sanctum 0.9.1 → 0.9.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/sanctum/vault_transit.rb +11 -11
- data/lib/sanctum/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9d1b5442aef18dd24c64c9f428d1654ac0e8c8da40f42682fd24bd3b712f4ac9
|
4
|
+
data.tar.gz: 7bc8c57678eb21a334dc7918121f4d54f5fdba4a435daa84538c5f6ab5909842
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '06792233d64691d21232ac32657bde81dbf403e902b505b45f96a301248cbb08b96433a9377ad2e9e0ec6e82598016984d4a26f8be84d130f802e42c20483bea'
|
7
|
+
data.tar.gz: 12272a6b0efcf2e724b92bcc182be8d3647e15c844b73027712d5673729e1b562b7c162dda6b8e12ae762260d81c0004c471214bee4f185f984d527640a0748b
|
data/Gemfile.lock
CHANGED
@@ -8,12 +8,6 @@ module Sanctum
|
|
8
8
|
def self.encrypt(vault_client, secrets, transit_key)
|
9
9
|
transit_key = Pathname.new(transit_key)
|
10
10
|
|
11
|
-
#TODO probably nice to do this check earlier on,
|
12
|
-
#Such as in command/base
|
13
|
-
unless transit_key_exist?(vault_client, transit_key)
|
14
|
-
raise red("#{transit_key} does not exist")
|
15
|
-
end
|
16
|
-
|
17
11
|
secrets.each do |k, v|
|
18
12
|
v = encode(v.to_json)
|
19
13
|
#TODO: Fix this....
|
@@ -21,16 +15,27 @@ module Sanctum
|
|
21
15
|
secrets[k] = v
|
22
16
|
end
|
23
17
|
secrets
|
18
|
+
rescue Vault::HTTPClientError => e
|
19
|
+
if e.code == 403
|
20
|
+
raise red("#{transit_key} either doesn't exist, or you don't have the proper permissions")
|
21
|
+
end
|
22
|
+
raise
|
24
23
|
end
|
25
24
|
|
26
25
|
def self.decrypt(vault_client, secrets, transit_key)
|
27
26
|
transit_key = Pathname.new(transit_key)
|
27
|
+
|
28
28
|
secrets.each do |k, v|
|
29
29
|
v = vault_client.logical.write("#{transit_key.dirname.to_s.split("/")[0]}/decrypt/#{transit_key.basename}", ciphertext: v)
|
30
30
|
v = JSON(decode(v.data[:plaintext]))
|
31
31
|
secrets[k] = v
|
32
32
|
end
|
33
33
|
secrets
|
34
|
+
rescue Vault::HTTPClientError => e
|
35
|
+
if e.code == 403
|
36
|
+
raise red("#{transit_key} either doesn't exist, or you don't have the proper permissions")
|
37
|
+
end
|
38
|
+
raise
|
34
39
|
end
|
35
40
|
|
36
41
|
# Writes secrets encrypted with transit to local files
|
@@ -71,14 +76,9 @@ module Sanctum
|
|
71
76
|
Base64.decode64(string)
|
72
77
|
end
|
73
78
|
|
74
|
-
def self.transit_key_exist?(vault_client, transit_key)
|
75
|
-
!vault_client.logical.read(transit_key.to_path).nil?
|
76
|
-
end
|
77
|
-
|
78
79
|
def self.create_path(path)
|
79
80
|
path = Pathname.new(path).parent.to_path
|
80
81
|
FileUtils.mkdir_p(path) unless File.directory?(path)
|
81
82
|
end
|
82
|
-
|
83
83
|
end
|
84
84
|
end
|
data/lib/sanctum/version.rb
CHANGED