secret-keeper 2.0.0 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +54 -38
- data/lib/secret-keeper.rb +12 -4
- data/spec/secret-keeper_spec.rb +11 -7
- metadata +6 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1a314a84c5cdc4c6ef06e417d3c638186eafdaeb522936e97c87a54f7050940a
|
|
4
|
+
data.tar.gz: 2e40a932f8d0c92aa78fea56401f4c115862c302e0c584cc8cf5f95d06faf09a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 877c488a822ec78ca1ef89b2f58c1461de62a866bf5625954a8cb0772af3d1ba6fb789f05802c885eb6841857d4a6e5599af18e0abe129987f13777b86de9e22
|
|
7
|
+
data.tar.gz: 3d580b41a2585c1c2977affbad1ef8ac443b20b59074ce715265b57fc2879da1a6f848702fff8dea3fbf7ca443e70a2cf21ac5d65bf71a3edf99db2267d7f8f5
|
data/README.md
CHANGED
|
@@ -6,73 +6,89 @@ Keep all your secret files within openssl
|
|
|
6
6
|
|
|
7
7
|
from console
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
```bash
|
|
10
|
+
gem install secret-keeper
|
|
11
|
+
```
|
|
10
12
|
|
|
11
13
|
with bundler, write follwing line in your Gemfile
|
|
12
14
|
|
|
13
|
-
|
|
15
|
+
```bash
|
|
16
|
+
gem 'secret-keeper', require: false
|
|
17
|
+
```
|
|
14
18
|
|
|
15
19
|
## Upgrade from v1 to v2
|
|
16
20
|
|
|
17
21
|
The *remove_production* parameter of *decrypt_files* has been removed after version 2.0.0.
|
|
18
22
|
If you wants to remove *production* settings after decrypt files, you can set *remove_production* option to *true* in *secret-keeper.yml*:
|
|
19
23
|
|
|
20
|
-
```
|
|
21
|
-
|
|
22
|
-
|
|
24
|
+
```yaml
|
|
25
|
+
options:
|
|
26
|
+
remove_production: false
|
|
23
27
|
```
|
|
24
28
|
|
|
25
29
|
## Usage
|
|
26
30
|
setup files need to be encrypted in config/secret-keeper.yml
|
|
27
31
|
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
32
|
+
```yaml
|
|
33
|
+
# config/secret-keeper.yml example
|
|
34
|
+
development:
|
|
35
|
+
ev_name: SECRET_KEEPER
|
|
36
|
+
cipher: AES-256-CBC
|
|
37
|
+
options:
|
|
38
|
+
slience: false
|
|
39
|
+
remove_production: false
|
|
40
|
+
remove_source: false
|
|
41
|
+
tasks:
|
|
42
|
+
-
|
|
43
|
+
encrypt_from: example/database.yml
|
|
44
|
+
encrypt_to: example/database.yml.enc
|
|
45
|
+
# decrypt_from: example/database.yml.enc
|
|
46
|
+
# decrypt_to: example/database.yml
|
|
47
|
+
-
|
|
48
|
+
encrypt_from: example/secrets_from_other_source.yml
|
|
49
|
+
encrypt_to: example/secrets.yml.enc
|
|
50
|
+
# decrypt_from: example/secrets.yml.enc
|
|
51
|
+
decrypt_to: example/secrets.yml
|
|
52
|
+
```
|
|
47
53
|
|
|
48
54
|
using environment variable SECRET_KEEPER to be your key of cipher
|
|
49
55
|
|
|
50
|
-
|
|
56
|
+
```bash
|
|
57
|
+
$> SECRET_KEEPER=[YOUR-CIPHER-KEY-HERE] irb
|
|
58
|
+
```
|
|
51
59
|
|
|
52
60
|
require on demand
|
|
53
61
|
|
|
54
|
-
|
|
62
|
+
```bash
|
|
63
|
+
irb> require 'secret-keeper'
|
|
64
|
+
```
|
|
55
65
|
|
|
56
66
|
encrypt files based on your tasks defined in config/secret-keeper.yml
|
|
57
67
|
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
68
|
+
```bash
|
|
69
|
+
irb> SecretKeeper.encrypt_files
|
|
70
|
+
# Encrypting...
|
|
71
|
+
# * example/database.yml --> example/database.yml.enc, ok
|
|
72
|
+
# * example/secrets.yml --> example/secrets.yml.enc, ok
|
|
73
|
+
# Done!
|
|
74
|
+
```
|
|
63
75
|
|
|
64
76
|
decrypt files based on your tasks defined in config/secret-keeper.yml
|
|
65
77
|
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
78
|
+
```bash
|
|
79
|
+
irb> SecretKeeper.decrypt_files
|
|
80
|
+
# Decrypting...
|
|
81
|
+
# * example/database.yml.enc --> example/database.yml, ok
|
|
82
|
+
# * example/secrets.yml.enc --> example/secrets.yml, ok
|
|
83
|
+
# Done!
|
|
84
|
+
```
|
|
71
85
|
|
|
72
86
|
## Available Ciphers
|
|
73
87
|
|
|
74
|
-
|
|
75
|
-
|
|
88
|
+
```bash
|
|
89
|
+
irb> require 'openssl'
|
|
90
|
+
irb> OpenSSL::Cipher.ciphers
|
|
91
|
+
```
|
|
76
92
|
|
|
77
93
|
## Options
|
|
78
94
|
|
data/lib/secret-keeper.rb
CHANGED
|
@@ -11,7 +11,7 @@ class SecretKeeper
|
|
|
11
11
|
printer << '(source files removed)' if sk.options['remove_source']
|
|
12
12
|
ok_queue = []
|
|
13
13
|
sk.tasks.each do |task|
|
|
14
|
-
from = File.
|
|
14
|
+
from = File.exist?(task['encrypt_from']) ? task['encrypt_from'] : task['decrypt_to']
|
|
15
15
|
to = task['encrypt_to']
|
|
16
16
|
|
|
17
17
|
result = sk.encrypt_file(from, to)
|
|
@@ -58,8 +58,12 @@ class SecretKeeper
|
|
|
58
58
|
env = ENV['RAILS_ENV'] || 'development'
|
|
59
59
|
string = File.open('config/secret-keeper.yml', 'rb') { |f| f.read }
|
|
60
60
|
fail 'config/secret-keeper.yml not existed nor not readable' if string.nil?
|
|
61
|
-
|
|
62
|
-
|
|
61
|
+
begin
|
|
62
|
+
config = YAML.load(string, aliases: true)[env] || {}
|
|
63
|
+
rescue ArgumentError
|
|
64
|
+
config = YAML.load(string)[env] || {}
|
|
65
|
+
end
|
|
66
|
+
fail 'config/secret-keeper.yml incorrect or environment not exist' if config.nil? || config.empty?
|
|
63
67
|
ev_name = config['ev_name'] || 'SECRET_KEEPER'
|
|
64
68
|
fail "environment variable #{ev_name} not exist" if ENV[ev_name].nil?
|
|
65
69
|
|
|
@@ -88,7 +92,11 @@ class SecretKeeper
|
|
|
88
92
|
|
|
89
93
|
def remove_production_config(file_path)
|
|
90
94
|
return :ok unless file_path =~ /\.yml/
|
|
91
|
-
|
|
95
|
+
begin
|
|
96
|
+
hash = YAML.load_file(file_path, aliases: true)
|
|
97
|
+
rescue ArgumentError
|
|
98
|
+
hash = YAML.load_file(file_path)
|
|
99
|
+
end
|
|
92
100
|
hash.delete('production')
|
|
93
101
|
File.write(file_path, YAML.dump(hash))
|
|
94
102
|
:ok
|
data/spec/secret-keeper_spec.rb
CHANGED
|
@@ -28,8 +28,8 @@ describe SecretKeeper do
|
|
|
28
28
|
SecretKeeper.new.tasks.each do |task|
|
|
29
29
|
source_file = task['encrypt_from']
|
|
30
30
|
target_file = task['encrypt_to']
|
|
31
|
-
expect(File.
|
|
32
|
-
expect(File.
|
|
31
|
+
expect(File.exist?(source_file)).to eq(false)
|
|
32
|
+
expect(File.exist?(target_file)).to eq(true)
|
|
33
33
|
end
|
|
34
34
|
end
|
|
35
35
|
end
|
|
@@ -38,7 +38,11 @@ describe SecretKeeper do
|
|
|
38
38
|
it 'should return true' do
|
|
39
39
|
result = SecretKeeper.decrypt_files
|
|
40
40
|
expect(result).to eq(true)
|
|
41
|
-
|
|
41
|
+
begin
|
|
42
|
+
hash = YAML.load_file('example/secrets.yml', aliases: true)
|
|
43
|
+
rescue ArgumentError
|
|
44
|
+
hash = YAML.load_file('example/secrets.yml')
|
|
45
|
+
end
|
|
42
46
|
expect(hash['development']['secret_key_base']).to eq('e8310af93d52f174f475940c41fbfb90417b300ebc19e1b24bd5639f4fe35c5ffaa5775a347ace9732958f656a47f6bb8e1fd0760b12e51b0b4fe1f65ef0a1d6')
|
|
43
47
|
expect(hash['production']['secret_key_base']).to eq('339f639f4fe35c5ffaa47ace973260b12e51b0b4fe1f65effd283a5f054f47594b24bd565779e351a20dfd4ada4f777958f0417b305c06cdedbde392b8e1fd07')
|
|
44
48
|
end
|
|
@@ -71,8 +75,8 @@ describe SecretKeeper do
|
|
|
71
75
|
SecretKeeper.new.tasks.each do |task|
|
|
72
76
|
source_file = task['decrypt_from'] || task['encrypt_to']
|
|
73
77
|
target_file = task['decrypt_to'] || task['encrypt_from']
|
|
74
|
-
expect(File.
|
|
75
|
-
expect(File.
|
|
78
|
+
expect(File.exist?(source_file)).to eq(false)
|
|
79
|
+
expect(File.exist?(target_file)).to eq(true)
|
|
76
80
|
end
|
|
77
81
|
end
|
|
78
82
|
|
|
@@ -92,8 +96,8 @@ describe SecretKeeper do
|
|
|
92
96
|
SecretKeeper.new.tasks.each do |task|
|
|
93
97
|
source_file = task['decrypt_from'] || task['encrypt_to']
|
|
94
98
|
target_file = task['decrypt_to'] || task['encrypt_from']
|
|
95
|
-
expect(File.
|
|
96
|
-
expect(File.
|
|
99
|
+
expect(File.exist?(source_file)).to eq(false)
|
|
100
|
+
expect(File.exist?(target_file)).to eq(true)
|
|
97
101
|
end
|
|
98
102
|
end
|
|
99
103
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: secret-keeper
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ray Lee
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-05-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|
|
@@ -37,7 +37,9 @@ files:
|
|
|
37
37
|
homepage: https://github.com/kdan-mobile-software-ltd/secret-keeper
|
|
38
38
|
licenses:
|
|
39
39
|
- MIT
|
|
40
|
-
metadata:
|
|
40
|
+
metadata:
|
|
41
|
+
source_code_uri: https://github.com/kdan-mobile-software-ltd/secret-keeper
|
|
42
|
+
changelog_uri: https://github.com/kdan-mobile-software-ltd/secret-keeper/blob/master/CHANGELOG.md
|
|
41
43
|
post_install_message:
|
|
42
44
|
rdoc_options:
|
|
43
45
|
- "--charset=UTF-8"
|
|
@@ -54,7 +56,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
54
56
|
- !ruby/object:Gem::Version
|
|
55
57
|
version: '0'
|
|
56
58
|
requirements: []
|
|
57
|
-
rubygems_version: 3.
|
|
59
|
+
rubygems_version: 3.4.10
|
|
58
60
|
signing_key:
|
|
59
61
|
specification_version: 4
|
|
60
62
|
summary: Keep all your secret files within openssl
|