secret-keeper 2.0.0 → 2.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +54 -38
- data/lib/secret-keeper.rb +12 -4
- data/spec/secret-keeper_spec.rb +11 -7
- metadata +6 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1a314a84c5cdc4c6ef06e417d3c638186eafdaeb522936e97c87a54f7050940a
|
4
|
+
data.tar.gz: 2e40a932f8d0c92aa78fea56401f4c115862c302e0c584cc8cf5f95d06faf09a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 877c488a822ec78ca1ef89b2f58c1461de62a866bf5625954a8cb0772af3d1ba6fb789f05802c885eb6841857d4a6e5599af18e0abe129987f13777b86de9e22
|
7
|
+
data.tar.gz: 3d580b41a2585c1c2977affbad1ef8ac443b20b59074ce715265b57fc2879da1a6f848702fff8dea3fbf7ca443e70a2cf21ac5d65bf71a3edf99db2267d7f8f5
|
data/README.md
CHANGED
@@ -6,73 +6,89 @@ Keep all your secret files within openssl
|
|
6
6
|
|
7
7
|
from console
|
8
8
|
|
9
|
-
|
9
|
+
```bash
|
10
|
+
gem install secret-keeper
|
11
|
+
```
|
10
12
|
|
11
13
|
with bundler, write follwing line in your Gemfile
|
12
14
|
|
13
|
-
|
15
|
+
```bash
|
16
|
+
gem 'secret-keeper', require: false
|
17
|
+
```
|
14
18
|
|
15
19
|
## Upgrade from v1 to v2
|
16
20
|
|
17
21
|
The *remove_production* parameter of *decrypt_files* has been removed after version 2.0.0.
|
18
22
|
If you wants to remove *production* settings after decrypt files, you can set *remove_production* option to *true* in *secret-keeper.yml*:
|
19
23
|
|
20
|
-
```
|
21
|
-
|
22
|
-
|
24
|
+
```yaml
|
25
|
+
options:
|
26
|
+
remove_production: false
|
23
27
|
```
|
24
28
|
|
25
29
|
## Usage
|
26
30
|
setup files need to be encrypted in config/secret-keeper.yml
|
27
31
|
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
32
|
+
```yaml
|
33
|
+
# config/secret-keeper.yml example
|
34
|
+
development:
|
35
|
+
ev_name: SECRET_KEEPER
|
36
|
+
cipher: AES-256-CBC
|
37
|
+
options:
|
38
|
+
slience: false
|
39
|
+
remove_production: false
|
40
|
+
remove_source: false
|
41
|
+
tasks:
|
42
|
+
-
|
43
|
+
encrypt_from: example/database.yml
|
44
|
+
encrypt_to: example/database.yml.enc
|
45
|
+
# decrypt_from: example/database.yml.enc
|
46
|
+
# decrypt_to: example/database.yml
|
47
|
+
-
|
48
|
+
encrypt_from: example/secrets_from_other_source.yml
|
49
|
+
encrypt_to: example/secrets.yml.enc
|
50
|
+
# decrypt_from: example/secrets.yml.enc
|
51
|
+
decrypt_to: example/secrets.yml
|
52
|
+
```
|
47
53
|
|
48
54
|
using environment variable SECRET_KEEPER to be your key of cipher
|
49
55
|
|
50
|
-
|
56
|
+
```bash
|
57
|
+
$> SECRET_KEEPER=[YOUR-CIPHER-KEY-HERE] irb
|
58
|
+
```
|
51
59
|
|
52
60
|
require on demand
|
53
61
|
|
54
|
-
|
62
|
+
```bash
|
63
|
+
irb> require 'secret-keeper'
|
64
|
+
```
|
55
65
|
|
56
66
|
encrypt files based on your tasks defined in config/secret-keeper.yml
|
57
67
|
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
68
|
+
```bash
|
69
|
+
irb> SecretKeeper.encrypt_files
|
70
|
+
# Encrypting...
|
71
|
+
# * example/database.yml --> example/database.yml.enc, ok
|
72
|
+
# * example/secrets.yml --> example/secrets.yml.enc, ok
|
73
|
+
# Done!
|
74
|
+
```
|
63
75
|
|
64
76
|
decrypt files based on your tasks defined in config/secret-keeper.yml
|
65
77
|
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
78
|
+
```bash
|
79
|
+
irb> SecretKeeper.decrypt_files
|
80
|
+
# Decrypting...
|
81
|
+
# * example/database.yml.enc --> example/database.yml, ok
|
82
|
+
# * example/secrets.yml.enc --> example/secrets.yml, ok
|
83
|
+
# Done!
|
84
|
+
```
|
71
85
|
|
72
86
|
## Available Ciphers
|
73
87
|
|
74
|
-
|
75
|
-
|
88
|
+
```bash
|
89
|
+
irb> require 'openssl'
|
90
|
+
irb> OpenSSL::Cipher.ciphers
|
91
|
+
```
|
76
92
|
|
77
93
|
## Options
|
78
94
|
|
data/lib/secret-keeper.rb
CHANGED
@@ -11,7 +11,7 @@ class SecretKeeper
|
|
11
11
|
printer << '(source files removed)' if sk.options['remove_source']
|
12
12
|
ok_queue = []
|
13
13
|
sk.tasks.each do |task|
|
14
|
-
from = File.
|
14
|
+
from = File.exist?(task['encrypt_from']) ? task['encrypt_from'] : task['decrypt_to']
|
15
15
|
to = task['encrypt_to']
|
16
16
|
|
17
17
|
result = sk.encrypt_file(from, to)
|
@@ -58,8 +58,12 @@ class SecretKeeper
|
|
58
58
|
env = ENV['RAILS_ENV'] || 'development'
|
59
59
|
string = File.open('config/secret-keeper.yml', 'rb') { |f| f.read }
|
60
60
|
fail 'config/secret-keeper.yml not existed nor not readable' if string.nil?
|
61
|
-
|
62
|
-
|
61
|
+
begin
|
62
|
+
config = YAML.load(string, aliases: true)[env] || {}
|
63
|
+
rescue ArgumentError
|
64
|
+
config = YAML.load(string)[env] || {}
|
65
|
+
end
|
66
|
+
fail 'config/secret-keeper.yml incorrect or environment not exist' if config.nil? || config.empty?
|
63
67
|
ev_name = config['ev_name'] || 'SECRET_KEEPER'
|
64
68
|
fail "environment variable #{ev_name} not exist" if ENV[ev_name].nil?
|
65
69
|
|
@@ -88,7 +92,11 @@ class SecretKeeper
|
|
88
92
|
|
89
93
|
def remove_production_config(file_path)
|
90
94
|
return :ok unless file_path =~ /\.yml/
|
91
|
-
|
95
|
+
begin
|
96
|
+
hash = YAML.load_file(file_path, aliases: true)
|
97
|
+
rescue ArgumentError
|
98
|
+
hash = YAML.load_file(file_path)
|
99
|
+
end
|
92
100
|
hash.delete('production')
|
93
101
|
File.write(file_path, YAML.dump(hash))
|
94
102
|
:ok
|
data/spec/secret-keeper_spec.rb
CHANGED
@@ -28,8 +28,8 @@ describe SecretKeeper do
|
|
28
28
|
SecretKeeper.new.tasks.each do |task|
|
29
29
|
source_file = task['encrypt_from']
|
30
30
|
target_file = task['encrypt_to']
|
31
|
-
expect(File.
|
32
|
-
expect(File.
|
31
|
+
expect(File.exist?(source_file)).to eq(false)
|
32
|
+
expect(File.exist?(target_file)).to eq(true)
|
33
33
|
end
|
34
34
|
end
|
35
35
|
end
|
@@ -38,7 +38,11 @@ describe SecretKeeper do
|
|
38
38
|
it 'should return true' do
|
39
39
|
result = SecretKeeper.decrypt_files
|
40
40
|
expect(result).to eq(true)
|
41
|
-
|
41
|
+
begin
|
42
|
+
hash = YAML.load_file('example/secrets.yml', aliases: true)
|
43
|
+
rescue ArgumentError
|
44
|
+
hash = YAML.load_file('example/secrets.yml')
|
45
|
+
end
|
42
46
|
expect(hash['development']['secret_key_base']).to eq('e8310af93d52f174f475940c41fbfb90417b300ebc19e1b24bd5639f4fe35c5ffaa5775a347ace9732958f656a47f6bb8e1fd0760b12e51b0b4fe1f65ef0a1d6')
|
43
47
|
expect(hash['production']['secret_key_base']).to eq('339f639f4fe35c5ffaa47ace973260b12e51b0b4fe1f65effd283a5f054f47594b24bd565779e351a20dfd4ada4f777958f0417b305c06cdedbde392b8e1fd07')
|
44
48
|
end
|
@@ -71,8 +75,8 @@ describe SecretKeeper do
|
|
71
75
|
SecretKeeper.new.tasks.each do |task|
|
72
76
|
source_file = task['decrypt_from'] || task['encrypt_to']
|
73
77
|
target_file = task['decrypt_to'] || task['encrypt_from']
|
74
|
-
expect(File.
|
75
|
-
expect(File.
|
78
|
+
expect(File.exist?(source_file)).to eq(false)
|
79
|
+
expect(File.exist?(target_file)).to eq(true)
|
76
80
|
end
|
77
81
|
end
|
78
82
|
|
@@ -92,8 +96,8 @@ describe SecretKeeper do
|
|
92
96
|
SecretKeeper.new.tasks.each do |task|
|
93
97
|
source_file = task['decrypt_from'] || task['encrypt_to']
|
94
98
|
target_file = task['decrypt_to'] || task['encrypt_from']
|
95
|
-
expect(File.
|
96
|
-
expect(File.
|
99
|
+
expect(File.exist?(source_file)).to eq(false)
|
100
|
+
expect(File.exist?(target_file)).to eq(true)
|
97
101
|
end
|
98
102
|
end
|
99
103
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: secret-keeper
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ray Lee
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-05-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rspec
|
@@ -37,7 +37,9 @@ files:
|
|
37
37
|
homepage: https://github.com/kdan-mobile-software-ltd/secret-keeper
|
38
38
|
licenses:
|
39
39
|
- MIT
|
40
|
-
metadata:
|
40
|
+
metadata:
|
41
|
+
source_code_uri: https://github.com/kdan-mobile-software-ltd/secret-keeper
|
42
|
+
changelog_uri: https://github.com/kdan-mobile-software-ltd/secret-keeper/blob/master/CHANGELOG.md
|
41
43
|
post_install_message:
|
42
44
|
rdoc_options:
|
43
45
|
- "--charset=UTF-8"
|
@@ -54,7 +56,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
54
56
|
- !ruby/object:Gem::Version
|
55
57
|
version: '0'
|
56
58
|
requirements: []
|
57
|
-
rubygems_version: 3.
|
59
|
+
rubygems_version: 3.4.10
|
58
60
|
signing_key:
|
59
61
|
specification_version: 4
|
60
62
|
summary: Keep all your secret files within openssl
|