secret-keeper 0.2.0 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/README.md +25 -27
- data/lib/secret-keeper.rb +5 -3
- data/spec/secret-keeper_spec.rb +5 -5
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 125a92be1b1a91a487b487a7ad5896a6944fa565
|
|
4
|
+
data.tar.gz: d2c860df86d3711ca1c1f475be655eb9c30c1306
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 28eccb33926ba31c2e192faea7bc09ac460d2fbe5822c785f39ea63bd50f4653e29d6e2764a4a982668512834207a16f016570bea282d9dd8c993492e33ce9c4
|
|
7
|
+
data.tar.gz: d1639ce6af25d95ffcd11f76bd06d2daee2351f441ccb6690f173bbd1e49d9de5cf4110b5c450dbe32b82f3a72c61399969cc31a8351273b20db7ed502eb509e
|
data/README.md
CHANGED
|
@@ -12,17 +12,34 @@ with bundler, write follwing line in your Gemfile
|
|
|
12
12
|
|
|
13
13
|
gem 'secret-keeper', require: false
|
|
14
14
|
|
|
15
|
-
|
|
16
15
|
## Usage
|
|
17
|
-
|
|
16
|
+
1. setup files need to be encrypted in config/secret-keeper.yml
|
|
17
|
+
|
|
18
|
+
# config/secret-keeper.yml example
|
|
19
|
+
development:
|
|
20
|
+
ev_name: SECRET_KEEPER
|
|
21
|
+
cipher: AES-256-CBC
|
|
22
|
+
tasks:
|
|
23
|
+
-
|
|
24
|
+
encrypt_from: example/database.yml
|
|
25
|
+
encrypt_to: example/database.yml.enc
|
|
26
|
+
# decrypt_from: example/database.yml.enc
|
|
27
|
+
# decrypt_to: example/database.yml
|
|
28
|
+
-
|
|
29
|
+
encrypt_from: example/secrets_from_other_source.yml
|
|
30
|
+
encrypt_to: example/secrets.yml.enc
|
|
31
|
+
# decrypt_from: example/secrets.yml.enc
|
|
32
|
+
decrypt_to: example/secrets.yml
|
|
33
|
+
|
|
34
|
+
2. using environment variable SECRET_KEEPER to be your key of cipher
|
|
18
35
|
|
|
19
|
-
$>
|
|
36
|
+
$> SECRET_KEEPER=[YOUR-CIPHER-KEY-HERE] irb
|
|
20
37
|
|
|
21
|
-
require on demand
|
|
38
|
+
3. require on demand
|
|
22
39
|
|
|
23
40
|
irb> require 'secret-keeper'
|
|
24
41
|
|
|
25
|
-
encrypt files based on your tasks defined in config/secret-keeper.yml
|
|
42
|
+
4. encrypt files based on your tasks defined in config/secret-keeper.yml
|
|
26
43
|
|
|
27
44
|
irb> SecretKeeper.encrypt_files
|
|
28
45
|
# Encrypting...
|
|
@@ -30,7 +47,7 @@ encrypt files based on your tasks defined in config/secret-keeper.yml
|
|
|
30
47
|
# * example/secrets.yml --> example/secrets.yml.enc, ok
|
|
31
48
|
# Over!
|
|
32
49
|
|
|
33
|
-
decrypt files based on your tasks defined in config/secret-keeper.yml
|
|
50
|
+
5. decrypt files based on your tasks defined in config/secret-keeper.yml
|
|
34
51
|
|
|
35
52
|
irb> SecretKeeper.decrypt_files
|
|
36
53
|
# Decrypting...
|
|
@@ -40,24 +57,5 @@ decrypt files based on your tasks defined in config/secret-keeper.yml
|
|
|
40
57
|
|
|
41
58
|
## Available Ciphers
|
|
42
59
|
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
## Config Example
|
|
46
|
-
|
|
47
|
-
development: &development
|
|
48
|
-
cipher: AES-256-CBC
|
|
49
|
-
tasks:
|
|
50
|
-
-
|
|
51
|
-
encrypt_from: example/database.yml
|
|
52
|
-
encrypt_to: example/database.yml.enc
|
|
53
|
-
# decrypt_from: example/database.yml.enc
|
|
54
|
-
# decrypt_to: example/database.yml
|
|
55
|
-
-
|
|
56
|
-
encrypt_from: example/secrets_from_other_source.yml
|
|
57
|
-
encrypt_to: example/secrets.yml.enc
|
|
58
|
-
# decrypt_from: example/secrets.yml.enc
|
|
59
|
-
decrypt_to: example/secrets.yml
|
|
60
|
-
test:
|
|
61
|
-
<<: *development
|
|
62
|
-
production:
|
|
63
|
-
<<: *development
|
|
60
|
+
irb> require 'openssl'
|
|
61
|
+
irb> OpenSSL::Cipher.ciphers
|
data/lib/secret-keeper.rb
CHANGED
|
@@ -37,11 +37,13 @@ class SecretKeeper
|
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
def initialize
|
|
40
|
-
fail 'environment variable OPENSSL_PASS not exist' if ENV['OPENSSL_PASS'].nil?
|
|
41
40
|
env = ENV['RAILS_ENV'] || 'development'
|
|
42
41
|
string = File.open('config/secret-keeper.yml', 'rb') { |f| f.read }
|
|
42
|
+
fail 'config/secret-keeper.yml not existed nor not readable' if string.nil?
|
|
43
43
|
config = YAML.load(string)[env]
|
|
44
44
|
fail 'config/secret-keeper.yml incorrect or environment not exist' if config.nil?
|
|
45
|
+
@ev_name = config['ev_name'] || 'SECRET_KEEPER'
|
|
46
|
+
fail "environment variable #{@ev_name} not exist" if ENV[@ev_name].nil?
|
|
45
47
|
|
|
46
48
|
@tasks = config['tasks']
|
|
47
49
|
@using_cipher = OpenSSL::Cipher.new(config['cipher'])
|
|
@@ -71,13 +73,13 @@ class SecretKeeper
|
|
|
71
73
|
|
|
72
74
|
def encrypt(data)
|
|
73
75
|
cipher = @using_cipher.encrypt
|
|
74
|
-
cipher.key = Digest::SHA2.hexdigest(ENV[
|
|
76
|
+
cipher.key = Digest::SHA2.hexdigest(ENV[@ev_name])[0..(cipher.key_len-1)]
|
|
75
77
|
cipher.update(data) + cipher.final
|
|
76
78
|
end
|
|
77
79
|
|
|
78
80
|
def decrypt(data)
|
|
79
81
|
cipher = @using_cipher.decrypt
|
|
80
|
-
cipher.key = Digest::SHA2.hexdigest(ENV[
|
|
82
|
+
cipher.key = Digest::SHA2.hexdigest(ENV[@ev_name])[0..(cipher.key_len-1)]
|
|
81
83
|
cipher.update(data) + cipher.final
|
|
82
84
|
end
|
|
83
85
|
end
|
data/spec/secret-keeper_spec.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
describe SecretKeeper do
|
|
2
2
|
before(:each) do
|
|
3
|
-
ENV['
|
|
3
|
+
ENV['SECRET_KEEPER'] = 'PASSWORD_HERE'
|
|
4
4
|
end
|
|
5
5
|
|
|
6
6
|
describe '.encrypt_files' do
|
|
@@ -16,14 +16,14 @@ describe SecretKeeper do
|
|
|
16
16
|
expect(result).to eq(true)
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
-
it 'should be false, if
|
|
20
|
-
ENV['
|
|
19
|
+
it 'should be false, if SECRET_KEEPER incorrect' do
|
|
20
|
+
ENV['SECRET_KEEPER'] = 'incorrect'
|
|
21
21
|
result = SecretKeeper.decrypt_files
|
|
22
22
|
expect(result).to eq(false)
|
|
23
23
|
end
|
|
24
24
|
|
|
25
|
-
it 'should raise error, if
|
|
26
|
-
ENV['
|
|
25
|
+
it 'should raise error, if SECRET_KEEPER nil' do
|
|
26
|
+
ENV['SECRET_KEEPER'] = nil
|
|
27
27
|
expect{ SecretKeeper.decrypt_files }.to raise_error(RuntimeError)
|
|
28
28
|
end
|
|
29
29
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: secret-keeper
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ray Lee
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-06-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|
|
@@ -34,7 +34,7 @@ files:
|
|
|
34
34
|
- README.md
|
|
35
35
|
- lib/secret-keeper.rb
|
|
36
36
|
- spec/secret-keeper_spec.rb
|
|
37
|
-
homepage: https://
|
|
37
|
+
homepage: https://gitlab.com/ray-lee/secret-keeper
|
|
38
38
|
licenses:
|
|
39
39
|
- MIT
|
|
40
40
|
metadata: {}
|
|
@@ -55,7 +55,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
55
55
|
version: '0'
|
|
56
56
|
requirements: []
|
|
57
57
|
rubyforge_project:
|
|
58
|
-
rubygems_version: 2.
|
|
58
|
+
rubygems_version: 2.6.14
|
|
59
59
|
signing_key:
|
|
60
60
|
specification_version: 4
|
|
61
61
|
summary: Keep all your secret files within openssl
|