sanctum 0.8.6.rc2 → 0.8.6.rc3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +4 -2
- data/README.md +1 -0
- data/lib/sanctum/cli.rb +9 -0
- data/lib/sanctum/command.rb +1 -0
- data/lib/sanctum/command/import.rb +56 -0
- data/lib/sanctum/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 46c1275f8059a02fc701ef91c2e4a8ddab9e5d7221f832ad5d4112d42c13d091
|
|
4
|
+
data.tar.gz: f06b1944d320cf3a0a1df7f78e928fd1fab95f39f29d422fb53ac5ef0962b86b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 283bb7fd1215cc8284da0ef3288791b3008feab3c29e9d3f45d302a0d57371ddb7098e8d98ebacedc988e8753e6bee12a5fbb47de945939fb9fa80b51fae64f4
|
|
7
|
+
data.tar.gz: 3d070fbbc2cbee3e0ad9150b1d1da64dd7767f48c1968e216f9cc5e08123418b7edf3877866498669a1299f1eaa027e7884048e5f174adcaad47c2d12142d163
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
sanctum (0.8.6.
|
|
4
|
+
sanctum (0.8.6.rc3)
|
|
5
5
|
gli (~> 2.18)
|
|
6
6
|
hashdiff (~> 0.3)
|
|
7
7
|
tty-editor (~> 0.5)
|
|
@@ -11,7 +11,9 @@ GEM
|
|
|
11
11
|
remote: https://rubygems.org/
|
|
12
12
|
specs:
|
|
13
13
|
ast (2.4.0)
|
|
14
|
-
aws-
|
|
14
|
+
aws-eventstream (1.0.2)
|
|
15
|
+
aws-sigv4 (1.1.0)
|
|
16
|
+
aws-eventstream (~> 1.0, >= 1.0.2)
|
|
15
17
|
coderay (1.1.2)
|
|
16
18
|
diff-lcs (1.3)
|
|
17
19
|
equatable (0.5.0)
|
data/README.md
CHANGED
|
@@ -76,6 +76,7 @@ sanctum pull - Pull vault secrets to local files (encrypted).
|
|
|
76
76
|
sanctum config - Generate an example config file.
|
|
77
77
|
sanctum create - Create an encrypted local file.
|
|
78
78
|
sanctum edit - Edit an encrypted local file.
|
|
79
|
+
sanctum import - Import an existing plaintext YAML file.
|
|
79
80
|
sanctum view - View an encrypted local file.
|
|
80
81
|
sanctum update - Update secrets backend to v2 API.
|
|
81
82
|
```
|
data/lib/sanctum/cli.rb
CHANGED
|
@@ -73,6 +73,15 @@ module Sanctum
|
|
|
73
73
|
end
|
|
74
74
|
end
|
|
75
75
|
|
|
76
|
+
desc 'Import a plaintext YAML file'
|
|
77
|
+
arg_name 'path/to/file path/to/encryptedfile'
|
|
78
|
+
command :import do |c|
|
|
79
|
+
common_options c, :targets, :config, :force
|
|
80
|
+
c.action do |_,_,args|
|
|
81
|
+
Command::Import.new(@options_hash, args).run
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
|
|
76
85
|
desc 'View encrypted file[s]'
|
|
77
86
|
arg_name 'path/to/file'
|
|
78
87
|
command :view do |c|
|
data/lib/sanctum/command.rb
CHANGED
|
@@ -10,6 +10,7 @@ require 'sanctum/command/base'
|
|
|
10
10
|
require 'sanctum/command/check'
|
|
11
11
|
require 'sanctum/command/config'
|
|
12
12
|
require 'sanctum/command/create'
|
|
13
|
+
require 'sanctum/command/import'
|
|
13
14
|
require 'sanctum/command/edit'
|
|
14
15
|
require 'sanctum/command/pull'
|
|
15
16
|
require 'sanctum/command/push'
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
require 'fileutils'
|
|
2
|
+
require 'tempfile'
|
|
3
|
+
require 'yaml'
|
|
4
|
+
require 'json'
|
|
5
|
+
|
|
6
|
+
module Sanctum
|
|
7
|
+
module Command
|
|
8
|
+
class Import < Base
|
|
9
|
+
|
|
10
|
+
def run(&block)
|
|
11
|
+
if args.count != '2'
|
|
12
|
+
source_path,dest_path = args
|
|
13
|
+
transit_key = determine_transit_key(dest_path, targets)
|
|
14
|
+
|
|
15
|
+
if options[:cli][:force]
|
|
16
|
+
force = options[:cli][:force]
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
import_file(source_path, dest_path, transit_key, force)
|
|
20
|
+
else
|
|
21
|
+
raise ArgumentError, red('Please pass the path to both the source and the destination file')
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
private
|
|
26
|
+
def import_file(source_path, dest_path, transit_key, force=nil)
|
|
27
|
+
begin
|
|
28
|
+
tmp_file = Tempfile.new(File.basename(source_path))
|
|
29
|
+
FileUtils.cp(source_path, tmp_file)
|
|
30
|
+
|
|
31
|
+
previous_contents = File.read(tmp_file.path)
|
|
32
|
+
TTY::Editor.open(tmp_file.path) unless force
|
|
33
|
+
contents = File.read(tmp_file.path)
|
|
34
|
+
|
|
35
|
+
# Encrypt the data
|
|
36
|
+
data_hash = {"#{tmp_file.path}" => validate(contents)}
|
|
37
|
+
write_encrypted_data(vault_client, data_hash, transit_key)
|
|
38
|
+
tmp_file.close
|
|
39
|
+
|
|
40
|
+
FileUtils.cp(tmp_file.path, dest_path)
|
|
41
|
+
|
|
42
|
+
rescue Exception => e
|
|
43
|
+
# If write_encrypted_data failed, data would fail to write to disk
|
|
44
|
+
# It would be sad to lose that data, at least this would print the contents to the console.
|
|
45
|
+
puts red("Contents may have failed to write\nError: #{e}")
|
|
46
|
+
puts yellow("Contents: \n#{contents}")
|
|
47
|
+
ensure
|
|
48
|
+
tmp_file.close
|
|
49
|
+
secure_erase(tmp_file.path, tmp_file.length)
|
|
50
|
+
tmp_file.unlink
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
end
|
data/lib/sanctum/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sanctum
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.8.6.
|
|
4
|
+
version: 0.8.6.rc3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Corban Raun
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-03-
|
|
11
|
+
date: 2019-03-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: gli
|
|
@@ -180,6 +180,7 @@ files:
|
|
|
180
180
|
- lib/sanctum/command/diff_helper.rb
|
|
181
181
|
- lib/sanctum/command/edit.rb
|
|
182
182
|
- lib/sanctum/command/editor_helper.rb
|
|
183
|
+
- lib/sanctum/command/import.rb
|
|
183
184
|
- lib/sanctum/command/paths_helper.rb
|
|
184
185
|
- lib/sanctum/command/pull.rb
|
|
185
186
|
- lib/sanctum/command/push.rb
|