safe_credentials 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 54bec910e5e20a0e32bccd0d099a9e6626e76865
+  data.tar.gz: 93c2902537cc72b1677bc1db7a75b504c7be2fbe
+SHA512:
+  metadata.gz: ec293af4e8ae3cbf286df92493aa0811c5003705542776327a67c7b9cf26d606a847b420aa3433bea548f4bfa854eda7c5be43f93514ff7b8ec59ed48782da87
+  data.tar.gz: 0075d799c2e3b6b6768bf363e8dca7c096e1fe2163968963241042e57ef2725b2302b0cd25cb4dff060fbc6c92c576d4b5fb073e209b4b916bd3434bb4245789

data/.gitignore

@@ -0,0 +1,20 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+config/encrypted_config.yml
+.DS_Store
+config/config.yml

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in safe_credentials.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Alberto F. Capel
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,97 @@
+# Safe Credentials
+
+Safe Credentials allows you to encrypt sensitive credentials so you can
+store your configuration files in source control.
+
+## Motivation
+
+To store configuration files in source control is always a tricky issue. You shouldn't
+store your credentials in clear text in source control, but often your team needs a subset
+of those credentials to test and execute the project.
+
+A usual approach is to create a configuration file (config.yml or similar) but don't push it
+to source control. Instead, you also create a dummy example file (config.yml.example) with dummy
+values. When someone needs to access the real credentials he or she has to ask the project owner
+for them.
+
+This solution is not ideal, especially when you need to add add or change some configuration
+parameter.
+
+## Usage
+
+Install the gem
+
+```shell
+
+$ gem install safe_credentials
+
+```
+
+Run the provided executable:
+
+```shell
+
+$ safe_credentials encrypt
+
+  Encrypting file config/config.yml
+  Enter your password:
+  Result stored in config/encrypted_config.yml
+  Adding config/config.yml to .gitignore.
+
+```
+
+Later, when you need to decrypt the credentials
+
+```shell
+$ bin/safe_credentials decrypt
+
+  Decrypting file config/encrypted_config.yml
+  Enter your password:
+  Result stored in config/config.yml
+
+```
+
+## Options
+
+Choose the path to the real config file and the encrypted one:
+
+```shell
+
+safe_credentials encrypt --from path/to/config.yml --to path/to/decrypted_config.yml
+
+```
+
+Also you can choose to encrypt only some configuration parameters:
+
+```shell
+
+# Encrypt database variables in all environments
+
+safe_credentials encrypt --vars **.database.*
+
+# Encrypt production variables
+
+safe_credentials encrypt --vars producion
+
+# Encrypt only password variables
+
+safe_credentials encrypt --vars **password
+
+```
+
+## Credits
+
+Original idea seen on [John Resig's blog](http://ejohn.org/blog/keeping-passwords-in-source-control/)
+
+## TODO
+
+* Capistrano integration. Upload config file to remote server and decrypt it there.
+* Support other formats beside YAML, like TOML or JSON.
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/bin/safe_credentials

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require_relative '../lib/safe_credentials'
+
+SafeCredentialsCLI.start(ARGV)

data/lib/safe_credentials.rb

@@ -0,0 +1,7 @@
+require 'gibberish'
+
+require_relative "safe_credentials/version"
+require_relative "safe_credentials/hash_query"
+require_relative "safe_credentials/hash_encryptor"
+require_relative "safe_credentials/config"
+require_relative "safe_credentials/cli"

data/lib/safe_credentials/cli.rb

@@ -0,0 +1,60 @@
+require "thor"
+require 'io/console'
+
+class SafeCredentialsCLI < Thor
+
+  desc "encrypt", "Encrypt configuration file"
+  option :from, desc: 'source file to encrypt', default: 'config/config.yml'
+  option :to, desc: 'target file', default: 'config/encrypted_config.yml'
+  option :vars, desc: 'glob expression with the keys to encode', default: '*'
+  def encrypt
+
+    puts  "  Encrypting file #{options[:from]}"
+    print "  Enter your password: "
+    password = STDIN.noecho(&:gets)
+    puts ''
+
+    config = SafeCredentials::Config.new(options[:from], password)
+
+    config.encrypt!(options[:vars])
+    config.save(options[:to])
+
+    puts "  Result stored in #{options[:to]}"
+    add_to_gitignore(options[:from])
+    puts  ""
+  end
+
+  desc "decrypt", "Decrypt configuration file"
+  option :from, desc: 'source file to encrypt', default: 'config/encrypted_config.yml'
+  option :to, desc: 'target file', default: 'config/config.yml'
+  option :vars, desc: 'glob expression with the keys to decode', default: '**encrypted_*'
+  def decrypt
+    puts  ""
+    puts  "  Decrypting file #{options[:from]}"
+    print "  Enter your password: "
+    password = STDIN.noecho(&:gets)
+    puts ''
+
+    config = SafeCredentials::Config.load_encrypted(password, options[:from])
+
+    config.decrypt!(options[:vars])
+    config.save(options[:to])
+
+    puts "  Result stored in #{options[:to]}"
+    add_to_gitignore(options[:to])
+     puts  ""
+  end
+
+
+  private
+
+  def add_to_gitignore(config_file)
+    return unless File.exist?('.gitignore') && !File.read('.gitignore').match(config_file)
+
+    puts "  Adding #{config_file} to .gitignore."
+
+    File.open('.gitignore', 'a') do |f|
+      f << "#{config_file}\n"
+    end
+  end
+end

data/lib/safe_credentials/config.rb

@@ -0,0 +1,61 @@
+require 'openssl'
+require 'yaml'
+require 'erb'
+
+module SafeCredentials
+
+  class Config
+    attr_reader :path, :config_file, :envs
+
+    def initialize(path = 'config/config.yml', password = nil)
+      @path = File.expand_path(path)
+      yaml_source = ERB.new(File.read(path)).result
+
+      @cipher = Gibberish::AES.new(password)
+
+      @attributes = YAML.load(yaml_source)
+      @encryptor = HashEncryptor.new(@attributes, @cipher)
+    end
+
+    def [](env_name)
+      @attributes[env_name.to_s]
+    end
+
+    def self.load_encrypted(password, path = 'config/encrypted_config.yml')
+      config = new(path, password)
+      config.decrypt!
+      config
+
+    rescue OpenSSL::Cipher::CipherError
+      $stderr.puts "Wrong password!"
+      exit -1
+    end
+
+    def encrypt!(paths = '*')
+      @encryptor.encrypt_paths!(paths)
+
+    rescue OpenSSL::Cipher::CipherError
+      $stderr.puts "Wrong password!"
+      exit -1
+    end
+
+    def decrypt!(paths = '**encrypted_*')
+      @encryptor.decrypt_paths!(paths)
+
+    rescue OpenSSL::Cipher::CipherError
+      $stderr.puts "Wrong password!"
+      exit -1
+    end
+
+    def save(file_name = nil)
+      unless file_name
+        basename = File.basename(@path)
+        dirname  = File.dirname(@path)
+
+        file_name = File.join(dirname, "encrypted_#{basename}")
+      end
+
+      File.write(file_name, @attributes.to_yaml)
+    end
+  end
+end

data/lib/safe_credentials/engine.rb

@@ -0,0 +1,7 @@
+module SafeCredentials
+  class Engine < Rails::Engine
+
+    initializer "loading configuration" do
+    end
+  end
+end

data/lib/safe_credentials/hash_encryptor.rb

@@ -0,0 +1,81 @@
+module SafeCredentials
+  class HashEncryptor
+    attr_reader :name, :attributes
+
+    def initialize(attributes, cipher)
+      @attributes, @cipher = attributes, cipher
+      @attributes.extend SafeCredentials::HashQuery
+    end
+
+    def encrypt_val(val)
+      case val
+      when String then @cipher.enc(val).strip
+      when Hash then encrypt_hash(val)
+      end
+    end
+
+    def encrypt_hash(h)
+      Hash.new.tap do |encrypted|
+        h.each do |k, v|
+          encrypted["encrypted_#{k}"] = encrypt_val(v)
+        end
+      end
+    end
+
+    def decrypt_val(val)
+      case val
+      when String then @cipher.dec(val).strip
+      when Hash then decrypt_hash(val)
+      end
+    end
+
+    def decrypt_hash(h)
+      Hash.new.tap do |decrypted|
+        h.each do |k, v|
+          key = k.sub(/^encrypted_/, '')
+          decrypted[key] = decrypt_val(v)
+        end
+      end
+    end
+
+    def encrypt(path)
+      encrypt_val(value_for(path))
+    end
+
+    def encrypt!(path)
+      last_key, subhash = subhash_for(path)
+      new_key = "encrypted_#{last_key}"
+
+      subhash[new_key] = encrypt_val(subhash.delete(last_key))
+    end
+
+    def decrypt!(path)
+      last_key, subhash = subhash_for(path)
+      new_key = last_key.sub(/^encrypted_/,'')
+
+      subhash[new_key] = decrypt_val(subhash.delete(last_key))
+    end
+
+    def encrypt_paths!(query)
+      @attributes.query(query).each { |path| encrypt!(path) }
+    end
+
+    def decrypt_paths!(query)
+      @attributes.query(query).each { |path| decrypt!(path) }
+    end
+
+    def value_for(path)
+      parts = path.split('.')
+      parts.inject(attributes) { |attrs, key| attrs[key] }
+    end
+
+    def subhash_for(path)
+      parts    = path.split('.')
+      last_key = parts.pop
+
+      subhash = parts.inject(attributes) { |attrs, key| attrs[key] }
+
+      [last_key, subhash]
+    end
+  end
+end

data/lib/safe_credentials/hash_query.rb

@@ -0,0 +1,28 @@
+require 'set'
+
+module SafeCredentials
+  module HashQuery
+
+    def query(path, subhash = self, prefix = nil)
+      all_subpaths(path, subhash, prefix).find_all { |k| File.fnmatch?(path.gsub('.', '/'), k.gsub('.', '/')) }
+    end
+
+    def all_subpaths(path = '*', subhash = self, prefix = nil)
+      parts = path.split('.')
+      first_part = parts.shift
+
+      matching_pathes = subhash.keys
+
+      subpaths = matching_pathes.collect do |subpath|
+        if Hash === subhash[subpath]
+          new_prefix = [prefix, subpath].compact.join('.')
+          all_subpaths(parts.join('.'), subhash[subpath], new_prefix)
+        else
+          [prefix, subpath].join('.')
+        end
+      end
+
+      Set.new(subpaths).flatten
+    end
+  end
+end

data/lib/safe_credentials/version.rb

@@ -0,0 +1,3 @@
+module SafeCredentials
+  VERSION = "0.0.1"
+end

data/safe_credentials.gemspec

@@ -0,0 +1,28 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'safe_credentials/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "safe_credentials"
+  spec.version       = SafeCredentials::VERSION
+  spec.authors       = ["Alberto F. Capel"]
+  spec.email         = ["afcapel@gmail.com"]
+  spec.description   = %q{Encrypt sensitive credentials so you can store your configuration files in source control}
+  spec.summary       = %q{Safe Credentials allows you to encrypt sensitive credentials so you can
+store your configuration files in source control.}
+  spec.homepage      = "https://github.com/afcapel/safe_credentials"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "thor"
+  spec.add_dependency "gibberish"
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec"
+end

data/spec/fixtures/config.yml

@@ -0,0 +1,21 @@
+development:
+  database:
+    adapter: sqlite3
+    db_user: scott
+    db_password: tiger
+  user: wadus
+  password: secret
+test:
+  database:
+    adapter: sqlite3
+    db_user: scott
+    db_password: tiger
+  user: wadus
+  password: secret
+production:
+  database:
+    adapter: postgresql
+    db_user: scott
+    db_password: tiger
+  user: wadus
+  password: secret

data/spec/fixtures/encrypted_config.yml

@@ -0,0 +1,22 @@
+---
+development:
+  database:
+    encrypted_adapter: U2FsdGVkX1/+7+ZLqxcnxDwe06l8CwS8HAY8cfFpeQY=
+    encrypted_db_user: U2FsdGVkX18VQzi5P3XfAAmoixK6bGzVsDNzAwl1Ajo=
+    encrypted_db_password: U2FsdGVkX196w5Ct9xZhzpVoTacPg70pQ2bUpL/Iqco=
+  encrypted_user: U2FsdGVkX19CORFfXnIxh7VTL7J5CWrpLdq2fAgKEuE=
+  encrypted_password: U2FsdGVkX1+xamsMYDDVMLOq5jSoS0JrQcNtL2IcsOA=
+test:
+  database:
+    encrypted_adapter: U2FsdGVkX19w9GcGmV7Jh3U221nNw8WLjdbAkr3yiFA=
+    encrypted_db_user: U2FsdGVkX18YQWsQJ9GnaTyPK0aRwS42CbuhEutaEAs=
+    encrypted_db_password: U2FsdGVkX1/eBxmVhmf2RmmZzD2WMQ0Pe8eUQGamJRk=
+  encrypted_user: U2FsdGVkX18rXFzZCaRnKfdmjeNiTegSG9h43B2UO74=
+  encrypted_password: U2FsdGVkX19EFT/I71fdwONxfAkOBVok9tgF3OUf0kY=
+production:
+  database:
+    encrypted_adapter: U2FsdGVkX1/R5d/ET8H9PjUH0jhnPEdfj/XuaORgfjQ=
+    encrypted_db_user: U2FsdGVkX184exEAZE7oTPkB2N0oDeskyGD52aJr3zI=
+    encrypted_db_password: U2FsdGVkX1/ikJtE7VHZlkNufe/6UGsO+T51mnqJuvE=
+  encrypted_user: U2FsdGVkX18IPO/BNBSg+FVLOAeuSS7hObLOqL6Z+nY=
+  encrypted_password: U2FsdGVkX18L5ZjBRvnt0deVWcmNa26ZkCKJ4ueNWmQ=

data/spec/lib/safe_credential/config_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+describe SafeCredentials::Config do
+
+  let(:config_file) { File.expand_path('../../../fixtures/config.yml', __FILE__)}
+  let(:encrypted_config_file) { File.expand_path('../../../fixtures/encrypted_config.yml', __FILE__)}
+
+  let(:config)   { SafeCredentials::Config.new(config_file, 'Super secret password') }
+
+
+
+
+  it "can save encrypted config file" do
+    orig_dev_env  = deep_copy(config['development'])
+    orig_test_env = deep_copy(config['test'])
+    orig_prod_env = deep_copy(config['production'])
+
+    config.encrypt!
+
+    config.save
+
+    loaded_config = SafeCredentials::Config.load_encrypted('Super secret password', encrypted_config_file)
+
+    loaded_config['development'].should == orig_dev_env
+    loaded_config['production'].should  == orig_prod_env
+    loaded_config['test'].should        == orig_test_env
+  end
+
+  def deep_copy(hash)
+    Marshal.load(Marshal.dump(hash))
+  end
+end

data/spec/lib/safe_credential/hash_encryptor_spec.rb

@@ -0,0 +1,144 @@
+require 'spec_helper'
+
+describe SafeCredentials::HashEncryptor do
+
+  before :each do
+    cipher = Gibberish::AES.new('abracadabra')
+
+    @config = {
+      'development' => {
+        'user'     => 'wadus',
+        'password' => 'secret',
+        'database' => {
+          'adapter'     => 'sqlite',
+          'db_user'     => 'scott',
+          'db_password' => 'tiger'
+        }
+      },
+      'production' => {
+        'user'     => 'admin',
+        'password' => '1234',
+        'database' => {
+          'adapter'     => 'postgresql',
+          'db_user'     => 'scott',
+          'db_password' => 'tiger'
+        }
+      }
+    }
+
+    @hash_encryptor = SafeCredentials::HashEncryptor.new(@config, cipher)
+  end
+
+  it "can encrypt/decrypt a value" do
+    encrypted = @hash_encryptor.encrypt_val('testing')
+    encrypted.should_not == 'testing'
+    @hash_encryptor.decrypt_val(encrypted).should == 'testing'
+  end
+
+  it "can encrypt/decrypt an env" do
+    encrypted_env = @hash_encryptor.encrypt('development')
+
+    encrypted_env['encrypted_user'].should_not be_nil
+    encrypted_env['encrypted_password'].should_not be_nil
+
+    encrypted_env['user'].should be_nil
+    encrypted_env['password'].should be_nil
+
+    decrypted_env = @hash_encryptor.decrypt_val(encrypted_env)
+
+    decrypted_env['user'].should     == 'wadus'
+    decrypted_env['password'].should == 'secret'
+  end
+
+  it "can find the value for a nested path" do
+    @hash_encryptor.value_for('production.database').should == {
+      'adapter'     => 'postgresql',
+      'db_user'     => 'scott',
+      'db_password' => 'tiger'
+    }
+
+    @hash_encryptor.value_for('production.database.db_password').should == 'tiger'
+  end
+
+  it "can encrypt/decrypt a nested path" do
+    encrypted_db = @hash_encryptor.encrypt('production.database')
+
+    encrypted_db['encrypted_db_user'].should_not be_nil
+    encrypted_db['encrypted_db_password'].should_not be_nil
+
+    encrypted_db['db_user'].should be_nil
+    encrypted_db['db_password'].should be_nil
+
+    decrypted_db = @hash_encryptor.decrypt_val(encrypted_db)
+
+    decrypted_db.should == {
+      'adapter'     => 'postgresql',
+      'db_user'     => 'scott',
+      'db_password' => 'tiger'
+    }
+  end
+
+  it "can encrypt/decrypt an attribute within a nested path" do
+    encrypted_password = @hash_encryptor.encrypt('production.database.db_password')
+    encrypted_password.should_not == 'tiger'
+
+    @hash_encryptor.decrypt_val(encrypted_password).should == 'tiger'
+  end
+
+  it 'can replace attributes in the hash with encrypted values' do
+    original_development = @config['development'].dup
+
+    @hash_encryptor.encrypt!('development')
+
+    @config['encrypted_development']['encrypted_user'].should_not be_nil
+    @config['encrypted_development']['encrypted_password'].should_not be_nil
+
+    @config['encrypted_development']['user'].should be_nil
+    @config['encrypted_development']['password'].should be_nil
+
+    decrypted_env = @hash_encryptor.decrypt_val(@config['encrypted_development'])
+
+    decrypted_env.should == original_development
+  end
+
+  it 'can deep replace attributes in the hash with encrypted values' do
+    @hash_encryptor.encrypt!('production')
+
+    @config['encrypted_production']['encrypted_user'].should_not be_nil
+    @config['encrypted_production']['encrypted_password'].should_not be_nil
+    @config['encrypted_production']['encrypted_database'].should_not be_nil
+    @config['encrypted_production']['encrypted_database']['encrypted_db_user'].should_not be_nil
+    @config['encrypted_production']['encrypted_database']['encrypted_db_password'].should_not be_nil
+
+    @config['production'].should be_nil
+    @config['encrypted_production']['database'].should be_nil
+
+    decrypted_env = @hash_encryptor.decrypt_val(@config['encrypted_production'])
+
+    decrypted_env.should == {
+      'user'     => 'admin',
+      'password' => '1234',
+        'database' => {
+          'adapter'     => 'postgresql',
+          'db_user'     => 'scott',
+          'db_password' => 'tiger'
+        }
+    }
+  end
+
+  it 'can match keys to replace against a glob expresion' do
+    @hash_encryptor.encrypt_paths!('*.database.db_*')
+
+    @config['development']['database']['adapter'].should == 'sqlite'
+    @config['development']['database']['user'].should be_nil
+    @config['development']['database']['password'].should be_nil
+    @config['development']['database']['encrypted_db_user'].should_not be_nil
+    @config['development']['database']['encrypted_db_password'].should_not be_nil
+
+    @config['production']['database']['adapter'].should == 'postgresql'
+    @config['production']['database']['user'].should be_nil
+    @config['production']['database']['password'].should be_nil
+    @config['production']['database']['encrypted_db_user'].should_not be_nil
+    @config['production']['database']['encrypted_db_password'].should_not be_nil
+  end
+end

data/spec/lib/safe_credential/hash_query_spec.rb

@@ -0,0 +1,45 @@
+require 'spec_helper'
+
+describe SafeCredentials::HashQuery do
+
+  before :each do
+    @hash = {
+      'development' => {
+        'user'     => 'wadus',
+        'password' => 'secret',
+        'database' => {
+          'adapter'     => 'sqlite',
+          'db_user'     => 'scott',
+          'db_password' => 'tiger'
+        }
+      },
+      'production' => {
+        'user'     => 'admin',
+        'password' => '1234',
+        'database' => {
+          'adapter'     => 'postgresql',
+          'db_user'     => 'scott',
+          'db_password' => 'tiger'
+        }
+      }
+    }
+
+    @hash.extend SafeCredentials::HashQuery
+  end
+
+  it "can query paths without glob expressions" do
+    @hash.query('production.database.adapter').should == ['production.database.adapter']
+  end
+
+  it "can query matching using glob expressions" do
+    @hash.query('*.database.db_*').should =~ [
+      'development.database.db_password', 'development.database.db_user',
+      'production.database.db_password',  'production.database.db_user'
+    ]
+
+    @hash.query('**.*password').should =~ [
+      'development.password', 'development.database.db_password',
+      'production.password',  'production.database.db_password'
+    ]
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1 @@
+require_relative '../lib/safe_credentials'

metadata

@@ -0,0 +1,147 @@
+--- !ruby/object:Gem::Specification
+name: safe_credentials
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Alberto F. Capel
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-06-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: gibberish
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Encrypt sensitive credentials so you can store your configuration files
+  in source control
+email:
+- afcapel@gmail.com
+executables:
+- safe_credentials
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/safe_credentials
+- lib/safe_credentials.rb
+- lib/safe_credentials/cli.rb
+- lib/safe_credentials/config.rb
+- lib/safe_credentials/engine.rb
+- lib/safe_credentials/hash_encryptor.rb
+- lib/safe_credentials/hash_query.rb
+- lib/safe_credentials/version.rb
+- safe_credentials.gemspec
+- spec/.DS_Store
+- spec/fixtures/config.yml
+- spec/fixtures/encrypted_config.yml
+- spec/lib/.DS_Store
+- spec/lib/safe_credential/config_spec.rb
+- spec/lib/safe_credential/hash_encryptor_spec.rb
+- spec/lib/safe_credential/hash_query_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/afcapel/safe_credentials
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.0
+signing_key: 
+specification_version: 4
+summary: Safe Credentials allows you to encrypt sensitive credentials so you can store
+  your configuration files in source control.
+test_files:
+- spec/.DS_Store
+- spec/fixtures/config.yml
+- spec/fixtures/encrypted_config.yml
+- spec/lib/.DS_Store
+- spec/lib/safe_credential/config_spec.rb
+- spec/lib/safe_credential/hash_encryptor_spec.rb
+- spec/lib/safe_credential/hash_query_spec.rb
+- spec/spec_helper.rb