::CipherKey
|
|
2
2
|
attr_reader :data_key, :hmac_key, :wrapped_key
|
|
3
3
|
|
|
4
|
-
def self.generate(client: Aws::KMS::Client.new)
|
|
5
|
-
res = client.generate_data_key(
|
|
4
|
+
def self.generate(client: Aws::KMS::Client.new, context: {})
|
|
5
|
+
res = client.generate_data_key(
|
|
6
|
+
key_id: 'alias/credstash',
|
|
7
|
+
number_of_bytes: 64,
|
|
8
|
+
encryption_context: context
|
|
9
|
+
)
|
|
6
10
|
new(
|
|
7
11
|
data_key: res.plaintext[0...32],
|
|
8
12
|
hmac_key: res.plaintext[32..-1],
|
|
@@ -10,8 +14,8 @@ class CredStash::CipherKey
|
|
|
10
14
|
)
|
|
11
15
|
end
|
|
12
16
|
|
|
13
|
-
def self.decrypt(wrapped_key, client: Aws::KMS::Client.new)
|
|
14
|
-
res = client.decrypt(ciphertext_blob: wrapped_key)
|
|
17
|
+
def self.decrypt(wrapped_key, client: Aws::KMS::Client.new, context: {})
|
|
18
|
+
res = client.decrypt(ciphertext_blob: wrapped_key, encryption_context: context)
|
|
15
19
|
new(
|
|
16
20
|
data_key: res.plaintext[0...32],
|
|
17
21
|
hmac_key: res.plaintext[32..-1],
|
data/lib/cred_stash/secret.rb
CHANGED
|
@@ -1,16 +1,17 @@
|
|
|
1
1
|
class CredStash::Secret
|
|
2
2
|
attr_reader :name, :value, :key, :encrypted_value, :hmac
|
|
3
3
|
|
|
4
|
-
def initialize(name:, value: nil, key: nil, encrypted_value: nil, hmac: nil)
|
|
4
|
+
def initialize(name:, value: nil, key: nil, encrypted_value: nil, hmac: nil, context: {})
|
|
5
5
|
@name = name
|
|
6
6
|
@value = value
|
|
7
7
|
@key = key
|
|
8
8
|
@encrypted_value = encrypted_value
|
|
9
9
|
@hmac = hmac
|
|
10
|
+
@context = context
|
|
10
11
|
end
|
|
11
12
|
|
|
12
13
|
def encrypt!
|
|
13
|
-
@key = CredStash::CipherKey.generate
|
|
14
|
+
@key = CredStash::CipherKey.generate(context: @context)
|
|
14
15
|
@encrypted_value = @key.encrypt(@value)
|
|
15
16
|
@hmac = @key.hmac(@encrypted_value)
|
|
16
17
|
end
|
|
@@ -28,11 +29,11 @@ class CredStash::Secret
|
|
|
28
29
|
end
|
|
29
30
|
|
|
30
31
|
class << self
|
|
31
|
-
def find(name)
|
|
32
|
+
def find(name, context: {})
|
|
32
33
|
item = repository.get(name)
|
|
33
34
|
new(
|
|
34
35
|
name: name,
|
|
35
|
-
key: CredStash::CipherKey.decrypt(Base64.decode64(item.key)),
|
|
36
|
+
key: CredStash::CipherKey.decrypt(Base64.decode64(item.key), context: context),
|
|
36
37
|
encrypted_value: Base64.decode64(item.contents),
|
|
37
38
|
hmac: item.hmac
|
|
38
39
|
)
|
data/lib/cred_stash/version.rb
CHANGED
data/lib/cred_stash.rb
CHANGED
|
@@ -2,8 +2,8 @@ require 'aws-sdk'
|
|
|
2
2
|
|
|
3
3
|
module CredStash
|
|
4
4
|
class << self
|
|
5
|
-
def get(name)
|
|
6
|
-
secret = Secret.find(name)
|
|
5
|
+
def get(name, context: {})
|
|
6
|
+
secret = Secret.find(name, context: context)
|
|
7
7
|
|
|
8
8
|
if secret.falsified?
|
|
9
9
|
raise "Invalid secret. #{name} has falsified"
|
|
@@ -15,8 +15,8 @@ module CredStash
|
|
|
15
15
|
nil
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
-
def put(name, value)
|
|
19
|
-
secret = Secret.new(name: name, value: value)
|
|
18
|
+
def put(name, value, context: {})
|
|
19
|
+
secret = Secret.new(name: name, value: value, context: context)
|
|
20
20
|
secret.encrypt!
|
|
21
21
|
secret.save
|
|
22
22
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rcredstash
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- adorechic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2017-01-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk
|