secure_credentials 0.2.1 → 0.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/rails/commands/encrypted_command.rb +201 -0
- data/lib/secure_credentials/version.rb +1 -1
- metadata +2 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: baefe8bdd2471d662ae34de970a0407e784ea6305cdb0ed4f8325a5743fecc44
|
4
|
+
data.tar.gz: e1a11e5de1a3b6c9e5d9612d28e23189bcb3bfd7250b9e2fb09a2993e9a69781
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f1cdd618b4381eea588ed2703c8b347685d4cf369853e1716fe3f1ad91048898a50571823f3d948ec2ae8b078609e854596393e7f7747e2d7696cdf1edc43c1e
|
7
|
+
data.tar.gz: 494164b9046a187d753380daba71f72038616edbd363226e9e0e91948023b4b84144f7b839a29e2c3094c48b9cd024df616530fccf74d52eecd61547cd8ddfd1
|
data/CHANGELOG.md
CHANGED
@@ -0,0 +1,201 @@
|
|
1
|
+
# Backport of encrypted:edit command from Rails 5.2 to Rails 5.1.
|
2
|
+
|
3
|
+
if Gem::Version.new(ActiveSupport::VERSION::STRING) >= Gem::Version.new('5.2')
|
4
|
+
raise 'This file should not be required with your rails version. Please file an issue.'
|
5
|
+
end
|
6
|
+
|
7
|
+
# rubocop:disable all
|
8
|
+
|
9
|
+
module Rails
|
10
|
+
module Command
|
11
|
+
module Helpers
|
12
|
+
module Editor
|
13
|
+
private
|
14
|
+
def ensure_editor_available(command:)
|
15
|
+
if ENV["EDITOR"].to_s.empty?
|
16
|
+
say "No $EDITOR to open file in. Assign one like this:"
|
17
|
+
say ""
|
18
|
+
say %(EDITOR="mate --wait" #{command})
|
19
|
+
say ""
|
20
|
+
say "For editors that fork and exit immediately, it's important to pass a wait flag,"
|
21
|
+
say "otherwise the credentials will be saved immediately with no chance to edit."
|
22
|
+
|
23
|
+
false
|
24
|
+
else
|
25
|
+
true
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
def catch_editing_exceptions
|
30
|
+
yield
|
31
|
+
rescue Interrupt
|
32
|
+
say "Aborted changing file: nothing saved."
|
33
|
+
rescue ActiveSupport::EncryptedFile::MissingKeyError => error
|
34
|
+
say error.message
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
module Rails
|
42
|
+
module Command
|
43
|
+
class EncryptedCommand < Rails::Command::Base # :nodoc:
|
44
|
+
include Helpers::Editor
|
45
|
+
|
46
|
+
class_option :key, aliases: "-k", type: :string,
|
47
|
+
default: "config/master.key", desc: "The Rails.root relative path to the encryption key"
|
48
|
+
|
49
|
+
no_commands do
|
50
|
+
def help
|
51
|
+
say "Usage:\n #{self.class.banner}"
|
52
|
+
say ""
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
def edit(file_path)
|
57
|
+
require_application_and_environment!
|
58
|
+
encrypted = Rails.application.encrypted(file_path, key_path: options[:key])
|
59
|
+
|
60
|
+
ensure_editor_available(command: "bin/rails encrypted:edit") || (return)
|
61
|
+
ensure_encryption_key_has_been_added(options[:key]) if encrypted.key.nil?
|
62
|
+
ensure_encrypted_file_has_been_added(file_path, options[:key])
|
63
|
+
|
64
|
+
catch_editing_exceptions do
|
65
|
+
change_encrypted_file_in_system_editor(file_path, options[:key])
|
66
|
+
end
|
67
|
+
|
68
|
+
say "File encrypted and saved."
|
69
|
+
rescue ActiveSupport::MessageEncryptor::InvalidMessage
|
70
|
+
say "Couldn't decrypt #{file_path}. Perhaps you passed the wrong key?"
|
71
|
+
end
|
72
|
+
|
73
|
+
def show(file_path)
|
74
|
+
require_application_and_environment!
|
75
|
+
encrypted = Rails.application.encrypted(file_path, key_path: options[:key])
|
76
|
+
|
77
|
+
say encrypted.read.presence || missing_encrypted_message(key: encrypted.key, key_path: options[:key], file_path: file_path)
|
78
|
+
end
|
79
|
+
|
80
|
+
private
|
81
|
+
def ensure_encryption_key_has_been_added(key_path)
|
82
|
+
encryption_key_file_generator.add_key_file(key_path)
|
83
|
+
encryption_key_file_generator.ignore_key_file(key_path)
|
84
|
+
end
|
85
|
+
|
86
|
+
def ensure_encrypted_file_has_been_added(file_path, key_path)
|
87
|
+
encrypted_file_generator.add_encrypted_file_silently(file_path, key_path)
|
88
|
+
end
|
89
|
+
|
90
|
+
def change_encrypted_file_in_system_editor(file_path, key_path)
|
91
|
+
Rails.application.encrypted(file_path, key_path: key_path).change do |tmp_path|
|
92
|
+
system("#{ENV["EDITOR"]} #{tmp_path}")
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
|
97
|
+
def encryption_key_file_generator
|
98
|
+
require "rails/generators"
|
99
|
+
# require "rails/generators/rails/encryption_key_file/encryption_key_file_generator"
|
100
|
+
|
101
|
+
Rails::Generators::EncryptionKeyFileGenerator.new
|
102
|
+
end
|
103
|
+
|
104
|
+
def encrypted_file_generator
|
105
|
+
require "rails/generators"
|
106
|
+
# require "rails/generators/rails/encrypted_file/encrypted_file_generator"
|
107
|
+
|
108
|
+
Rails::Generators::EncryptedFileGenerator.new
|
109
|
+
end
|
110
|
+
|
111
|
+
def missing_encrypted_message(key:, key_path:, file_path:)
|
112
|
+
if key.nil?
|
113
|
+
"Missing '#{key_path}' to decrypt data. See bin/rails encrypted:help"
|
114
|
+
else
|
115
|
+
"File '#{file_path}' does not exist. Use bin/rails encrypted:edit #{file_path} to change that."
|
116
|
+
end
|
117
|
+
end
|
118
|
+
end
|
119
|
+
end
|
120
|
+
end
|
121
|
+
|
122
|
+
require "rails/generators"
|
123
|
+
require "rails/generators/base"
|
124
|
+
|
125
|
+
module Rails
|
126
|
+
module Generators
|
127
|
+
class EncryptedFileGenerator < Base # :nodoc:
|
128
|
+
def add_encrypted_file_silently(file_path, key_path, template = encrypted_file_template)
|
129
|
+
unless File.exist?(file_path)
|
130
|
+
setup = { content_path: file_path, key_path: key_path, env_key: "RAILS_MASTER_KEY", raise_if_missing_key: true }
|
131
|
+
ActiveSupport::EncryptedFile.new(setup).write(template)
|
132
|
+
end
|
133
|
+
end
|
134
|
+
|
135
|
+
private
|
136
|
+
def encrypted_file_template
|
137
|
+
<<-YAML.strip_heredoc
|
138
|
+
# aws:
|
139
|
+
# access_key_id: 123
|
140
|
+
# secret_access_key: 345
|
141
|
+
|
142
|
+
YAML
|
143
|
+
end
|
144
|
+
end
|
145
|
+
end
|
146
|
+
end
|
147
|
+
|
148
|
+
module Rails
|
149
|
+
module Generators
|
150
|
+
class EncryptionKeyFileGenerator < Base # :nodoc:
|
151
|
+
def add_key_file(key_path)
|
152
|
+
key_path = Pathname.new(key_path)
|
153
|
+
|
154
|
+
unless key_path.exist?
|
155
|
+
key = ActiveSupport::EncryptedFile.generate_key
|
156
|
+
|
157
|
+
log "Adding #{key_path} to store the encryption key: #{key}"
|
158
|
+
log ""
|
159
|
+
log "Save this in a password manager your team can access."
|
160
|
+
log ""
|
161
|
+
log "If you lose the key, no one, including you, can access anything encrypted with it."
|
162
|
+
|
163
|
+
log ""
|
164
|
+
add_key_file_silently(key_path, key)
|
165
|
+
log ""
|
166
|
+
end
|
167
|
+
end
|
168
|
+
|
169
|
+
def add_key_file_silently(key_path, key = nil)
|
170
|
+
create_file key_path, key || ActiveSupport::EncryptedFile.generate_key
|
171
|
+
key_path.chmod 0600
|
172
|
+
end
|
173
|
+
|
174
|
+
def ignore_key_file(key_path, ignore: key_ignore(key_path))
|
175
|
+
if File.exist?(".gitignore")
|
176
|
+
unless File.read(".gitignore").include?(ignore)
|
177
|
+
log "Ignoring #{key_path} so it won't end up in Git history:"
|
178
|
+
log ""
|
179
|
+
append_to_file ".gitignore", ignore
|
180
|
+
log ""
|
181
|
+
end
|
182
|
+
else
|
183
|
+
log "IMPORTANT: Don't commit #{key_path}. Add this to your ignore file:"
|
184
|
+
log ignore, :on_green
|
185
|
+
log ""
|
186
|
+
end
|
187
|
+
end
|
188
|
+
|
189
|
+
def ignore_key_file_silently(key_path, ignore: key_ignore(key_path))
|
190
|
+
append_to_file ".gitignore", ignore if File.exist?(".gitignore")
|
191
|
+
end
|
192
|
+
|
193
|
+
private
|
194
|
+
def key_ignore(key_path)
|
195
|
+
[ "", "/#{key_path}", "" ].join("\n")
|
196
|
+
end
|
197
|
+
end
|
198
|
+
end
|
199
|
+
end
|
200
|
+
|
201
|
+
# rubocop:enable all
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: secure_credentials
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Max Melentiev
|
@@ -75,6 +75,7 @@ files:
|
|
75
75
|
- bin/setup
|
76
76
|
- gemfiles/rails_5.1.gemfile
|
77
77
|
- gemfiles/rails_5.2.gemfile
|
78
|
+
- lib/rails/commands/encrypted_command.rb
|
78
79
|
- lib/secure_credentials.rb
|
79
80
|
- lib/secure_credentials/active_support/encrypted_file.rb
|
80
81
|
- lib/secure_credentials/credentials.rb
|