secret-keeper 1.0.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a4af085b4a020f82a80ec5e4f2995fc676c6d24497b424ccfe5788d8fa83085b
-  data.tar.gz: 4f3c88876416d7dadf20f903338827b52c03ecb1799b5b31b823d5cd484e5513
+  metadata.gz: 1a314a84c5cdc4c6ef06e417d3c638186eafdaeb522936e97c87a54f7050940a
+  data.tar.gz: 2e40a932f8d0c92aa78fea56401f4c115862c302e0c584cc8cf5f95d06faf09a
 SHA512:
-  metadata.gz: 40512c3536a8f2b8824f3d6fbf97df57e8381fb7d5f135ef3ac05771a6ca9b472e52aa1818e35d7699400b688f918b6f534895eef04ff359d4706f99bd24da37
-  data.tar.gz: 5aecafc7b60fb43bc34b46744b63761db551b44d428e7fcfdb8afd8ee74e157a51f43903f45e3f8bf925150975d5c80e999344cef824e81e01c3603591f2190e
+  metadata.gz: 877c488a822ec78ca1ef89b2f58c1461de62a866bf5625954a8cb0772af3d1ba6fb789f05802c885eb6841857d4a6e5599af18e0abe129987f13777b86de9e22
+  data.tar.gz: 3d580b41a2585c1c2977affbad1ef8ac443b20b59074ce715265b57fc2879da1a6f848702fff8dea3fbf7ca443e70a2cf21ac5d65bf71a3edf99db2267d7f8f5

data/README.md

@@ -6,65 +6,97 @@ Keep all your secret files within openssl
 
 from console
 
-    gem install secret-keeper
+```bash
+gem install secret-keeper
+```
 
 with bundler, write follwing line in your Gemfile
 
-    gem 'secret-keeper', require: false
+```bash
+gem 'secret-keeper', require: false
+```
+
+## Upgrade from v1 to v2
+
+The *remove_production* parameter of *decrypt_files* has been removed after version 2.0.0.
+If you wants to remove *production* settings after decrypt files, you can set *remove_production* option to *true* in *secret-keeper.yml*:
+
+```yaml
+options:
+  remove_production: false
+```
 
 ## Usage
 setup files need to be encrypted in config/secret-keeper.yml
 
-    # config/secret-keeper.yml example
-    development:
-      ev_name: SECRET_KEEPER
-      cipher: AES-256-CBC
-      tasks:
-        -
-          encrypt_from: example/database.yml
-          encrypt_to: example/database.yml.enc
-          # decrypt_from: example/database.yml.enc
-          # decrypt_to: example/database.yml
-        -
-          encrypt_from: example/secrets_from_other_source.yml
-          encrypt_to: example/secrets.yml.enc
-          # decrypt_from: example/secrets.yml.enc
-          decrypt_to: example/secrets.yml
+```yaml
+# config/secret-keeper.yml example
+development:
+  ev_name: SECRET_KEEPER
+  cipher: AES-256-CBC
+  options:
+    slience: false
+    remove_production: false
+    remove_source: false
+  tasks:
+    -
+      encrypt_from: example/database.yml
+      encrypt_to: example/database.yml.enc
+      # decrypt_from: example/database.yml.enc
+      # decrypt_to: example/database.yml
+    -
+      encrypt_from: example/secrets_from_other_source.yml
+      encrypt_to: example/secrets.yml.enc
+      # decrypt_from: example/secrets.yml.enc
+      decrypt_to: example/secrets.yml
+```
 
 using environment variable SECRET_KEEPER to be your key of cipher
 
-    $> SECRET_KEEPER=[YOUR-CIPHER-KEY-HERE] irb
+```bash
+$> SECRET_KEEPER=[YOUR-CIPHER-KEY-HERE] irb
+```
 
 require on demand
 
-    irb> require 'secret-keeper'
+```bash
+irb> require 'secret-keeper'
+```
 
 encrypt files based on your tasks defined in config/secret-keeper.yml
 
-    irb> SecretKeeper.encrypt_files
-    # Encrypting...
-    #   * example/database.yml --> example/database.yml.enc, ok
-    #   * example/secrets.yml --> example/secrets.yml.enc, ok
-    # Done!
+```bash
+irb> SecretKeeper.encrypt_files
+# Encrypting...
+#   * example/database.yml --> example/database.yml.enc, ok
+#   * example/secrets.yml --> example/secrets.yml.enc, ok
+# Done!
+```
 
 decrypt files based on your tasks defined in config/secret-keeper.yml
 
-    irb> SecretKeeper.decrypt_files
-    # Decrypting...
-    #   * example/database.yml.enc --> example/database.yml, ok
-    #   * example/secrets.yml.enc --> example/secrets.yml, ok
-    # Done!
+```bash
+irb> SecretKeeper.decrypt_files
+# Decrypting...
+#   * example/database.yml.enc --> example/database.yml, ok
+#   * example/secrets.yml.enc --> example/secrets.yml, ok
+# Done!
+```
 
-decrypt files and remove production configs
+## Available Ciphers
 
-    irb> production? = true
-    irb> SecretKeeper.decrypt_files(production?)
-    # Decrypting... (production config removed)
-    #   * example/database.yml.enc --> example/database.yml, ok
-    #   * example/secrets.yml.enc --> example/secrets.yml, ok
-    # Done!
+```bash
+irb> require 'openssl'
+irb> OpenSSL::Cipher.ciphers
+```
 
-## Available Ciphers
+## Options
+
+* slience
+When this option set to *true*, the tasks will run in slience mode. Messages will not show no screen. Default is *false*.
+
+* remove_production
+When this option set to *true*, the *production* settings in the decrypted files will be removed after the decryption task. Default is *false*.
 
-    irb> require 'openssl'
-    irb> OpenSSL::Cipher.ciphers
+* remove_source
+When this option set to *true*, the source file will be removed after either encrypt or decrypt tasks. Default is *false*.

data/lib/secret-keeper.rb

@@ -2,27 +2,37 @@ require 'openssl'
 require 'yaml'
 
 class SecretKeeper
+  attr_reader :tasks, :options
+
   def self.encrypt_files
+    printer = ['Encrypting...']
     sk = SecretKeeper.new
-    puts 'Encrypting...' unless sk.slience
+    printer << '(production config removed)' if sk.options['remove_production']
+    printer << '(source files removed)' if sk.options['remove_source']
     ok_queue = []
     sk.tasks.each do |task|
-      from = task['encrypt_from']
+      from = File.exist?(task['encrypt_from']) ? task['encrypt_from'] : task['decrypt_to']
       to = task['encrypt_to']
 
       result = sk.encrypt_file(from, to)
+      if result == :ok
+        result = sk.remove_file(from) if sk.options['remove_source']
+      end
+
       ok_queue << result if result == :ok
-      puts "  * #{from} --> #{to}, #{result}" unless sk.slience
+      printer << "  * #{from} --> #{to}, #{result}"
     end
     success = ok_queue.count == sk.tasks.count
-    puts success ? 'Done!' : 'Failed!' unless sk.slience
+    printer << (success ? 'Done!' : 'Failed!')
+    printer.each{ |row| puts row } unless sk.options['slience']
     success
   end
 
-  def self.decrypt_files(remove_production=false)
+  def self.decrypt_files
+    printer = ['Decrypting...']
     sk = SecretKeeper.new
-    print 'Decrypting...' unless sk.slience
-    puts remove_production ? '(production config removed)' : nil unless sk.slience
+    printer << '(production config removed)' if sk.options['remove_production']
+    printer << '(source files removed)' if sk.options['remove_source']
 
     ok_queue = []
     sk.tasks.each do |task|
@@ -30,16 +40,17 @@ class SecretKeeper
       to = task['decrypt_to'] || task['encrypt_from']
 
       result = sk.decrypt_file(from, to)
-
-      if result == :ok && remove_production
-        result = sk.remove_production_config(to)
+      if result == :ok
+        result = sk.remove_production_config(to) if sk.options['remove_production']
+        result = sk.remove_file(from) if sk.options['remove_source']
       end
 
       ok_queue << result if result == :ok
-      puts "  * #{from} --> #{to}, #{result}" unless sk.slience
+      printer << "  * #{from} --> #{to}, #{result}"
     end
     success = ok_queue.count == sk.tasks.count
-    puts success ? 'Done!' : 'Failed!' unless sk.slience
+    printer << (success ? 'Done!' : 'Failed!')
+    printer.each{ |row| puts row } unless sk.options['slience']
     success
   end
 
@@ -47,8 +58,12 @@ class SecretKeeper
     env = ENV['RAILS_ENV'] || 'development'
     string = File.open('config/secret-keeper.yml', 'rb') { |f| f.read }
     fail 'config/secret-keeper.yml not existed nor not readable' if string.nil?
-    config = YAML.load(string)[env]
-    fail 'config/secret-keeper.yml incorrect or environment not exist' if config.nil?
+    begin
+      config = YAML.load(string, aliases: true)[env] || {}
+    rescue ArgumentError
+      config = YAML.load(string)[env] || {}
+    end
+    fail 'config/secret-keeper.yml incorrect or environment not exist' if config.nil? || config.empty?
     ev_name = config['ev_name'] || 'SECRET_KEEPER'
     fail "environment variable #{ev_name} not exist" if ENV[ev_name].nil?
 
@@ -56,15 +71,7 @@ class SecretKeeper
     @using_cipher = OpenSSL::Cipher.new(config['cipher'] || 'AES-256-CBC')
     @cipher_key = Digest::SHA2.hexdigest(ENV[ev_name])[0...@using_cipher.key_len]
 
-    @slience = config['slience'] || false
-  end
-
-  def tasks
-    @tasks
-  end
-
-  def slience
-    @slience
+    @options = config['options']
   end
 
   def encrypt_file(from_file, to_file)
@@ -85,7 +92,11 @@ class SecretKeeper
 
   def remove_production_config(file_path)
     return :ok unless file_path =~ /\.yml/
-    hash = YAML.load_file(file_path)
+    begin
+      hash = YAML.load_file(file_path, aliases: true)
+    rescue ArgumentError
+      hash = YAML.load_file(file_path)
+    end
     hash.delete('production')
     File.write(file_path, YAML.dump(hash))
     :ok
@@ -93,6 +104,13 @@ class SecretKeeper
     e
   end
 
+  def remove_file(file_path)
+    File.delete(file_path)
+    :ok
+  rescue => e
+    e
+  end
+
   private
 
   def encrypt(data)

data/spec/secret-keeper_spec.rb

@@ -1,6 +1,12 @@
 describe SecretKeeper do
   before(:each) do
     ENV['SECRET_KEEPER'] = 'PASSWORD_HERE'
+    FileUtils.copy_entry('./example', './example_backup')
+  end
+
+  after(:each) do
+    FileUtils.rm_r('./example')
+    FileUtils.mv('./example_backup', './example')
   end
 
   describe '.encrypt_files' do
@@ -8,23 +14,91 @@ describe SecretKeeper do
       result = SecretKeeper.encrypt_files
       expect(result).to eq(true)
     end
+
+    it 'should return true on remove_source true' do
+      options = {
+        'slience' => true,
+        'remove_production' => false,
+        'remove_source' => true
+      }
+      allow_any_instance_of(SecretKeeper).to receive(:options).and_return(options)
+
+      result = SecretKeeper.encrypt_files
+      expect(result).to eq(true)
+      SecretKeeper.new.tasks.each do |task|
+        source_file = task['encrypt_from']
+        target_file = task['encrypt_to']
+        expect(File.exist?(source_file)).to eq(false)
+        expect(File.exist?(target_file)).to eq(true)
+      end
+    end
   end
 
   describe '.decrypt_files' do
     it 'should return true' do
       result = SecretKeeper.decrypt_files
       expect(result).to eq(true)
-      hash = YAML.load_file('example/secrets.yml')
+      begin
+        hash = YAML.load_file('example/secrets.yml', aliases: true)
+      rescue ArgumentError
+        hash = YAML.load_file('example/secrets.yml')
+      end
       expect(hash['development']['secret_key_base']).to eq('e8310af93d52f174f475940c41fbfb90417b300ebc19e1b24bd5639f4fe35c5ffaa5775a347ace9732958f656a47f6bb8e1fd0760b12e51b0b4fe1f65ef0a1d6')
       expect(hash['production']['secret_key_base']).to eq('339f639f4fe35c5ffaa47ace973260b12e51b0b4fe1f65effd283a5f054f47594b24bd565779e351a20dfd4ada4f777958f0417b305c06cdedbde392b8e1fd07')
     end
 
-    it 'should return true on remove_production true' do
-      result = SecretKeeper.decrypt_files(ENV['RAILS_ENV'] != 'production')
+    it 'should return true on remove_production true and remove_source false' do
+      options = {
+        'slience' => true,
+        'remove_production' => true,
+        'remove_source' => false
+      }
+      allow_any_instance_of(SecretKeeper).to receive(:options).and_return(options)
+
+      result = SecretKeeper.decrypt_files
+      expect(result).to eq(true)
+      hash = YAML.load_file('example/secrets.yml')
+      expect(hash['development']['secret_key_base']).to eq('e8310af93d52f174f475940c41fbfb90417b300ebc19e1b24bd5639f4fe35c5ffaa5775a347ace9732958f656a47f6bb8e1fd0760b12e51b0b4fe1f65ef0a1d6')
+      expect(hash['production']).to be_nil
+    end
+
+    it 'should return true on remove_production false and remove_source true' do
+      options = {
+        'slience' => true,
+        'remove_production' => false,
+        'remove_source' => true
+      }
+      allow_any_instance_of(SecretKeeper).to receive(:options).and_return(options)
+
+      result = SecretKeeper.decrypt_files
+      expect(result).to eq(true)
+      SecretKeeper.new.tasks.each do |task|
+        source_file = task['decrypt_from'] || task['encrypt_to']
+        target_file = task['decrypt_to'] || task['encrypt_from']
+        expect(File.exist?(source_file)).to eq(false)
+        expect(File.exist?(target_file)).to eq(true)
+      end
+    end
+
+    it 'should return true on remove_production true and remove_source true' do
+      options = {
+        'slience' => true,
+        'remove_production' => true,
+        'remove_source' => true
+      }
+      allow_any_instance_of(SecretKeeper).to receive(:options).and_return(options)
+
+      result = SecretKeeper.decrypt_files
       expect(result).to eq(true)
       hash = YAML.load_file('example/secrets.yml')
       expect(hash['development']['secret_key_base']).to eq('e8310af93d52f174f475940c41fbfb90417b300ebc19e1b24bd5639f4fe35c5ffaa5775a347ace9732958f656a47f6bb8e1fd0760b12e51b0b4fe1f65ef0a1d6')
       expect(hash['production']).to be_nil
+      SecretKeeper.new.tasks.each do |task|
+        source_file = task['decrypt_from'] || task['encrypt_to']
+        target_file = task['decrypt_to'] || task['encrypt_from']
+        expect(File.exist?(source_file)).to eq(false)
+        expect(File.exist?(target_file)).to eq(true)
+      end
     end
 
     it 'should be false, if SECRET_KEEPER incorrect' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: secret-keeper
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 2.0.1
 platform: ruby
 authors:
 - Ray Lee
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-02-04 00:00:00.000000000 Z
+date: 2023-05-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.9'
 description: A Secret keeper
 email: ray-lee@kdanmobile.com
 executables: []
@@ -37,7 +37,9 @@ files:
 homepage: https://github.com/kdan-mobile-software-ltd/secret-keeper
 licenses:
 - MIT
-metadata: {}
+metadata:
+  source_code_uri: https://github.com/kdan-mobile-software-ltd/secret-keeper
+  changelog_uri: https://github.com/kdan-mobile-software-ltd/secret-keeper/blob/master/CHANGELOG.md
 post_install_message: 
 rdoc_options:
 - "--charset=UTF-8"
@@ -47,14 +49,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.1
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.4.10
 signing_key: 
 specification_version: 4
 summary: Keep all your secret files within openssl