secret-keeper 0.2.2 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +5 -5
  2. data/README.md +16 -7
  3. data/lib/secret-keeper.rb +37 -13
  4. data/spec/secret-keeper_spec.rb +11 -0
  5. metadata +4 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 125a92be1b1a91a487b487a7ad5896a6944fa565
4
- data.tar.gz: d2c860df86d3711ca1c1f475be655eb9c30c1306
2
+ SHA256:
3
+ metadata.gz: a4af085b4a020f82a80ec5e4f2995fc676c6d24497b424ccfe5788d8fa83085b
4
+ data.tar.gz: 4f3c88876416d7dadf20f903338827b52c03ecb1799b5b31b823d5cd484e5513
5
5
  SHA512:
6
- metadata.gz: 28eccb33926ba31c2e192faea7bc09ac460d2fbe5822c785f39ea63bd50f4653e29d6e2764a4a982668512834207a16f016570bea282d9dd8c993492e33ce9c4
7
- data.tar.gz: d1639ce6af25d95ffcd11f76bd06d2daee2351f441ccb6690f173bbd1e49d9de5cf4110b5c450dbe32b82f3a72c61399969cc31a8351273b20db7ed502eb509e
6
+ metadata.gz: 40512c3536a8f2b8824f3d6fbf97df57e8381fb7d5f135ef3ac05771a6ca9b472e52aa1818e35d7699400b688f918b6f534895eef04ff359d4706f99bd24da37
7
+ data.tar.gz: 5aecafc7b60fb43bc34b46744b63761db551b44d428e7fcfdb8afd8ee74e157a51f43903f45e3f8bf925150975d5c80e999344cef824e81e01c3603591f2190e
data/README.md CHANGED
@@ -13,7 +13,7 @@ with bundler, write follwing line in your Gemfile
13
13
  gem 'secret-keeper', require: false
14
14
 
15
15
  ## Usage
16
- 1. setup files need to be encrypted in config/secret-keeper.yml
16
+ setup files need to be encrypted in config/secret-keeper.yml
17
17
 
18
18
  # config/secret-keeper.yml example
19
19
  development:
@@ -31,29 +31,38 @@ with bundler, write follwing line in your Gemfile
31
31
  # decrypt_from: example/secrets.yml.enc
32
32
  decrypt_to: example/secrets.yml
33
33
 
34
- 2. using environment variable SECRET_KEEPER to be your key of cipher
34
+ using environment variable SECRET_KEEPER to be your key of cipher
35
35
 
36
36
  $> SECRET_KEEPER=[YOUR-CIPHER-KEY-HERE] irb
37
37
 
38
- 3. require on demand
38
+ require on demand
39
39
 
40
40
  irb> require 'secret-keeper'
41
41
 
42
- 4. encrypt files based on your tasks defined in config/secret-keeper.yml
42
+ encrypt files based on your tasks defined in config/secret-keeper.yml
43
43
 
44
44
  irb> SecretKeeper.encrypt_files
45
45
  # Encrypting...
46
46
  # * example/database.yml --> example/database.yml.enc, ok
47
47
  # * example/secrets.yml --> example/secrets.yml.enc, ok
48
- # Over!
48
+ # Done!
49
49
 
50
- 5. decrypt files based on your tasks defined in config/secret-keeper.yml
50
+ decrypt files based on your tasks defined in config/secret-keeper.yml
51
51
 
52
52
  irb> SecretKeeper.decrypt_files
53
53
  # Decrypting...
54
54
  # * example/database.yml.enc --> example/database.yml, ok
55
55
  # * example/secrets.yml.enc --> example/secrets.yml, ok
56
- # Over!
56
+ # Done!
57
+
58
+ decrypt files and remove production configs
59
+
60
+ irb> production? = true
61
+ irb> SecretKeeper.decrypt_files(production?)
62
+ # Decrypting... (production config removed)
63
+ # * example/database.yml.enc --> example/database.yml, ok
64
+ # * example/secrets.yml.enc --> example/secrets.yml, ok
65
+ # Done!
57
66
 
58
67
  ## Available Ciphers
59
68
 
data/lib/secret-keeper.rb CHANGED
@@ -4,7 +4,7 @@ require 'yaml'
4
4
  class SecretKeeper
5
5
  def self.encrypt_files
6
6
  sk = SecretKeeper.new
7
- puts 'Encrypting...'
7
+ puts 'Encrypting...' unless sk.slience
8
8
  ok_queue = []
9
9
  sk.tasks.each do |task|
10
10
  from = task['encrypt_from']
@@ -12,27 +12,34 @@ class SecretKeeper
12
12
 
13
13
  result = sk.encrypt_file(from, to)
14
14
  ok_queue << result if result == :ok
15
- puts " * #{from} --> #{to}, #{result}"
15
+ puts " * #{from} --> #{to}, #{result}" unless sk.slience
16
16
  end
17
17
  success = ok_queue.count == sk.tasks.count
18
- puts success ? 'Done!' : 'Failed!'
18
+ puts success ? 'Done!' : 'Failed!' unless sk.slience
19
19
  success
20
20
  end
21
21
 
22
- def self.decrypt_files
22
+ def self.decrypt_files(remove_production=false)
23
23
  sk = SecretKeeper.new
24
- puts 'Decrypting...'
24
+ print 'Decrypting...' unless sk.slience
25
+ puts remove_production ? '(production config removed)' : nil unless sk.slience
26
+
25
27
  ok_queue = []
26
28
  sk.tasks.each do |task|
27
29
  from = task['decrypt_from'] || task['encrypt_to']
28
30
  to = task['decrypt_to'] || task['encrypt_from']
29
31
 
30
32
  result = sk.decrypt_file(from, to)
33
+
34
+ if result == :ok && remove_production
35
+ result = sk.remove_production_config(to)
36
+ end
37
+
31
38
  ok_queue << result if result == :ok
32
- puts " * #{from} --> #{to}, #{result}"
39
+ puts " * #{from} --> #{to}, #{result}" unless sk.slience
33
40
  end
34
41
  success = ok_queue.count == sk.tasks.count
35
- puts success ? 'Done!' : 'Failed!'
42
+ puts success ? 'Done!' : 'Failed!' unless sk.slience
36
43
  success
37
44
  end
38
45
 
@@ -42,17 +49,24 @@ class SecretKeeper
42
49
  fail 'config/secret-keeper.yml not existed nor not readable' if string.nil?
43
50
  config = YAML.load(string)[env]
44
51
  fail 'config/secret-keeper.yml incorrect or environment not exist' if config.nil?
45
- @ev_name = config['ev_name'] || 'SECRET_KEEPER'
46
- fail "environment variable #{@ev_name} not exist" if ENV[@ev_name].nil?
52
+ ev_name = config['ev_name'] || 'SECRET_KEEPER'
53
+ fail "environment variable #{ev_name} not exist" if ENV[ev_name].nil?
47
54
 
48
55
  @tasks = config['tasks']
49
- @using_cipher = OpenSSL::Cipher.new(config['cipher'])
56
+ @using_cipher = OpenSSL::Cipher.new(config['cipher'] || 'AES-256-CBC')
57
+ @cipher_key = Digest::SHA2.hexdigest(ENV[ev_name])[0...@using_cipher.key_len]
58
+
59
+ @slience = config['slience'] || false
50
60
  end
51
61
 
52
62
  def tasks
53
63
  @tasks
54
64
  end
55
65
 
66
+ def slience
67
+ @slience
68
+ end
69
+
56
70
  def encrypt_file(from_file, to_file)
57
71
  encrypted = File.open(from_file, 'rb') { |f| encrypt(f.read) }
58
72
  File.open(to_file, 'w:ASCII-8BIT') { |f| f.write(encrypted) }
@@ -63,7 +77,17 @@ class SecretKeeper
63
77
 
64
78
  def decrypt_file(from_file, to_file)
65
79
  decrypted = File.open(from_file, 'rb') { |f| decrypt(f.read) }
66
- File.open(to_file, 'w') { |f| f.write(decrypted) }
80
+ File.open(to_file, 'w') { |f| f.write(decrypted.force_encoding('UTF-8')) }
81
+ :ok
82
+ rescue => e
83
+ e
84
+ end
85
+
86
+ def remove_production_config(file_path)
87
+ return :ok unless file_path =~ /\.yml/
88
+ hash = YAML.load_file(file_path)
89
+ hash.delete('production')
90
+ File.write(file_path, YAML.dump(hash))
67
91
  :ok
68
92
  rescue => e
69
93
  e
@@ -73,13 +97,13 @@ class SecretKeeper
73
97
 
74
98
  def encrypt(data)
75
99
  cipher = @using_cipher.encrypt
76
- cipher.key = Digest::SHA2.hexdigest(ENV[@ev_name])[0..(cipher.key_len-1)]
100
+ cipher.key = @cipher_key
77
101
  cipher.update(data) + cipher.final
78
102
  end
79
103
 
80
104
  def decrypt(data)
81
105
  cipher = @using_cipher.decrypt
82
- cipher.key = Digest::SHA2.hexdigest(ENV[@ev_name])[0..(cipher.key_len-1)]
106
+ cipher.key = @cipher_key
83
107
  cipher.update(data) + cipher.final
84
108
  end
85
109
  end
data/spec/secret-keeper_spec.rb CHANGED
@@ -14,6 +14,17 @@ describe SecretKeeper do
14
14
  it 'should return true' do
15
15
  result = SecretKeeper.decrypt_files
16
16
  expect(result).to eq(true)
17
+ hash = YAML.load_file('example/secrets.yml')
18
+ expect(hash['development']['secret_key_base']).to eq('e8310af93d52f174f475940c41fbfb90417b300ebc19e1b24bd5639f4fe35c5ffaa5775a347ace9732958f656a47f6bb8e1fd0760b12e51b0b4fe1f65ef0a1d6')
19
+ expect(hash['production']['secret_key_base']).to eq('339f639f4fe35c5ffaa47ace973260b12e51b0b4fe1f65effd283a5f054f47594b24bd565779e351a20dfd4ada4f777958f0417b305c06cdedbde392b8e1fd07')
20
+ end
21
+
22
+ it 'should return true on remove_production true' do
23
+ result = SecretKeeper.decrypt_files(ENV['RAILS_ENV'] != 'production')
24
+ expect(result).to eq(true)
25
+ hash = YAML.load_file('example/secrets.yml')
26
+ expect(hash['development']['secret_key_base']).to eq('e8310af93d52f174f475940c41fbfb90417b300ebc19e1b24bd5639f4fe35c5ffaa5775a347ace9732958f656a47f6bb8e1fd0760b12e51b0b4fe1f65ef0a1d6')
27
+ expect(hash['production']).to be_nil
17
28
  end
18
29
 
19
30
  it 'should be false, if SECRET_KEEPER incorrect' do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secret-keeper
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ray Lee
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-06-13 00:00:00.000000000 Z
11
+ date: 2021-02-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
@@ -34,7 +34,7 @@ files:
34
34
  - README.md
35
35
  - lib/secret-keeper.rb
36
36
  - spec/secret-keeper_spec.rb
37
- homepage: https://gitlab.com/ray-lee/secret-keeper
37
+ homepage: https://github.com/kdan-mobile-software-ltd/secret-keeper
38
38
  licenses:
39
39
  - MIT
40
40
  metadata: {}
@@ -54,8 +54,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
54
54
  - !ruby/object:Gem::Version
55
55
  version: '0'
56
56
  requirements: []
57
- rubyforge_project:
58
- rubygems_version: 2.6.14
57
+ rubygems_version: 3.1.4
59
58
  signing_key:
60
59
  specification_version: 4
61
60
  summary: Keep all your secret files within openssl