secret-keeper 1.0.0 → 2.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +25 -9
  3. data/lib/secret-keeper.rb +31 -21
  4. data/spec/secret-keeper_spec.rb +72 -2
  5. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a4af085b4a020f82a80ec5e4f2995fc676c6d24497b424ccfe5788d8fa83085b
4
- data.tar.gz: 4f3c88876416d7dadf20f903338827b52c03ecb1799b5b31b823d5cd484e5513
3
+ metadata.gz: 993613940fe2fd54b0db8ea676aeaeb82a1de574b6d986a904f14e166d9826a2
4
+ data.tar.gz: 92c2b76672090397d60871cf438fc597877351ae74c09cd4f43d927d2c3de0b1
5
5
  SHA512:
6
- metadata.gz: 40512c3536a8f2b8824f3d6fbf97df57e8381fb7d5f135ef3ac05771a6ca9b472e52aa1818e35d7699400b688f918b6f534895eef04ff359d4706f99bd24da37
7
- data.tar.gz: 5aecafc7b60fb43bc34b46744b63761db551b44d428e7fcfdb8afd8ee74e157a51f43903f45e3f8bf925150975d5c80e999344cef824e81e01c3603591f2190e
6
+ metadata.gz: a3c9d114ab4bcd7b0958ff3fa999e2b2ffb3c4bda4eeab15e54841daa9596d24ec6c7323893d07995e8fe6f4c7fb47ccc082e88b5c89513fe12010a350ba1b84
7
+ data.tar.gz: 9a6e63acc12ef13e56237e8dde65e28b45a47423a700b71c6d79486fabcf89dbd3f13426f26e23ab08f54a9ca09fb186b00bcdefab19f6a3c1bc1e27c8682719
data/README.md CHANGED
@@ -12,6 +12,16 @@ with bundler, write follwing line in your Gemfile
12
12
 
13
13
  gem 'secret-keeper', require: false
14
14
 
15
+ ## Upgrade from v1 to v2
16
+
17
+ The *remove_production* parameter of *decrypt_files* has been removed after version 2.0.0.
18
+ If you wants to remove *production* settings after decrypt files, you can set *remove_production* option to *true* in *secret-keeper.yml*:
19
+
20
+ ```
21
+ options:
22
+ remove_production: false
23
+ ```
24
+
15
25
  ## Usage
16
26
  setup files need to be encrypted in config/secret-keeper.yml
17
27
 
@@ -19,6 +29,10 @@ setup files need to be encrypted in config/secret-keeper.yml
19
29
  development:
20
30
  ev_name: SECRET_KEEPER
21
31
  cipher: AES-256-CBC
32
+ options:
33
+ slience: false
34
+ remove_production: false
35
+ remove_source: false
22
36
  tasks:
23
37
  -
24
38
  encrypt_from: example/database.yml
@@ -55,16 +69,18 @@ decrypt files based on your tasks defined in config/secret-keeper.yml
55
69
  # * example/secrets.yml.enc --> example/secrets.yml, ok
56
70
  # Done!
57
71
 
58
- decrypt files and remove production configs
59
-
60
- irb> production? = true
61
- irb> SecretKeeper.decrypt_files(production?)
62
- # Decrypting... (production config removed)
63
- # * example/database.yml.enc --> example/database.yml, ok
64
- # * example/secrets.yml.enc --> example/secrets.yml, ok
65
- # Done!
66
-
67
72
  ## Available Ciphers
68
73
 
69
74
  irb> require 'openssl'
70
75
  irb> OpenSSL::Cipher.ciphers
76
+
77
+ ## Options
78
+
79
+ * slience
80
+ When this option set to *true*, the tasks will run in slience mode. Messages will not show no screen. Default is *false*.
81
+
82
+ * remove_production
83
+ When this option set to *true*, the *production* settings in the decrypted files will be removed after the decryption task. Default is *false*.
84
+
85
+ * remove_source
86
+ When this option set to *true*, the source file will be removed after either encrypt or decrypt tasks. Default is *false*.
data/lib/secret-keeper.rb CHANGED
@@ -2,27 +2,37 @@ require 'openssl'
2
2
  require 'yaml'
3
3
 
4
4
  class SecretKeeper
5
+ attr_reader :tasks, :options
6
+
5
7
  def self.encrypt_files
8
+ printer = ['Encrypting...']
6
9
  sk = SecretKeeper.new
7
- puts 'Encrypting...' unless sk.slience
10
+ printer << '(production config removed)' if sk.options['remove_production']
11
+ printer << '(source files removed)' if sk.options['remove_source']
8
12
  ok_queue = []
9
13
  sk.tasks.each do |task|
10
- from = task['encrypt_from']
14
+ from = File.exists?(task['encrypt_from']) ? task['encrypt_from'] : task['decrypt_to']
11
15
  to = task['encrypt_to']
12
16
 
13
17
  result = sk.encrypt_file(from, to)
18
+ if result == :ok
19
+ result = sk.remove_file(from) if sk.options['remove_source']
20
+ end
21
+
14
22
  ok_queue << result if result == :ok
15
- puts " * #{from} --> #{to}, #{result}" unless sk.slience
23
+ printer << " * #{from} --> #{to}, #{result}"
16
24
  end
17
25
  success = ok_queue.count == sk.tasks.count
18
- puts success ? 'Done!' : 'Failed!' unless sk.slience
26
+ printer << (success ? 'Done!' : 'Failed!')
27
+ printer.each{ |row| puts row } unless sk.options['slience']
19
28
  success
20
29
  end
21
30
 
22
- def self.decrypt_files(remove_production=false)
31
+ def self.decrypt_files
32
+ printer = ['Decrypting...']
23
33
  sk = SecretKeeper.new
24
- print 'Decrypting...' unless sk.slience
25
- puts remove_production ? '(production config removed)' : nil unless sk.slience
34
+ printer << '(production config removed)' if sk.options['remove_production']
35
+ printer << '(source files removed)' if sk.options['remove_source']
26
36
 
27
37
  ok_queue = []
28
38
  sk.tasks.each do |task|
@@ -30,16 +40,17 @@ class SecretKeeper
30
40
  to = task['decrypt_to'] || task['encrypt_from']
31
41
 
32
42
  result = sk.decrypt_file(from, to)
33
-
34
- if result == :ok && remove_production
35
- result = sk.remove_production_config(to)
43
+ if result == :ok
44
+ result = sk.remove_production_config(to) if sk.options['remove_production']
45
+ result = sk.remove_file(from) if sk.options['remove_source']
36
46
  end
37
47
 
38
48
  ok_queue << result if result == :ok
39
- puts " * #{from} --> #{to}, #{result}" unless sk.slience
49
+ printer << " * #{from} --> #{to}, #{result}"
40
50
  end
41
51
  success = ok_queue.count == sk.tasks.count
42
- puts success ? 'Done!' : 'Failed!' unless sk.slience
52
+ printer << (success ? 'Done!' : 'Failed!')
53
+ printer.each{ |row| puts row } unless sk.options['slience']
43
54
  success
44
55
  end
45
56
 
@@ -56,15 +67,7 @@ class SecretKeeper
56
67
  @using_cipher = OpenSSL::Cipher.new(config['cipher'] || 'AES-256-CBC')
57
68
  @cipher_key = Digest::SHA2.hexdigest(ENV[ev_name])[0...@using_cipher.key_len]
58
69
 
59
- @slience = config['slience'] || false
60
- end
61
-
62
- def tasks
63
- @tasks
64
- end
65
-
66
- def slience
67
- @slience
70
+ @options = config['options']
68
71
  end
69
72
 
70
73
  def encrypt_file(from_file, to_file)
@@ -93,6 +96,13 @@ class SecretKeeper
93
96
  e
94
97
  end
95
98
 
99
+ def remove_file(file_path)
100
+ File.delete(file_path)
101
+ :ok
102
+ rescue => e
103
+ e
104
+ end
105
+
96
106
  private
97
107
 
98
108
  def encrypt(data)
data/spec/secret-keeper_spec.rb CHANGED
@@ -1,6 +1,12 @@
1
1
  describe SecretKeeper do
2
2
  before(:each) do
3
3
  ENV['SECRET_KEEPER'] = 'PASSWORD_HERE'
4
+ FileUtils.copy_entry('./example', './example_backup')
5
+ end
6
+
7
+ after(:each) do
8
+ FileUtils.rm_r('./example')
9
+ FileUtils.mv('./example_backup', './example')
4
10
  end
5
11
 
6
12
  describe '.encrypt_files' do
@@ -8,6 +14,24 @@ describe SecretKeeper do
8
14
  result = SecretKeeper.encrypt_files
9
15
  expect(result).to eq(true)
10
16
  end
17
+
18
+ it 'should return true on remove_source true' do
19
+ options = {
20
+ 'slience' => true,
21
+ 'remove_production' => false,
22
+ 'remove_source' => true
23
+ }
24
+ allow_any_instance_of(SecretKeeper).to receive(:options).and_return(options)
25
+
26
+ result = SecretKeeper.encrypt_files
27
+ expect(result).to eq(true)
28
+ SecretKeeper.new.tasks.each do |task|
29
+ source_file = task['encrypt_from']
30
+ target_file = task['encrypt_to']
31
+ expect(File.exists?(source_file)).to eq(false)
32
+ expect(File.exists?(target_file)).to eq(true)
33
+ end
34
+ end
11
35
  end
12
36
 
13
37
  describe '.decrypt_files' do
@@ -19,12 +43,58 @@ describe SecretKeeper do
19
43
  expect(hash['production']['secret_key_base']).to eq('339f639f4fe35c5ffaa47ace973260b12e51b0b4fe1f65effd283a5f054f47594b24bd565779e351a20dfd4ada4f777958f0417b305c06cdedbde392b8e1fd07')
20
44
  end
21
45
 
22
- it 'should return true on remove_production true' do
23
- result = SecretKeeper.decrypt_files(ENV['RAILS_ENV'] != 'production')
46
+ it 'should return true on remove_production true and remove_source false' do
47
+ options = {
48
+ 'slience' => true,
49
+ 'remove_production' => true,
50
+ 'remove_source' => false
51
+ }
52
+ allow_any_instance_of(SecretKeeper).to receive(:options).and_return(options)
53
+
54
+ result = SecretKeeper.decrypt_files
55
+ expect(result).to eq(true)
56
+ hash = YAML.load_file('example/secrets.yml')
57
+ expect(hash['development']['secret_key_base']).to eq('e8310af93d52f174f475940c41fbfb90417b300ebc19e1b24bd5639f4fe35c5ffaa5775a347ace9732958f656a47f6bb8e1fd0760b12e51b0b4fe1f65ef0a1d6')
58
+ expect(hash['production']).to be_nil
59
+ end
60
+
61
+ it 'should return true on remove_production false and remove_source true' do
62
+ options = {
63
+ 'slience' => true,
64
+ 'remove_production' => false,
65
+ 'remove_source' => true
66
+ }
67
+ allow_any_instance_of(SecretKeeper).to receive(:options).and_return(options)
68
+
69
+ result = SecretKeeper.decrypt_files
70
+ expect(result).to eq(true)
71
+ SecretKeeper.new.tasks.each do |task|
72
+ source_file = task['decrypt_from'] || task['encrypt_to']
73
+ target_file = task['decrypt_to'] || task['encrypt_from']
74
+ expect(File.exists?(source_file)).to eq(false)
75
+ expect(File.exists?(target_file)).to eq(true)
76
+ end
77
+ end
78
+
79
+ it 'should return true on remove_production true and remove_source true' do
80
+ options = {
81
+ 'slience' => true,
82
+ 'remove_production' => true,
83
+ 'remove_source' => true
84
+ }
85
+ allow_any_instance_of(SecretKeeper).to receive(:options).and_return(options)
86
+
87
+ result = SecretKeeper.decrypt_files
24
88
  expect(result).to eq(true)
25
89
  hash = YAML.load_file('example/secrets.yml')
26
90
  expect(hash['development']['secret_key_base']).to eq('e8310af93d52f174f475940c41fbfb90417b300ebc19e1b24bd5639f4fe35c5ffaa5775a347ace9732958f656a47f6bb8e1fd0760b12e51b0b4fe1f65ef0a1d6')
27
91
  expect(hash['production']).to be_nil
92
+ SecretKeeper.new.tasks.each do |task|
93
+ source_file = task['decrypt_from'] || task['encrypt_to']
94
+ target_file = task['decrypt_to'] || task['encrypt_from']
95
+ expect(File.exists?(source_file)).to eq(false)
96
+ expect(File.exists?(target_file)).to eq(true)
97
+ end
28
98
  end
29
99
 
30
100
  it 'should be false, if SECRET_KEEPER incorrect' do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secret-keeper
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 2.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ray Lee
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-02-04 00:00:00.000000000 Z
11
+ date: 2022-05-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '3.0'
19
+ version: '3.9'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '3.0'
26
+ version: '3.9'
27
27
  description: A Secret keeper
28
28
  email: ray-lee@kdanmobile.com
29
29
  executables: []
@@ -47,14 +47,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
47
47
  requirements:
48
48
  - - ">="
49
49
  - !ruby/object:Gem::Version
50
- version: 2.3.1
50
+ version: 2.7.0
51
51
  required_rubygems_version: !ruby/object:Gem::Requirement
52
52
  requirements:
53
53
  - - ">="
54
54
  - !ruby/object:Gem::Version
55
55
  version: '0'
56
56
  requirements: []
57
- rubygems_version: 3.1.4
57
+ rubygems_version: 3.2.32
58
58
  signing_key:
59
59
  specification_version: 4
60
60
  summary: Keep all your secret files within openssl