secure_yaml 1.1.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.md +11 -4
- data/lib/secure_yaml/version.rb +1 -1
- data/lib/secure_yaml/yaml_decrypter.rb +1 -1
- data/lib/secure_yaml.rb +4 -15
- data/spec/fixtures/test.yml +2 -0
- data/spec/integration/secure_yaml_spec.rb +29 -0
- data/spec/secure_yaml_spec.rb +20 -9
- data/spec/{secure_yaml → unit/secure_yaml}/cipher_spec.rb +0 -0
- data/spec/{secure_yaml → unit/secure_yaml}/cli/property_encryption_application_spec.rb +0 -0
- data/spec/{secure_yaml → unit/secure_yaml}/loader_spec.rb +0 -0
- data/spec/{secure_yaml → unit/secure_yaml}/yaml_decrypter_spec.rb +0 -0
- metadata +8 -6
data/README.md
CHANGED
|
@@ -71,17 +71,24 @@ decrypted_yaml = SecureYaml::load(File.open('database.yml'))
|
|
|
71
71
|
decrypted_yaml = SecureYaml::load(File.open('database.yml'), 'NEW_SECRET_KEY_PROPERTY_NAME')
|
|
72
72
|
```
|
|
73
73
|
|
|
74
|
+
<br />
|
|
74
75
|
### Customising decryption
|
|
75
76
|
|
|
76
77
|
The default decryption method applied by this library when loading a YAML file is [AES-256-CFB](http://en.wikipedia.org/wiki/Advanced_Encryption_Standard).
|
|
77
|
-
However, if you wish to, you can specify your own custom decryption:
|
|
78
|
+
However, if you wish to, you can specify your own custom decryption algorithm:
|
|
78
79
|
|
|
79
80
|
```ruby
|
|
80
81
|
require 'secure_yaml'
|
|
81
82
|
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
83
|
+
custom_decryption_algorithm = Class.new {
|
|
84
|
+
def self.decrypt(secret_key, encrypted_data)
|
|
85
|
+
"your decrypted data returned here"
|
|
86
|
+
end
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
decrypted_yaml = SecureYaml::load(File.open('database.yml'), {
|
|
90
|
+
:decryption_algorithm => custom_decryption_algorithm
|
|
91
|
+
})
|
|
85
92
|
```
|
|
86
93
|
|
|
87
94
|
|
data/lib/secure_yaml/version.rb
CHANGED
|
@@ -12,7 +12,7 @@ module SecureYaml
|
|
|
12
12
|
def decrypt(yaml)
|
|
13
13
|
case yaml
|
|
14
14
|
when Hash
|
|
15
|
-
yaml.inject({}) {|new_hash, (key, value)| new_hash[key] = decrypt(value); new_hash}
|
|
15
|
+
yaml.inject({}) {|new_hash, (key, value)| new_hash[key.to_sym] = decrypt(value); new_hash}
|
|
16
16
|
when String
|
|
17
17
|
yaml.gsub(/^#{ENCRYPTED_PROPERTY_WRAPPER_ID}\((.*)\)$/) {@decryption_algorithm.decrypt(@secret_key, $1)}
|
|
18
18
|
else
|
data/lib/secure_yaml.rb
CHANGED
|
@@ -7,10 +7,11 @@ module SecureYaml
|
|
|
7
7
|
|
|
8
8
|
DEFAULT_SECRET_KEY_PROP_NAME = 'PROPERTIES_ENCRYPTION_PASSWORD'
|
|
9
9
|
|
|
10
|
-
def self.load(yaml_file,
|
|
11
|
-
|
|
10
|
+
def self.load(yaml_file, opts = {})
|
|
11
|
+
opts[:secret_key_property_name] ||= DEFAULT_SECRET_KEY_PROP_NAME
|
|
12
|
+
opts[:decryption_algorithm] ||= Cipher.new
|
|
12
13
|
|
|
13
|
-
yaml_loader(decryption_algorithm, retrieve_secret_key(
|
|
14
|
+
yaml_loader(opts[:decryption_algorithm], retrieve_secret_key(opts[:secret_key_property_name])).load(yaml_file)
|
|
14
15
|
end
|
|
15
16
|
|
|
16
17
|
private
|
|
@@ -21,18 +22,6 @@ module SecureYaml
|
|
|
21
22
|
secret_key
|
|
22
23
|
end
|
|
23
24
|
|
|
24
|
-
def self.custom_decryption_algorithm(decryption_block)
|
|
25
|
-
Class.new {
|
|
26
|
-
def initialize(decryption_block)
|
|
27
|
-
@decryption_block = decryption_block
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
def decrypt(secret_key, encrypted_data)
|
|
31
|
-
@decryption_block.call(secret_key, encrypted_data)
|
|
32
|
-
end
|
|
33
|
-
}.new(decryption_block)
|
|
34
|
-
end
|
|
35
|
-
|
|
36
25
|
def self.yaml_loader(decryption_algorithm, secret_key)
|
|
37
26
|
Loader.new(YamlDecrypter.new(decryption_algorithm, secret_key))
|
|
38
27
|
end
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe 'SecureYaml' do
|
|
4
|
+
|
|
5
|
+
before(:each) do
|
|
6
|
+
@secret_key = 'secret'
|
|
7
|
+
ENV[SecureYaml::DEFAULT_SECRET_KEY_PROP_NAME] = @secret_key
|
|
8
|
+
@test_yaml_file = File.open('spec/fixtures/test.yml')
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
it 'should load decrypted yaml file using default decryption algorithm' do
|
|
12
|
+
yaml = SecureYaml::load(@test_yaml_file)
|
|
13
|
+
|
|
14
|
+
yaml.should == {:plain_prop => '1234', :encrypted_prop => 'secret-text'}
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
it 'should load decrypted yaml file using custom decryption algorithm' do
|
|
18
|
+
custom_decryption_algorithm = Class.new {
|
|
19
|
+
def self.decrypt(secret_key, encrypted_data)
|
|
20
|
+
"decrypted!"
|
|
21
|
+
end
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
yaml = SecureYaml::load(@test_yaml_file, {:decryption_algorithm => custom_decryption_algorithm})
|
|
25
|
+
|
|
26
|
+
yaml.should == {:plain_prop => '1234', :encrypted_prop => 'decrypted!'}
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
end
|
data/spec/secure_yaml_spec.rb
CHANGED
|
@@ -5,14 +5,20 @@ describe 'SecureYaml' do
|
|
|
5
5
|
before(:each) do
|
|
6
6
|
@secret_key = 'secret key'
|
|
7
7
|
@yaml = {:prop => 'test'}
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
SecureYaml::
|
|
8
|
+
|
|
9
|
+
@default_decryption_algorithm = double(SecureYaml::Cipher)
|
|
10
|
+
SecureYaml::Cipher.stub(:new).and_return(@default_decryption_algorithm)
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
@loader = double(SecureYaml::Loader)
|
|
14
|
+
@yaml_decrypter = double(SecureYaml::YamlDecrypter)
|
|
15
|
+
SecureYaml::Loader.stub(:new).with(@yaml_decrypter).and_return(@loader)
|
|
16
|
+
@loader.stub(:load).and_return(@yaml)
|
|
11
17
|
end
|
|
12
18
|
|
|
13
19
|
it 'should load decrypted yaml file' do
|
|
14
|
-
|
|
15
20
|
ENV[SecureYaml::DEFAULT_SECRET_KEY_PROP_NAME] = @secret_key
|
|
21
|
+
SecureYaml::YamlDecrypter.stub(:new).with(@default_decryption_algorithm, @secret_key).and_return(@yaml_decrypter)
|
|
16
22
|
|
|
17
23
|
yaml = SecureYaml::load(double(File))
|
|
18
24
|
|
|
@@ -28,18 +34,23 @@ describe 'SecureYaml' do
|
|
|
28
34
|
it 'should allow use of custom secret key property name' do
|
|
29
35
|
custom_secret_key_prop_name = 'CUSTOMER_SECRET_KEY_PROP_NAME'
|
|
30
36
|
ENV[custom_secret_key_prop_name] = @secret_key
|
|
37
|
+
SecureYaml::YamlDecrypter.stub(:new).with(@default_decryption_algorithm, @secret_key).and_return(@yaml_decrypter)
|
|
31
38
|
|
|
32
|
-
yaml = SecureYaml::load(double(File), custom_secret_key_prop_name)
|
|
39
|
+
yaml = SecureYaml::load(double(File), {:secret_key_property_name => custom_secret_key_prop_name})
|
|
33
40
|
|
|
34
41
|
yaml.should == @yaml
|
|
35
42
|
end
|
|
36
43
|
|
|
37
44
|
it 'should allow use of custom decryption algorithm' do
|
|
38
45
|
ENV[SecureYaml::DEFAULT_SECRET_KEY_PROP_NAME] = @secret_key
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
46
|
+
custom_decryption_algorithm = Class.new {
|
|
47
|
+
def self.decrypt(secret_key, encrypted_data)
|
|
48
|
+
"decrypt data here from #{secret_key} and #{encrypted_data}"
|
|
49
|
+
end
|
|
50
|
+
}
|
|
51
|
+
SecureYaml::YamlDecrypter.stub(:new).with(custom_decryption_algorithm, @secret_key).and_return(@yaml_decrypter)
|
|
52
|
+
|
|
53
|
+
yaml = SecureYaml::load(double(File), {:decryption_algorithm => custom_decryption_algorithm})
|
|
43
54
|
|
|
44
55
|
yaml.should == @yaml
|
|
45
56
|
end
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: secure_yaml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2012-08-
|
|
12
|
+
date: 2012-08-28 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rspec
|
|
@@ -96,12 +96,14 @@ files:
|
|
|
96
96
|
- lib/secure_yaml/version.rb
|
|
97
97
|
- lib/secure_yaml/yaml_decrypter.rb
|
|
98
98
|
- secure_yaml.gemspec
|
|
99
|
-
- spec/
|
|
100
|
-
- spec/
|
|
101
|
-
- spec/secure_yaml/loader_spec.rb
|
|
102
|
-
- spec/secure_yaml/yaml_decrypter_spec.rb
|
|
99
|
+
- spec/fixtures/test.yml
|
|
100
|
+
- spec/integration/secure_yaml_spec.rb
|
|
103
101
|
- spec/secure_yaml_spec.rb
|
|
104
102
|
- spec/spec_helper.rb
|
|
103
|
+
- spec/unit/secure_yaml/cipher_spec.rb
|
|
104
|
+
- spec/unit/secure_yaml/cli/property_encryption_application_spec.rb
|
|
105
|
+
- spec/unit/secure_yaml/loader_spec.rb
|
|
106
|
+
- spec/unit/secure_yaml/yaml_decrypter_spec.rb
|
|
105
107
|
homepage: https://github.com/qmg-hlewis/secure_yaml
|
|
106
108
|
licenses: []
|
|
107
109
|
post_install_message:
|