secure_data_bag 1.0.5 → 1.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6e857860657969144ad84d433c71517d5076133d
-  data.tar.gz: b4d2d9ebd99805b360c1fa2582b4b0b44816cd85
+  metadata.gz: 00d1848993d374b1b9cc72055cb378eda434cabe
+  data.tar.gz: 1e13eb1b536318100059af425078fda53427c2b6
 SHA512:
-  metadata.gz: ea08041ad71ebfed7d3c7278efedf4e93cfac58640d085ee93124fa0f6d2b78560c2bbf60e2a7a1e61195a40c1f3bbc7754c4897356c98c62b1ed141456c0c6b
-  data.tar.gz: 4af1de749137f618776d3d43298d9cc57cd35e25fc88f49c8531d46910cd512a232f2814e28c05843c9aabd32f9b9e89f418ef97919196a5884f13f896aa2424
+  metadata.gz: f1945a42718d9f1c9c3a72ca4e19a729b0109a4471e2b6881287a4b24108ddf435e8f6778d379e106be6f1e5754f3a34cdf57d9108ab5bfa3f692bc09d7c1e02
+  data.tar.gz: b5208299a8b4fc1ea9fe10b7bb4b008ee4c9b2d2e68ff097155a7bceb42d062f6c34bcef3aa81142ec5946ce141c61d9308fb0252da64f25d308ce06e33fd4b0

data/README.md

@@ -2,6 +2,8 @@
 
 Provides a mechanism to partially encrypt data bag items on a per-key basis which gives us the opportunity to still search for every other field.
 
+When specifying keys to encrypt, the library will recursively walk through the data bag content searching for encryption candidates.
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -23,18 +25,78 @@ For the most part, this behaves exactly like a standard DataBagItem would. Encry
 SecureDataBagItem is also built on Mash rather than Hash so you'll find it more compatible with symbol keys. 
 
 ```
-data = { id:"databag", "value":"my string" }
-item = SecureDataBagItem.from_hash(data)
-item.raw_data
-item.encoded_fields ["value"]
-item.to_hash
+> secret_key = SecureDataBagItem.load_key("/path/to/secret")
+> secret_key = nil # Load default secret
+
+> data = { id:"databag", "encoded":"my string", "unencoded":"other string" }
+
+> item = SecureDataBagItem.from_hash(data, secret_key)
+> item.raw_data # Unencoded hash with data[:encryption] added
+{ 
+  id:         "databag", 
+  encoded:    "my string",
+  unencoded:  "other string", 
+  encryption:{
+    cipher:"aes-256-cbc",
+    iv:nil,
+    encoded_fields:[] 
+  }
+}
+
+> item.to_hash
+{ 
+  id:         "databag", 
+  chef_type:  "data_bag_item",
+  data_bag:   "",
+  encoded:    "my string",
+  unencoded:  "other string", 
+  encryption:{
+    cipher:"aes-256-cbc",
+    iv:nil,
+    encoded_fields:[] 
+  }
+}
+
+> item.encode_fields ["encoded"]
+> item.to_hash # Encoded hash compatible with DataBagItem
+{ 
+  id:         "databag", 
+  chef_type:  "data_bag_item",
+  data_bag:   "",
+  encoded:    "[encoded]",
+  unencoded:  "other string", 
+  encryption:{
+    cipher:"aes-256-cbc",
+    iv:nil,
+    encoded_fields:["encoded"]
+  }
+}
+
+> item.raw_data
+{ 
+  id:         "databag", 
+  chef_type:  "data_bag_item",
+  data_bag:   "",
+  encoded:    "my string",
+  unencoded:  "other string", 
+  encryption:{
+    cipher:"aes-256-cbc",
+    iv:nil,
+    encoded_fields:[] 
+  }
+}
+
 ```
 
-By default, this will use the system wide secret file. But this can be changed.
+A few knife commands are also provided which allow you to create / edit / show / from file any DataBagItem or EncryptedDataBagItem and convert them to SecureDataBag::Item format.
 
 ```
-item.secret "/path/to/file.pem"
-item.secret "uri://path/to/file.pem"
-item.cipher "aes-256-cbc"
+knife secure bag create data_bag item
+
+knife secure bag edit data_bag item
+
+knife secure bag show data_bag item
+
+knife secure bag from file data_bag /path/to/item.json
 ```
 

data/lib/chef/dsl/data_query.rb

@@ -0,0 +1,23 @@
+
+class Chef
+  module DSL
+    module DataQuery
+      def secure_data_bag_item(bag, item)
+        DataBag.validate_name!(bag.to_s)
+        SecureDataBag::Item.validate_id!(item)
+        SecureDataBag::Item.load(bag, item)
+      rescue Exception
+        Log.error("Failed to load secure data bag item: #{bag.inspect} #{item.inspect}")
+        raise
+      end
+
+      def secure_data_bag_item!(item, fields=[])
+        secure = SecureDataBag::Item.from_item item
+        secure.encoded_fields.concat(Array(fields))
+        secure
+      end
+    end
+  end
+end
+
+

data/lib/chef/knife/secure_bag_base.rb

@@ -0,0 +1,64 @@
+
+require 'chef/knife'
+
+class Chef
+  class Knife
+    module SecureBagBase
+      def self.included(includer)
+        includer.class_eval do
+          deps do
+            require 'secure_data_bag'
+          end
+        
+          option :secret,
+            short:  "-s SECRET",
+            long:   "--secret",
+            description: "The secret key to use to encrypt data bag item values",
+            proc: Proc.new { |s| Chef::Config[:knife][:secret] = s }
+
+          option :secret_file,
+            long: "--secret-file SECRET_FILE",
+            description: "A file containing a secret key to use to encrypt data bag item values",
+            proc: Proc.new { |sf| Chef::Config[:knife][:secret_file] = sf }
+
+          option :encode_fields,
+            long: "--encode-fields FIELD1,FIELD2,FIELD3",
+            description: "List of attribute keys for which to encode values",
+            default: Array.new
+        end
+      end
+      
+      def use_encryption
+        if use_secure_databag then false
+        else
+          if @raw_data["encrypted_data"] or
+              @raw_data.reject { |k,v| k == "id" }.
+              all? { |k,v| v.key? "encrypted_data" }
+          then super
+          else false
+          end
+        end
+      end
+
+      def use_secure_databag
+        @raw_data["encryption"]
+      end
+
+      def encoded_fields_for(item)
+        [].concat(config[:encode_fields]).
+          concat(item.encode_fields).
+          uniq
+      end
+
+      def require_secret
+        if not config[:secret] and not config[:secret_file]
+          show_usage
+          ui.fatal("A secret or secret_file must be specified")
+          exit 1
+        end
+      end
+
+    end
+  end
+end
+

data/lib/chef/knife/secure_bag_create.rb

@@ -0,0 +1,72 @@
+
+require 'chef/knife/secure_bag_base'
+require 'chef/knife/data_bag_create'
+
+class Chef
+  class Knife
+    class SecureBagCreate < Knife::DataBagCreate
+      include Knife::SecureBagBase
+
+      banner "knife secure bag create BAG [ITEM] (options)"
+      category "secure bag"
+
+      def create_databag
+        begin
+          rest.post_rest("data", { name: @data_bag_name })
+          ui.info("Created data_bag[#{@data_bag_name}]")
+        rescue Net::HTTPServerException => e
+          raise unless e.to_s =~ /^409/
+          ui.info("Data bag #{@data_bag_name} already exists")
+        end
+      end
+
+      def create_databag_item
+        create_object({ id: @data_bag_item_name }, 
+                      "data_bag_item[#{@data_bag_item_name}]") do |output|
+
+          @raw_data = output
+
+          item =  if use_encryption
+                    item = Chef::EncryptedDataBagItem.
+                      encrypt_data_bag_item(output,read_secret)
+                  else
+                    output
+                  end
+
+          item = SecureDataBag::Item.from_hash(item, read_secret)
+          item.encode_fields encoded_fields_for(item)
+          item.data_bag(@data_bag_name)
+
+          rest.post_rest("data/#{@data_bag_name}", item.to_hash)
+        end
+      end
+
+      def run
+        @data_bag_name, @data_bag_item_name = @name_args
+
+        if @data_bag_name.nil?
+          show_usage
+          ui.fatal("You must specify a data bag name")
+          exit 1
+        end
+
+        require_secret
+
+        begin
+          Chef::DataBag.validate_name!(@data_bag_name)
+        rescue Chef::Exceptions::InvalidDataBagName => e
+          ui.fatal(e.message)
+          exit(1)
+        end
+
+        # create the data bag
+        create_databag
+
+        if @data_bag_item_name
+          create_databag_item
+        end
+      end
+    end
+  end
+end
+

data/lib/chef/knife/secure_bag_edit.rb

@@ -0,0 +1,48 @@
+
+require 'chef/knife/secure_bag_base'
+require 'chef/knife/data_bag_edit'
+
+class Chef
+  class Knife
+    class SecureBagEdit < Knife::DataBagEdit
+      include Knife::SecureBagBase
+
+      banner "knife secure bag edit BAG [ITEM] (options)"
+      category "secure bag"
+
+      def load_item(bag, item_name)
+        item = Chef::DataBagItem.load(bag, item_name)
+        @raw_data = item.to_hash
+
+        if use_encryption
+          item = Chef::EncryptedDataBagItem.load(item, read_secret)
+        end
+
+        item = SecureDataBag::Item.from_item(item, read_secret)
+        hash = item.to_hash(false)
+        # 
+        # Ensure that we display encoded_fields
+        # - generally this would be blank given that all fields are decrypted
+        #
+        hash[:encryption][:encoded_fields] = encoded_fields_for(item)
+        hash
+      end
+
+      def edit_item(item)
+        output = super
+
+        #
+        # Store the desired fields to encode and set to hash to unencrypted
+        # until we have created the object
+        #
+        encode_fields = output["encryption"]["encoded_fields"]
+        output["encryption"]["encoded_fields"] = []
+
+        item = SecureDataBag::Item.from_hash(output, read_secret)
+        item.encode_fields encode_fields
+        item.to_hash
+      end
+    end
+  end
+end
+

data/lib/chef/knife/secure_bag_from_file.rb

@@ -0,0 +1,56 @@
+
+require 'chef/knife/secure_bag_base'
+require 'chef/knife/data_bag_from_file'
+
+class Chef
+  class Knife
+    class SecureBagFromFile < Knife::DataBagFromFile
+      include Knife::SecureBagBase
+
+      deps do
+        require 'chef/data_bag'
+        require 'chef/data_bag_item'
+        require 'chef/knife/core/object_loader'
+        require 'chef/json_compat'
+        require 'chef/encrypted_data_bag_item'
+        require 'secure_data_bag'
+      end
+
+      banner "knife secure bag from file BAG FILE|FLDR [FILE|FLDR] (options)"
+      category "secure bag"
+
+      option :all,
+        short:  "-a",
+        long:   "--all",
+        description: "Upload all data bags or all items for specified databag"
+
+      def load_data_bag_hash(hash)
+        @raw_data = hash
+
+        if use_encryption
+          item = Chef::EncryptedDataBagItem.
+                  encrypt_data_bag_item(output, read_secret)
+        end
+
+        item = SecureDataBag::Item.from_hash(hash, read_secret)
+        item.encode_fields encoded_fields_for(item)
+        item.to_hash
+      end
+
+      def load_data_bag_items(data_bag, items=nil)
+        items ||= find_all_data_bag_items(data_bag)
+        item_paths = normalize_item_paths(items)
+        item_paths.each do |item_path|
+          item = loader.load_from("#{data_bags_path}", data_bag, item_path)
+          item = load_data_bag_hash(item)
+          dbag = Chef::DataBagItem.new
+          dbag.data_bag(data_bag)
+          dbag.raw_data = item
+          dbag.save
+          ui.info("Updated data_bag_item[#{dbag.data_bag}::#{dbag.id}]")
+        end
+      end
+    end
+  end
+end
+

data/lib/chef/knife/secure_bag_show.rb

@@ -0,0 +1,41 @@
+
+require 'chef/knife/secure_bag_base'
+require 'chef/knife/data_bag_show'
+
+class Chef
+  class Knife
+    class SecureBagShow < Knife::DataBagShow
+      include Knife::SecureBagBase
+
+      banner "knife secure bag show BAG [ITEM] (options)"
+      category "secure bag"
+
+      def load_item(bag, item_name)
+        item = Chef::DataBagItem.load(bag, item_name)
+        @raw_data = item.raw_data
+
+        if use_encryption
+          item = Chef::EncryptedDataBagItem.new(@raw_data, read_secret)
+        end
+
+        #item = SecureDataBag::Item.from_item(item, read_secret)
+        item.to_hash
+      end
+
+      def run
+        display = case @name_args.length
+                  when 2
+                    item = load_item(@name_args[0], @name_args[1])
+                    display = format_for_display(item)
+                  when 1
+                    format_list_for_display(Chef::DataBag.load(@name_args[0]))
+                  else
+                    stdout.puts opt_parser
+                    exit(1)
+                  end
+        output(display)
+      end
+    end
+  end
+end
+

data/lib/secure_data_bag.rb

@@ -1,30 +1,6 @@
 
-module SecureDataBag
-end
-
 require "secure_data_bag/version"
-require "secure_data_bag/secure_data_bag_item.rb"
-require "secure_data_bag/decryptor.rb"
-require "secure_data_bag/encryptor.rb"
-
-class Chef
-  module DSL
-    module DataQuery
-      def secure_data_bag_item(bag, item)
-        DataBag.validate_name!(bag.to_s)
-        SecureDataBagItem.validate_id!(item)
-        SecureDataBagItem.load(bag, item)
-      rescue Exception
-        Log.error("Failed to load secure data bag item: #{bag.inspect} #{item.inspect}")
-        raise
-      end
-
-      def secure_data_bag_item!(item, fields=[])
-        secure = SecureDataBag::SecureDataBagItem.from_item item
-        secure.encoded_fields secure.encoded_fields + fields
-        secure
-      end
-    end
-  end
-end
+require "secure_data_bag/secure_data_bag_item"
+require "secure_data_bag/decryptor"
+require "secure_data_bag/encryptor"
 

data/lib/secure_data_bag/decryptor.rb

@@ -6,29 +6,22 @@ require 'base64'
 require 'digest/sha2'
 
 module SecureDataBag
-  class SecureDataBagItem
+  class Item
     class Decryptor
-      attr_reader :key
-      attr_reader :encryption
-      attr_reader :encrypted_hash
-
       def initialize(encrypted_hash, encryption, key)
         @encryption = encryption
         @encrypted_hash = encrypted_hash
         @key = key
+        @iv = nil
       end
 
       def for_decrypted_item
-        pp "decrypted_hash"
         decrypted_hash
       end
 
-      def decryption_error(e=nil)
-        msg = "Error decrypting data bag value"
-        msg << ": '#{e.message}'" if e
-        msg << ". Most likely the provided key is incorrect"
-        msg
-      end
+      attr_reader :encrypted_hash
+      attr_reader :encryption
+      attr_reader :key
 
       def iv
         @iv ||= begin
@@ -46,7 +39,15 @@ module SecureDataBag
       def decrypt_hash(hash)
         hash.each do |k,v|
           if encryption[:encoded_fields].include?(k)
-            v = decrypt_value(v)
+            begin
+              v = decrypt_value(v)
+            rescue Yajl::ParseError
+              raise DecryptionFailure, 
+                "Error decrypting data bag value for #{k}."
+            rescue OpenSSL::Cipher::CipherError => e
+              raise DecryptionFailure, 
+                "Error decrypting data bag value for #{k}: #{e.message}"
+            end
           elsif v.is_a? Hash
             v = decrypt_hash(v)
           end

data/lib/secure_data_bag/encryptor.rb

@@ -6,13 +6,8 @@ require 'base64'
 require 'digest/sha2'
 
 module SecureDataBag
-  class SecureDataBagItem
+  class Item
     class Encryptor
-      attr_reader :encryption
-      attr_reader :unencrypted_hash
-      attr_reader :encoded_fields
-      attr_reader :key
-
       def initialize(unencrypted_hash, encryption, key)
         @encryption = encryption
         @unencrypted_hash = unencrypted_hash
@@ -28,8 +23,12 @@ module SecureDataBag
         data.merge({encryption:encryption_hash})
       end
 
+      attr_reader :unencrypted_hash
+      attr_reader :encoded_fields
+      attr_reader :encryption
+      attr_reader :key
+
       def encrypted_hash
-        pp "encrypted_hash"
         @encrypted_data ||= begin
           encrypt_hash(unencrypted_hash.dup) 
         end

data/lib/secure_data_bag/secure_data_bag_item.rb

@@ -11,27 +11,21 @@ module SecureDataBag
   # crypto functions, it should be used the same way.
   #
 
-  class SecureDataBagItem < Chef::DataBagItem
-    def initialize
-      super
-
-      @secret = nil
-      @key = nil
-      @cipher = nil
-      @iv = nil
-      @algorithm = nil
-      @encoded_fields = []
-      @default_encoded_fields = ["password"]
+  class Item < Chef::DataBagItem
+    def initialize(key=nil)
+      super()
+
+      @secret = Chef::Config[:encrypted_data_bag_secret]
+      @key = key
+      @raw_data = {}
+      @encode_fields = ["password"]
     end
 
     #
-    # Define attributes for encryption related tasks
+    # Methods for encryption key
     #
 
-    attr_reader :default_encoded_fields
-
     def secret(arg=nil)
-      arg ||= Chef::Config[:encrypted_data_bag_secret] if @secret.nil?
       set_or_return(:secret, arg, kind_of: String)
     end
 
@@ -41,86 +35,123 @@ module SecureDataBag
     end
 
     def load_key
-      unless secret
-        raise ArgumentError, "No secret specified and no secret found."
-      end
+      @key = self.class.load_secret(secret)
+    end
+
+    def self.load_secret(path=nil)
+      path ||= Chef::Config[:encrypted_data_bag_secret]
 
-      key = case secret
-      when /^\w+:\/\// # Remove key
-        begin
-          Kernel.open(path).read.strip
-        rescue Errno::ECONNREFUSED
-          raise ArgumentError, "Remove key not available from '#{secret}'"
-        rescue OpenURI::HTTPError
-          raise ArgumentError, "Remove key not found at '#{secret}'"
-        end
-      else
-        unless File.exist?(secret)
-          raise Errno::ENOENT, "file not found '#{secret}'"
-        end
-        IO.read(secret).strip
+      unless path
+       raise ArgumentError, "No secret specified and no secret found."
       end
 
+      key = case path
+            when /^\w+:\/\// # Remove key
+              begin
+                Kernel.open(path).read.strip
+              rescue Errno::ECONNREFUSED
+                raise ArgumentError, "Remove key not available from '#{path}'"
+              rescue OpenURI::HTTPError
+                raise ArgumentError, "Remove key not found at '#{path}'"
+              end
+            else
+              unless File.exist?(path)
+                raise Errno::ENOENT, "file not found '#{path}'"
+              end
+              IO.read(path).strip
+            end
+
       if key.size < 1
-        raise ArgumentError, "invalid zero length secret in '#{secret}'"
+        raise ArgumentError, "invalid zero length path in '#{path}'"
       end
+
       key
     end
 
-    def cipher(arg=nil)
-      arg ||= "aes-256-cbc" if @cipher.nil?
-      set_or_return(:cipher, arg, kind_of: String)
-    end
+    #
+    # Wrapper for raw_data encryption settings
+    # - always ensure that encryption hash is present
+    # - always ensure encryption settings have defaults
+    #
 
-    def iv(arg=nil)
-      set_or_return(:iv, arg, kind_of: String)
+    def encryption(arg=nil)
+      @raw_data[:encryption] ||= {}
+      @raw_data[:encryption] = arg unless arg.nil?
+      encryption = @raw_data[:encryption]
+      encryption[:iv] = nil if encryption[:iv].nil?
+      encryption[:cipher] = "aes-256-cbc" if encryption[:cipher].nil?
+      encryption[:encoded_fields] = [] if encryption[:encoded_fields].nil?
+      encryption
     end
 
     #
-    # These are either the fields which are currently encoded or those that
-    # we wish to encode
+    # Setter for @raw_data
+    # - ensure the data we receive is a Mash to support symbols
+    # - pass it to DataBagItem for additional validation
+    # - ensure the data has the encryption hash
+    # - decode the data
     #
 
-    def encoded_fields(arg=nil)
-      arg = arg.uniq if arg
-      set_or_return(:encoded_fields, arg, kind_of: Array)
+    def raw_data=(data)
+      data = Mash.new(data)
+      super data
+      encryption
+      decode_data!
     end
 
     #
-    # The encryption definition
+    # Determine whether the data is encoded or not
+    # - yeah, it's pretty naive
     #
 
-    def encryption
-      {
-        iv: iv,
-        cipher: cipher,
-        encoded_fields: encoded_fields + default_encoded_fields
-      }
+    def encoded?
+      not encryption[:encoded_fields].empty?
     end
 
-    def raw_data=(enc_data)
-      super enc_data
-      decode_data
+    #
+    # Fields we wish to encode
+    # - this differs from encryption[:encoded_fields] and will get merged
+    #   into the latter upon an encode
+    #
+
+    def encode_fields(arg=nil)
+      arg = Array(arg).uniq if arg
+      set_or_return(:encode_fields, arg, kind_of: Array).uniq
     end
 
     #
     # Encoder / Decoder
     #
 
-    def decode_data
-      if @raw_data.key? :encryption
-        encryption = @raw_data.delete(:encryption) || {}
+    def decode_data!
+      #
+      # Ensure that we save previously encoded fields into our list of fields
+      # we wish to encode next time
+      #
+      encode_fields.concat(encryption[:encoded_fields]).uniq!
+      @raw_data = decoded_data if encoded?
+      @raw_data
+    end
 
-        cipher  encryption[:cipher]
-        iv      encryption[:iv]
-        encoded_fields  encryption[:encoded_fields]
+    def decoded_data
+      data = Decryptor.new(raw_data, encryption, key).for_decrypted_item
+      data[:encryption][:encoded_fields] = []
+      data
+    end
 
-        @raw_data = decode_data
-      end
-      @raw_data
+    def encode_data!
+      @raw_data = encoded_data
     end
 
-    def encode_data
+    def encoded_data
+      #
+      # When encoding data we'll merge those fields already encoded during
+      # the previous state, found in encryption[:encoded_fields] with those
+      # which we wish to encode
+      #
+      encryption = self.encryption.dup
+      encryption[:encoded_fields] = @encode_fields.
+        concat(encryption[:encoded_fields]).uniq
       Encryptor.new(raw_data, encryption, key).for_encrypted_item
     end
 
@@ -128,21 +159,20 @@ module SecureDataBag
     # Transitions
     #
 
-    def self.from_hash(h)
-      m = Mash.new(h)
-      item = new
-      item.raw_data = m
+    def self.from_hash(h, key=nil)
+      item = new(key)
+      item.raw_data = h
       item
     end
 
-    def self.from_item(h)
-      item = self.from_hash(h.to_hash)
+    def self.from_item(h, key=nil)
+      item = self.from_hash(h.to_hash, key)
       item.data_bag h.data_bag
       item
     end
 
-    def to_hash
-      result = encode_data
+    def to_hash(encoded = true)
+      result = encoded ? encoded_data : decoded_data
       result["chef_type"] = "data_bag_item"
       result["data_bag"] = self.data_bag
       result
@@ -154,7 +184,7 @@ module SecureDataBag
         json_class: "Chef::DataBagItem",
         chef_type: "data_bag_item",
         data_bag: self.data_bag,
-        raw_data: encode_data
+        raw_data: encoded_data
       }
       result.to_json(*a)
     end

data/lib/secure_data_bag/version.rb

@@ -1,5 +1,5 @@
 
 module SecureDataBag
-  VERSION = "1.0.5"
+  VERSION = "1.1.1"
 end
 

data/secure_data_bag.gemspec

@@ -8,16 +8,19 @@ Gem::Specification.new do |spec|
   spec.version       = SecureDataBag::VERSION
   spec.authors       = ["Jonathan Serafini"]
   spec.email         = ["jonathan@lightspeedretail.com"]
-  spec.summary       = 'Partially encrypted chef data bag items'
-  spec.description   = 'Provides a mechanism to partially encrypt data bag items and therefore ensure that they are searchable'
-  spec.homepage      = ""
+  spec.summary       = "Per-field data bag item encryption"
+  spec.description   = "Provides a mechanism to partially encrypt data bag items and therefore ensure that they are searchable"
   spec.license       = "MIT"
-  spec.homepage      = 'https://github.com/lightspeedretail'
+  spec.homepage      = 
+    "https://github.com/JonathanSerafini/chef-secure_data_bag"
   spec.files         = `git ls-files -z`.split("\x0")
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  #spec.add_development_dependency "bundler", "~> 1.6"
+  spec.add_dependency  'chef'
+  spec.add_dependency  'yajl-ruby'
+
+  spec.add_development_dependency "bundler", "~> 1.6"
   spec.add_development_dependency "rake"
 end

metadata

@@ -1,15 +1,57 @@
 --- !ruby/object:Gem::Specification
 name: secure_data_bag
 version: !ruby/object:Gem::Version
-  version: 1.0.5
+  version: 1.1.1
 platform: ruby
 authors:
 - Jonathan Serafini
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-08-14 00:00:00.000000000 Z
+date: 2014-08-15 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: chef
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yajl-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.6'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -37,13 +79,19 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- lib/chef/dsl/data_query.rb
+- lib/chef/knife/secure_bag_base.rb
+- lib/chef/knife/secure_bag_create.rb
+- lib/chef/knife/secure_bag_edit.rb
+- lib/chef/knife/secure_bag_from_file.rb
+- lib/chef/knife/secure_bag_show.rb
 - lib/secure_data_bag.rb
 - lib/secure_data_bag/decryptor.rb
 - lib/secure_data_bag/encryptor.rb
 - lib/secure_data_bag/secure_data_bag_item.rb
 - lib/secure_data_bag/version.rb
 - secure_data_bag.gemspec
-homepage: https://github.com/lightspeedretail
+homepage: https://github.com/JonathanSerafini/chef-secure_data_bag
 licenses:
 - MIT
 metadata: {}
@@ -66,5 +114,5 @@ rubyforge_project:
 rubygems_version: 2.1.11
 signing_key: 
 specification_version: 4
-summary: Partially encrypted chef data bag items
+summary: Per-field data bag item encryption
 test_files: []