RubyGems - secret-keeper - Versions diffs - 0.2.2 → 0.2.3 - Mend

secret-keeper 0.2.2 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 125a92be1b1a91a487b487a7ad5896a6944fa565
-  data.tar.gz: d2c860df86d3711ca1c1f475be655eb9c30c1306
+  metadata.gz: 7c87b79fcce67c78b028bb3b187cc066aa23f271
+  data.tar.gz: 9d81e3628a1e4ed04633804eee39824a5330e98b
 SHA512:
-  metadata.gz: 28eccb33926ba31c2e192faea7bc09ac460d2fbe5822c785f39ea63bd50f4653e29d6e2764a4a982668512834207a16f016570bea282d9dd8c993492e33ce9c4
-  data.tar.gz: d1639ce6af25d95ffcd11f76bd06d2daee2351f441ccb6690f173bbd1e49d9de5cf4110b5c450dbe32b82f3a72c61399969cc31a8351273b20db7ed502eb509e
+  metadata.gz: ba69873cbefe49a2b42313860f81c329090c0e403348d168b927f4e3fcb36d2e48194dbf591f989c3ea8b8bd33aa9e9769c1613df163b79c3438c583d0a98f7e
+  data.tar.gz: 6dbf25fe77afd394ecd481e409d24fc4afdafb6aa910432a1bef9f0a5b179521f9270a8de58f06d959b1911e2eff1862822edbdda9706d1ff5fb0f4d352dc36a

data/README.md CHANGED

@@ -13,7 +13,7 @@ with bundler, write follwing line in your Gemfile
     gem 'secret-keeper', require: false
 ## Usage
-1. setup files need to be encrypted in config/secret-keeper.yml
+setup files need to be encrypted in config/secret-keeper.yml
     # config/secret-keeper.yml example
     development:
@@ -31,29 +31,39 @@ with bundler, write follwing line in your Gemfile
           # decrypt_from: example/secrets.yml.enc
           decrypt_to: example/secrets.yml
-2. using environment variable SECRET_KEEPER to be your key of cipher
+using environment variable SECRET_KEEPER to be your key of cipher
     $> SECRET_KEEPER=[YOUR-CIPHER-KEY-HERE] irb
-3. require on demand
+require on demand
     irb> require 'secret-keeper'
-4. encrypt files based on your tasks defined in config/secret-keeper.yml
+encrypt files based on your tasks defined in config/secret-keeper.yml
     irb> SecretKeeper.encrypt_files
     # Encrypting...
     #   * example/database.yml --> example/database.yml.enc, ok
     #   * example/secrets.yml --> example/secrets.yml.enc, ok
-    # Over!
+    # Done!
-5. decrypt files based on your tasks defined in config/secret-keeper.yml
+decrypt files based on your tasks defined in config/secret-keeper.yml
     irb> SecretKeeper.decrypt_files
     # Decrypting...
     #   * example/database.yml.enc --> example/database.yml, ok
     #   * example/secrets.yml.enc --> example/secrets.yml, ok
-    # Over!
+    # Done!
+decrypt files based on your tasks defined in config/secret-keeper.yml
+    irb> SecretKeeper.decrypt_files
+    # Decrypting...
+    # remove production configs after decrypted
+    #   * example/database.yml.enc --> example/database.yml, ok
+    #   * example/secrets.yml.enc --> example/secrets.yml, ok
+    # Done!
+    result = SecretKeeper.decrypt_files(ENV['RAILS_ENV'] != 'production')
 ## Available Ciphers

data/lib/secret-keeper.rb CHANGED

@@ -19,15 +19,21 @@ class SecretKeeper
     success
   end
-  def self.decrypt_files
+  def self.decrypt_files(remove_production=false)
     sk = SecretKeeper.new
     puts 'Decrypting...'
+    puts 'remove production configs after decrypted' if remove_production
     ok_queue = []
     sk.tasks.each do |task|
       from = task['decrypt_from'] || task['encrypt_to']
       to = task['decrypt_to'] || task['encrypt_from']
       result = sk.decrypt_file(from, to)
+      if result == :ok && remove_production
+        result = sk.remove_production_config(to)
+      end
       ok_queue << result if result == :ok
       puts "  * #{from} --> #{to}, #{result}"
     end
@@ -42,9 +48,10 @@ class SecretKeeper
     fail 'config/secret-keeper.yml not existed nor not readable' if string.nil?
     config = YAML.load(string)[env]
     fail 'config/secret-keeper.yml incorrect or environment not exist' if config.nil?
-    @ev_name = config['ev_name'] || 'SECRET_KEEPER'
-    fail "environment variable #{@ev_name} not exist" if ENV[@ev_name].nil?
+    ev_name = config['ev_name'] || 'SECRET_KEEPER'
+    fail "environment variable #{ev_name} not exist" if ENV[ev_name].nil?
+    @cipher_digest = ENV[ev_name]
     @tasks = config['tasks']
     @using_cipher = OpenSSL::Cipher.new(config['cipher'])
   end
@@ -69,17 +76,28 @@ class SecretKeeper
     e
   end
+  def remove_production_config(file_path)
+    hash = YAML.load_file(file_path)
+    hash.delete('production')
+    File.write(file_path, YAML.dump(hash))
+    :ok
+  rescue => e
+    e
+  end
   private
   def encrypt(data)
     cipher = @using_cipher.encrypt
-    cipher.key = Digest::SHA2.hexdigest(ENV[@ev_name])[0..(cipher.key_len-1)]
+    key_size_range = 0..(cipher.key_len-1)
+    cipher.key = Digest::SHA2.hexdigest(@cipher_digest)[key_size_range]
     cipher.update(data) + cipher.final
   end
   def decrypt(data)
     cipher = @using_cipher.decrypt
-    cipher.key = Digest::SHA2.hexdigest(ENV[@ev_name])[0..(cipher.key_len-1)]
+    key_size_range = 0..(cipher.key_len-1)
+    cipher.key = Digest::SHA2.hexdigest(@cipher_digest)[key_size_range]
     cipher.update(data) + cipher.final
   end
 end

data/spec/secret-keeper_spec.rb CHANGED

@@ -14,6 +14,17 @@ describe SecretKeeper do
     it 'should return true' do
       result = SecretKeeper.decrypt_files
       expect(result).to eq(true)
+      hash = YAML.load_file('example/secrets.yml')
+      expect(hash['development']['secret_key_base']).to eq('e8310af93d52f174f475940c41fbfb90417b300ebc19e1b24bd5639f4fe35c5ffaa5775a347ace9732958f656a47f6bb8e1fd0760b12e51b0b4fe1f65ef0a1d6')
+      expect(hash['production']['secret_key_base']).to eq('339f639f4fe35c5ffaa47ace973260b12e51b0b4fe1f65effd283a5f054f47594b24bd565779e351a20dfd4ada4f777958f0417b305c06cdedbde392b8e1fd07')
+    end
+    it 'should return true on remove_production true' do
+      result = SecretKeeper.decrypt_files(ENV['RAILS_ENV'] != 'production')
+      expect(result).to eq(true)
+      hash = YAML.load_file('example/secrets.yml')
+      expect(hash['development']['secret_key_base']).to eq('e8310af93d52f174f475940c41fbfb90417b300ebc19e1b24bd5639f4fe35c5ffaa5775a347ace9732958f656a47f6bb8e1fd0760b12e51b0b4fe1f65ef0a1d6')
+      expect(hash['production']).to be_nil
     end
     it 'should be false, if SECRET_KEEPER incorrect' do

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: secret-keeper
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.2.3
 platform: ruby
 authors:
 - Ray Lee
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-06-13 00:00:00.000000000 Z
+date: 2018-07-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec