sanctum 0.9.1 → 0.9.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/sanctum/vault_transit.rb +11 -11
- data/lib/sanctum/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9d1b5442aef18dd24c64c9f428d1654ac0e8c8da40f42682fd24bd3b712f4ac9
|
|
4
|
+
data.tar.gz: 7bc8c57678eb21a334dc7918121f4d54f5fdba4a435daa84538c5f6ab5909842
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: '06792233d64691d21232ac32657bde81dbf403e902b505b45f96a301248cbb08b96433a9377ad2e9e0ec6e82598016984d4a26f8be84d130f802e42c20483bea'
|
|
7
|
+
data.tar.gz: 12272a6b0efcf2e724b92bcc182be8d3647e15c844b73027712d5673729e1b562b7c162dda6b8e12ae762260d81c0004c471214bee4f185f984d527640a0748b
|
data/Gemfile.lock
CHANGED
|
@@ -8,12 +8,6 @@ module Sanctum
|
|
|
8
8
|
def self.encrypt(vault_client, secrets, transit_key)
|
|
9
9
|
transit_key = Pathname.new(transit_key)
|
|
10
10
|
|
|
11
|
-
#TODO probably nice to do this check earlier on,
|
|
12
|
-
#Such as in command/base
|
|
13
|
-
unless transit_key_exist?(vault_client, transit_key)
|
|
14
|
-
raise red("#{transit_key} does not exist")
|
|
15
|
-
end
|
|
16
|
-
|
|
17
11
|
secrets.each do |k, v|
|
|
18
12
|
v = encode(v.to_json)
|
|
19
13
|
#TODO: Fix this....
|
|
@@ -21,16 +15,27 @@ module Sanctum
|
|
|
21
15
|
secrets[k] = v
|
|
22
16
|
end
|
|
23
17
|
secrets
|
|
18
|
+
rescue Vault::HTTPClientError => e
|
|
19
|
+
if e.code == 403
|
|
20
|
+
raise red("#{transit_key} either doesn't exist, or you don't have the proper permissions")
|
|
21
|
+
end
|
|
22
|
+
raise
|
|
24
23
|
end
|
|
25
24
|
|
|
26
25
|
def self.decrypt(vault_client, secrets, transit_key)
|
|
27
26
|
transit_key = Pathname.new(transit_key)
|
|
27
|
+
|
|
28
28
|
secrets.each do |k, v|
|
|
29
29
|
v = vault_client.logical.write("#{transit_key.dirname.to_s.split("/")[0]}/decrypt/#{transit_key.basename}", ciphertext: v)
|
|
30
30
|
v = JSON(decode(v.data[:plaintext]))
|
|
31
31
|
secrets[k] = v
|
|
32
32
|
end
|
|
33
33
|
secrets
|
|
34
|
+
rescue Vault::HTTPClientError => e
|
|
35
|
+
if e.code == 403
|
|
36
|
+
raise red("#{transit_key} either doesn't exist, or you don't have the proper permissions")
|
|
37
|
+
end
|
|
38
|
+
raise
|
|
34
39
|
end
|
|
35
40
|
|
|
36
41
|
# Writes secrets encrypted with transit to local files
|
|
@@ -71,14 +76,9 @@ module Sanctum
|
|
|
71
76
|
Base64.decode64(string)
|
|
72
77
|
end
|
|
73
78
|
|
|
74
|
-
def self.transit_key_exist?(vault_client, transit_key)
|
|
75
|
-
!vault_client.logical.read(transit_key.to_path).nil?
|
|
76
|
-
end
|
|
77
|
-
|
|
78
79
|
def self.create_path(path)
|
|
79
80
|
path = Pathname.new(path).parent.to_path
|
|
80
81
|
FileUtils.mkdir_p(path) unless File.directory?(path)
|
|
81
82
|
end
|
|
82
|
-
|
|
83
83
|
end
|
|
84
84
|
end
|
data/lib/sanctum/version.rb
CHANGED