secure_yaml_2 2.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 167d84bdf5fe42049700e9d4ba54dbf21713597c16b770eaed129cf720c528b5
+  data.tar.gz: 2a6ac9b2a603f192daacfebd8f90f8cdf93a2bed21f4498979e0e72255368efe
+SHA512:
+  metadata.gz: 4ca2685c567a395b3de60c04dd1a99a6a9640513098d2168f867a99ee15f9bdf73522453f693279097e565e31e83c62976a4701ca31b01ec1bc772af6cb2451b
+  data.tar.gz: b05af0c5798f12ac926c036af923099c9ce35de97fb8c6d53761642103ea39bd0b853232d68b3bdc240918866e6adc0c3905b609d7f0939b219bbd29bd40a878

data/.github/workflows/gem-push.yml

@@ -0,0 +1,48 @@
+name: Ruby Gem
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+jobs:
+  build:
+    name: Build + Publish
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Ruby 3.2
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+    # uses: ruby/setup-ruby@v1
+      uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
+      with:
+        ruby-version: 3.2.2
+
+    - name: Publish to GPR
+      run: |
+        mkdir -p $HOME/.gem
+        touch $HOME/.gem/credentials
+        chmod 0600 $HOME/.gem/credentials
+        printf -- "---\n:github: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+        gem build *.gemspec
+        gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem
+      env:
+        GEM_HOST_API_KEY: "Bearer ${{secrets.GITHUB_TOKEN}}"
+        OWNER: ${{ github.repository_owner }}
+
+    - name: Publish to RubyGems
+      run: |
+        mkdir -p $HOME/.gem
+        touch $HOME/.gem/credentials
+        chmod 0600 $HOME/.gem/credentials
+        printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+        gem build *.gemspec
+        gem push *.gem
+      env:
+        GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}"

data/.gitignore

@@ -0,0 +1,13 @@
+.*
+!.gitignore
+!.rvmrc
+*.log
+*.iws
+*.orig
+*.iml
+*.ipr
+.idea
+*.ids
+*.gem
+.bundle
+Gemfile.lock

data/.rvmrc

@@ -0,0 +1 @@
+rvm ruby-3.2.2

data/Gemfile

@@ -0,0 +1,3 @@
+source "http://rubygems.org"
+
+gemspec

data/README.md

@@ -0,0 +1,105 @@
+### Overview
+
+The storage of sensitive information (such as usernames and passwords) within source control is commonly avoided due to security concerns, i.e. an untrusted person gaining access to your code, would have access to your production database password.
+
+This library attempts to address this concern by allowing sensitive information to be stored in YAML files in an encrypted form. Inspired by [Jasypt](http://www.jasypt.org/encrypting-configuration.html).
+<br />
+
+### Usage
+
+<strong>1) Install the secure_yaml gem</strong>
+
+```
+> gem install secure_yaml
+```
+<br />
+
+<strong>2) Encrypt your sensitive properties, and copy them into your YAML file</strong>
+
+The gem provides a simple command line utility called ```encrypt_property_for_yaml``` that prints out the encrypted form of a plain text property.
+
+```
+USAGE: encrypt_property_for_yaml encrypt|decrypt <SECRET_KEY> <PROPERTY_VALUE_TO_ENCRYPT>
+```
+
+For example:
+
+```
+> encrypt_property_for_yaml abc12345678 jdbc:mysql://11.22.33.44:3306/prod
+ENC(1BVzrT18dxWisIKUPkq9k0SB/aKcT70VawodxucI)  <-- copy this value into your YAML file
+```
+
+When completed, your YAML file might look something like the following:
+
+```
+production:
+  db_adapter: mysql
+  db_url: ENC(1BVzrT18dxWisIKUPkq9k0SB/aKcT70VawodxucI)
+  db_username: ENC(4BEzrT18dxdisIKFPkw7k0SB/hKcT80VawodxuwT)
+  db_password: ENC(2BVzrQ79deWisIKUPkq9k8SB/aKcT74CawoExuiP)
+  pool: 5
+  timeout: 5000
+
+```
+
+Note:
+* your YAML file can consist of a combination of plain text and encrypted property values
+* the encrypted properties can be positioned within the YAML at any nested depth.
+
+<br />
+
+<strong>3) Supply the secret key (used by the encryption process in step 2) as an environmental property to your running app</strong>
+
+By default, the expected name of this environmental property is 'PROPERTIES_ENCRYPTION_PASSWORD', but can be overridden if required.
+
+```
+export PROPERTIES_ENCRYPTION_PASSWORD=abc12345678; ruby app.rb
+```
+
+<strong>*** The value of the secret key must NOT be submitted to source control. Knowing the secret key allows a person to easily decrypt your properties.</strong>
+<br />
+<br />
+
+<strong>4) Load and use the decrypted version of your YAML file within your app</strong>
+
+```ruby
+require 'secure_yaml'
+
+decrypted_yaml = SecureYaml::load(File.open('database.yml'))
+
+# Alternatively, to override the default secret key environmental property name:
+decrypted_yaml = SecureYaml::load(File.open('database.yml'), {
+  :secret_key_property_name => 'NEW_SECRET_KEY_PROPERTY_NAME'
+})
+```
+
+<br />
+<strong>4) Parse and use the decrypted version of a YAML string within your app</strong>
+
+```ruby
+require 'secure_yaml'
+
+decrypted_yaml = SecureYaml::parse("some correctly formatted yaml text")
+```
+<br />
+
+### Customising decryption
+
+The default decryption method applied by this library when loading a YAML file is [AES-256-CFB](http://en.wikipedia.org/wiki/Advanced_Encryption_Standard).
+However, if you wish to, you can specify your own custom decryption algorithm:
+
+```ruby
+require 'secure_yaml'
+
+custom_decryption_algorithm = Class.new {
+  def self.decrypt(secret_key, encrypted_data)
+    "your decrypted data returned here"
+  end
+}
+
+decrypted_yaml = SecureYaml::load(File.open('database.yml'), {
+  :decryption_algorithm => custom_decryption_algorithm
+})
+```
+
+

data/Rakefile

@@ -0,0 +1,7 @@
+require 'bundler'
+require 'rspec/core/rake_task'
+
+Bundler::GemHelper.install_tasks
+
+desc "run specs"
+RSpec::Core::RakeTask.new

data/bin/encrypt_property_for_yaml

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require "secure_yaml/cli/property_encryption_application"
+
+SecureYaml::PropertyEncryptionApplication.new.execute(ARGV)

data/lib/secure_yaml/cipher.rb

@@ -0,0 +1,34 @@
+require 'openssl'
+require 'digest/sha2'
+require 'base64'
+
+module SecureYaml
+
+  class Cipher
+
+    def encrypt(secret_key, plain_data)
+      cipher = create_cipher(:encrypt, secret_key)
+      strip_newline_chars_from_base64(Base64.encode64(cipher.update(plain_data) + cipher.final))
+    end
+
+    def decrypt(secret_key, encrypted_data)
+      cipher = create_cipher(:decrypt, secret_key)
+      cipher.update(Base64.decode64(encrypted_data)) + cipher.final
+    end
+
+    private
+
+    def create_cipher(mode, secret_key)
+      cipher = OpenSSL::Cipher.new("AES-256-CFB")
+      cipher.send(mode)
+      cipher.key = Digest::SHA2.new(256).digest(secret_key)
+      cipher
+    end
+
+    def strip_newline_chars_from_base64(base64)
+      base64.gsub("\n", '')
+    end
+
+  end
+
+end

data/lib/secure_yaml/cli/property_encryption_application.rb

@@ -0,0 +1,24 @@
+require "secure_yaml"
+
+module SecureYaml
+
+  class PropertyEncryptionApplication
+
+    def execute(command_line_args)
+
+      raise "USAGE: encrypt_property_for_yaml encrypt|decrypt <SECRET_KEY> <PROPERTY_VALUE_TO_ENCRYPT>" unless command_line_args.length == 3
+
+      mode = command_line_args[0]
+      secret_key = command_line_args[1]
+      plain_text = command_line_args[2]
+
+      if mode == 'encrypt'
+            puts "#{ENCRYPTED_PROPERTY_WRAPPER_ID}(#{Cipher.new.encrypt(secret_key, plain_text)})"
+      else
+            puts Cipher.new.decrypt(secret_key, plain_text)
+      end
+    end
+
+  end
+
+end

data/lib/secure_yaml/loader.rb

@@ -0,0 +1,17 @@
+require 'secure_yaml/yaml_decrypter'
+
+module SecureYaml
+
+  class Loader
+
+    def initialize(yaml_decrypter)
+      @yaml_decrypter = yaml_decrypter
+    end
+
+    def load(yaml_file)
+      @yaml_decrypter.decrypt(YAML::load(yaml_file, aliases: true))
+    end
+
+  end
+
+end

data/lib/secure_yaml/version.rb

@@ -0,0 +1,5 @@
+module SecureYaml
+
+  VERSION = "2.0.2"
+
+end

data/lib/secure_yaml/yaml_decrypter.rb

@@ -0,0 +1,27 @@
+require 'yaml'
+
+module SecureYaml
+
+  class YamlDecrypter
+
+    def initialize(decryption_algorithm, secret_key)
+      @decryption_algorithm = decryption_algorithm
+      @secret_key = secret_key
+    end
+
+    def decrypt(yaml)
+      case yaml
+        when Hash
+          yaml.inject({}) {|new_hash, (key, value)| new_hash[key] = decrypt(value); new_hash}
+        when String
+          yaml.gsub(/\b#{ENCRYPTED_PROPERTY_WRAPPER_ID}\((.*)\)(?:\b|$)/) {@decryption_algorithm.decrypt(@secret_key, $1)}
+        when Array
+          yaml.map {|element| decrypt(element)}
+        else
+          yaml
+      end
+    end
+
+  end
+
+end

data/lib/secure_yaml.rb

@@ -0,0 +1,33 @@
+require 'secure_yaml/loader'
+require 'secure_yaml/cipher'
+
+module SecureYaml
+
+  ENCRYPTED_PROPERTY_WRAPPER_ID = 'ENC'
+
+  DEFAULT_SECRET_KEY_PROP_NAME = 'PROPERTIES_ENCRYPTION_PASSWORD'
+
+  def self.load(yaml_file, opts = {})
+    opts[:secret_key_property_name] ||= DEFAULT_SECRET_KEY_PROP_NAME
+    opts[:decryption_algorithm] ||= Cipher.new
+
+    yaml_loader(opts[:decryption_algorithm], retrieve_secret_key(opts[:secret_key_property_name])).load(yaml_file)
+  end
+
+  def self.parse(yaml, opts = {})
+    load(StringIO.new(yaml), opts)
+  end
+
+  private
+
+  def self.retrieve_secret_key(secret_key_prop_name)
+    secret_key = ENV[secret_key_prop_name]
+    raise "#{secret_key_prop_name} env property not found" if secret_key.nil?
+    secret_key
+  end
+
+  def self.yaml_loader(decryption_algorithm, secret_key)
+    Loader.new(YamlDecrypter.new(decryption_algorithm, secret_key))
+  end
+
+end

data/secure_yaml.gemspec

@@ -0,0 +1,26 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "secure_yaml/version"
+
+Gem::Specification.new do |s|
+  s.name        = "secure_yaml_2"
+  s.version     = SecureYaml::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["Huw Lewis"]
+  s.email       = ["huwtlewis@gmail.com"]
+  s.homepage    = "https://github.com/qmg-hlewis/secure_yaml"
+  s.summary     = %q{encryption protection for sensitive yaml properties}
+  s.description = %q{encryption protection for sensitive yaml properties}
+
+  s.rubyforge_project = "secure_yaml_2"
+
+  s.files         = `git ls-files`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_development_dependency 'rspec', "~> 2.10"
+  s.add_development_dependency 'rspec-mocks', "~> 2.10"
+  s.add_development_dependency 'bundler', "~> 1.1"
+  s.add_development_dependency 'rake', "~> 0.9"
+
+end

data/spec/fixtures/test.yml

@@ -0,0 +1,2 @@
+plain_prop: "1234"
+encrypted_prop: "ENC(EBnrEqmvC5BbOXw=)"

data/spec/integration/secure_yaml_spec.rb

@@ -0,0 +1,37 @@
+require 'spec_helper'
+
+describe 'SecureYaml' do
+
+  before(:each) do
+    @secret_key = 'secret'
+    ENV[SecureYaml::DEFAULT_SECRET_KEY_PROP_NAME] = @secret_key
+    @test_yaml_file = File.open('spec/fixtures/test.yml')
+  end
+
+  it 'should load encrypted yaml file using default decryption algorithm' do
+    yaml = SecureYaml::load(@test_yaml_file)
+
+    yaml.should == {'plain_prop' => '1234', 'encrypted_prop' => 'secret-text'}
+  end
+
+  it 'should decrypt yaml using custom decryption algorithm' do
+    custom_decryption_algorithm = Class.new {
+      def self.decrypt(secret_key, encrypted_data)
+        "decrypted!"
+      end
+    }
+
+    yaml = SecureYaml::load(@test_yaml_file, {:decryption_algorithm => custom_decryption_algorithm})
+
+    yaml.should == {'plain_prop' => '1234', 'encrypted_prop' => 'decrypted!'}
+  end
+
+  it 'should parse encrypted yaml string using default decryption algorithm' do
+    encrypted_yaml_str = {:plain_prop => '1234', :encrypted_prop => 'ENC(EBnrEqmvC5BbOXw=)'}.to_yaml
+
+    yaml = SecureYaml::parse(encrypted_yaml_str)
+
+    yaml.should == {:plain_prop => '1234', :encrypted_prop => 'secret-text'}
+  end
+
+end

data/spec/secure_yaml_spec.rb

@@ -0,0 +1,67 @@
+require 'spec_helper'
+
+describe 'SecureYaml' do
+
+  before(:each) do
+    @secret_key = 'secret key'
+    @yaml = {:prop => 'test'}
+
+    @default_decryption_algorithm = double(SecureYaml::Cipher)
+    SecureYaml::Cipher.stub(:new).and_return(@default_decryption_algorithm)
+
+
+    @loader = double(SecureYaml::Loader)
+    @yaml_decrypter = double(SecureYaml::YamlDecrypter)
+    SecureYaml::Loader.stub(:new).with(@yaml_decrypter).and_return(@loader)
+    @loader.stub(:load).and_return(@yaml)
+  end
+
+  it 'should load encrypted yaml file' do
+    ENV[SecureYaml::DEFAULT_SECRET_KEY_PROP_NAME] = @secret_key
+    SecureYaml::YamlDecrypter.stub(:new).with(@default_decryption_algorithm, @secret_key).and_return(@yaml_decrypter)
+
+    yaml = SecureYaml::load(double(File))
+
+    yaml.should == @yaml
+  end
+
+  it 'should parse encrypted yaml string' do
+    ENV[SecureYaml::DEFAULT_SECRET_KEY_PROP_NAME] = @secret_key
+    SecureYaml::YamlDecrypter.stub(:new).with(@default_decryption_algorithm, @secret_key).and_return(@yaml_decrypter)
+
+    yaml = SecureYaml::parse("")
+
+    yaml.should == @yaml
+  end
+
+  it 'should raise error on load if secret key env property not set' do
+    ENV[SecureYaml::DEFAULT_SECRET_KEY_PROP_NAME] = nil
+
+    expect {SecureYaml::load(double(File))}.to raise_error
+  end
+
+  it 'should allow use of custom secret key property name' do
+    custom_secret_key_prop_name = 'CUSTOMER_SECRET_KEY_PROP_NAME'
+    ENV[custom_secret_key_prop_name] = @secret_key
+    SecureYaml::YamlDecrypter.stub(:new).with(@default_decryption_algorithm, @secret_key).and_return(@yaml_decrypter)
+
+    yaml = SecureYaml::load(double(File), {:secret_key_property_name => custom_secret_key_prop_name})
+
+    yaml.should == @yaml
+  end
+
+  it 'should allow use of custom decryption algorithm' do
+    ENV[SecureYaml::DEFAULT_SECRET_KEY_PROP_NAME] = @secret_key
+    custom_decryption_algorithm = Class.new {
+      def self.decrypt(secret_key, encrypted_data)
+        "decrypt data here from #{secret_key} and #{encrypted_data}"
+      end
+    }
+    SecureYaml::YamlDecrypter.stub(:new).with(custom_decryption_algorithm, @secret_key).and_return(@yaml_decrypter)
+
+    yaml = SecureYaml::load(double(File), {:decryption_algorithm => custom_decryption_algorithm})
+
+    yaml.should == @yaml
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,9 @@
+require 'rspec'
+require 'rspec/mocks'
+
+require 'secure_yaml'
+require 'secure_yaml/cli/property_encryption_application'
+
+RSpec.configure do |conf|
+  conf.include RSpec::Mocks::ExampleMethods
+end

data/spec/unit/secure_yaml/cipher_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper'
+
+describe 'Cipher' do
+
+  before(:each) do
+    @cipher = SecureYaml::Cipher.new
+    @secret_key = "abc12345678"
+    @plain_text = "some plain text to encrypt"
+  end
+
+  it 'should decrypt encrypted data' do
+    encrypted = @cipher.encrypt(@secret_key, @plain_text)
+
+    decrypted = @cipher.decrypt(@secret_key, encrypted)
+
+    encrypted.should_not == @plain_text
+    decrypted.should == @plain_text
+  end
+
+end

data/spec/unit/secure_yaml/cli/property_encryption_application_spec.rb

@@ -0,0 +1,30 @@
+require 'spec_helper'
+
+describe 'Property encryption command line interface' do
+
+  before(:each) do
+    @secret_key = 'secret key'
+    @plain_text = 'text to encrypt'
+    @encrypted_text = 'encrypted text'
+  end
+
+  it 'should print encrypted property value for given secret key and plain text' do
+    cipher = double(SecureYaml::Cipher)
+    cipher.stub(:encrypt).with(@secret_key, @plain_text).and_return(@encrypted_text)
+    SecureYaml::Cipher.stub(:new).and_return(cipher)
+
+    $stdout.should_receive(:puts).with("#{SecureYaml::ENCRYPTED_PROPERTY_WRAPPER_ID}(#{@encrypted_text})")
+
+    SecureYaml::PropertyEncryptionApplication.new.execute(["encrypt", @secret_key, @plain_text])
+  end
+
+  it 'should raise error unless secret key and plain text have been included as command line args' do
+    expect {SecureYaml::PropertyEncrypterApplication.new.execute([])}.to raise_error
+    expect {SecureYaml::PropertyEncrypterApplication.new.execute([@secret_key])}.to raise_error
+  end
+
+  it 'should raise error if too many comand line args' do
+    expect {SecureYaml::PropertyEncryptionApplication.new.execute(["encrypt", @secret_key, @plain_text, 'unexpected'])}.to raise_error
+  end
+
+end

data/spec/unit/secure_yaml/loader_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper'
+
+describe 'Loader' do
+
+  before(:each) do
+    @encrypted_yaml = {:prop => 'encrypted'}
+    @decrypted_yaml = {:prop => 'decrytped'}
+    @decrypter = double(SecureYaml::YamlDecrypter)
+  end
+
+  it 'should load decrypted yaml file' do
+    YAML.stub(:load).and_return(@encrypted_yaml)
+    @decrypter.stub(:decrypt).with(@encrypted_yaml).and_return(@decrypted_yaml)
+
+    yaml = SecureYaml::Loader.new(@decrypter).load(double(File))
+
+    yaml.should == @decrypted_yaml
+  end
+
+end

data/spec/unit/secure_yaml/yaml_decrypter_spec.rb

@@ -0,0 +1,72 @@
+require 'spec_helper'
+
+describe 'Yaml decrypter' do
+
+  before(:each) do
+    @secret_key = 'abc12345678'
+    @cipher = double(SecureYaml::Cipher)
+    @decrypter = SecureYaml::YamlDecrypter.new(@cipher, @secret_key)
+    @decrypted_result = 'decrypted data'
+    @plain_text = 'some plain text'
+  end
+
+  it 'should decrypt encoded values in plain strings' do
+    encrypted_data = 'encrypted data'
+    @cipher.stub(:decrypt).with(@secret_key, encrypted_data).and_return(@decrypted_result)
+    hash = {:encrypted_prop => "ENC(#{encrypted_data})", :plain_prop => @plain_text}
+    data = @decrypter.decrypt(hash.to_yaml)
+    YAML.load(data).should == {:encrypted_prop => @decrypted_result, :plain_prop => @plain_text}
+  end
+
+  it 'should decrypt only marked encrypted properties' do
+    encrypted_data = 'encrypted data'
+    @cipher.stub(:decrypt).with(@secret_key, encrypted_data).and_return(@decrypted_result)
+
+    data = @decrypter.decrypt({:encrypted_prop => "ENC(#{encrypted_data})", :plain_prop => @plain_text})
+
+    data.should == {:encrypted_prop => @decrypted_result, :plain_prop => @plain_text}
+  end
+
+  it 'should decrypt encrypted properties containing parentheses' do
+    encrypted_prop_with_param = 'encrypted )data'
+    @cipher.stub(:decrypt).with(@secret_key, encrypted_prop_with_param).and_return(@decrypted_result)
+
+    data = @decrypter.decrypt({:encrypted_prop => "ENC(#{encrypted_prop_with_param})"})
+
+    data.should == {:encrypted_prop => @decrypted_result}
+  end
+
+  it 'should ignore any encrypted properties in unexpected formats' do
+    unexpected_formats = {:unexpected_1 => 'ENC(text', :unexpected_2 => 'ENCtext)', :unexpected_3 => 'EN(text)'}
+
+    data = @decrypter.decrypt(unexpected_formats)
+
+    data.should == unexpected_formats
+  end
+
+  it 'should recursively encrypt nested properties' do
+    @cipher.stub(:decrypt).and_return(@decrypted_result)
+
+    data = @decrypter.decrypt({:parent_prop => {:nested_prop => 'ENC(text)', :parent_prop_2 => {:nested_prop_2 => 'ENC(text)'}}})
+
+    data.should == {:parent_prop => {:nested_prop => @decrypted_result, :parent_prop_2 => {:nested_prop_2 => @decrypted_result}}}
+  end
+
+  it 'should decrypt encrypted properties of array elements' do
+    encrypted_data = 'encrypted data'
+    @cipher.stub(:decrypt).and_return(@decrypted_result)
+
+    data = @decrypter.decrypt([{:encrypted_prop => "ENC(#{encrypted_data})"}])
+
+    data.should == [{:encrypted_prop => @decrypted_result}]
+  end
+
+  it 'should ignore any property of non-string type' do
+    numeric_prop = {:numeric => 1}
+
+    data = @decrypter.decrypt(numeric_prop)
+
+    data.should == numeric_prop
+  end
+
+end

metadata

@@ -0,0 +1,121 @@
+--- !ruby/object:Gem::Specification
+name: secure_yaml_2
+version: !ruby/object:Gem::Version
+  version: 2.0.2
+platform: ruby
+authors:
+- Huw Lewis
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2024-01-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.10'
+- !ruby/object:Gem::Dependency
+  name: rspec-mocks
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.10'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+description: encryption protection for sensitive yaml properties
+email:
+- huwtlewis@gmail.com
+executables:
+- encrypt_property_for_yaml
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/workflows/gem-push.yml"
+- ".gitignore"
+- ".rvmrc"
+- Gemfile
+- README.md
+- Rakefile
+- bin/encrypt_property_for_yaml
+- lib/secure_yaml.rb
+- lib/secure_yaml/cipher.rb
+- lib/secure_yaml/cli/property_encryption_application.rb
+- lib/secure_yaml/loader.rb
+- lib/secure_yaml/version.rb
+- lib/secure_yaml/yaml_decrypter.rb
+- secure_yaml.gemspec
+- spec/fixtures/test.yml
+- spec/integration/secure_yaml_spec.rb
+- spec/secure_yaml_spec.rb
+- spec/spec_helper.rb
+- spec/unit/secure_yaml/cipher_spec.rb
+- spec/unit/secure_yaml/cli/property_encryption_application_spec.rb
+- spec/unit/secure_yaml/loader_spec.rb
+- spec/unit/secure_yaml/yaml_decrypter_spec.rb
+homepage: https://github.com/qmg-hlewis/secure_yaml
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.10
+signing_key: 
+specification_version: 4
+summary: encryption protection for sensitive yaml properties
+test_files: []