sekrets 0.4.2

data/README

@@ -0,0 +1,134 @@
+NAME
+  sekrets.rb
+
+SYNOPSIS
+  sekrets is a command line tool and library used to securely manage encrypted
+  files and settings in your rails' applications and git repositories.
+
+INSTALL
+  gem install sekrets
+  gem 'sekrets'
+
+DESCRIPTION
+  TL;DR
+    # create an encrypted config file
+    
+      ruby -r yaml -e'puts({:api_key => 1234}.to_yaml)' | sekrets write config/settings.yml.enc --key 42
+
+    # display it
+
+      sekrets read config/settings.yml.enc --key 42
+
+    # edit it
+
+      sekrets edit config/settings.yml.enc --key 42
+
+    # see that it's encrypted
+
+      cat config/settings.yml.enc
+
+    # commit it
+
+      git add config/settings.yml.enc
+
+    # put the decryption key in a file
+      
+      echo 42 > sekrets.key
+
+    # ignore this file in git
+
+      echo sekrets.key >> .gitgnore
+
+    # make sure this file gets deployed on your server
+
+      echo " require 'sekrets/capistrano' " >> Capfile
+
+    # commit and deploy
+
+      git add config/settings.yml.enc
+      git commit -am'encrypted settings yo'
+      git pull && git push && cap staging deploy
+
+    # access these settings in your application code
+
+      settings = Sekrets.settings_for('./config/settings.yml.enc')
+      
+
+  DESCRIPTION
+    sekrets provides commandline tools and a library to manage and access
+    encrypted files in your code base.
+
+    it allows one to check encrypted infomation into a repository and to manage
+    it alongside the rest of the code base.  it elimnates the need to check in
+    unencrypted information, keys, or other sensitive infomation.
+
+    sekrets provides both a general mechanism for managing arbitrary encrypted
+    files and a specific mechanism for managing encrypted config files.
+
+
+  KEY LOOKUP
+    for *all* operations, from the command line or otherwise, sekrets uses the
+    following algorithm to search for a decryption key:
+
+    - any key passed directly as a parameter to a library call will be preferred
+
+    - otherwise the code looks for a companion key file.  for example, given the
+      file 'config/sekrets.yml.enc' sekrets will look for a key at
+      
+        config/sekrets.yml.enc.key
+        
+      and 
+      
+        config/sekrets.yml.enc.k
+        
+      if either of these is found to be non-empty the contents of the file will
+      be used as the decryption key for that file.  you should *never* commit
+      these key files and also add them to your .gitignore - or similar.
+
+    - next a project key file is looked for.  the path of this file is
+      
+        ./sekrets.key
+        
+      normally and, in a rails' application
+
+        RAILS_ROOT/sekrets.key
+
+    - if that is not found sekrets looks for the key in the environment under
+      the env var
+
+        SEKRETS_KEY
+
+      the env var used is configurable in the library
+
+    - next the global key file is search for, the path of this file is
+
+        ~/.sekrets.key
+
+    - finally, if no key has yet been specified or found, the user is prompted
+      to input the key.  prompt only occurs if the user us attached to a tty.
+      so, for example, no prompt will hang and application being started in the
+      background such as a rails' application being managed by passenger.
+   
+
+    see Sekrets.key_for for more details
+
+  KEY DISTRIBUTION
+    sekrets does *not* attempt to solve the key distribution problem for you,
+    with one exception:
+    
+    if you are using capistrano to do a 'vanilla' ssh based deploy a simple
+    recipe is provided which will detect a local keyfile and scp it onto the
+    remote server(s) on deploy.
+
+    sekrets assumes that the local keyfile, if it exists, is correct.
+
+    in plain english the capistrano recipe does:
+
+      scp ./sekrets.key deploy@remote.host.com:/rails_root/current/sekrets.key
+
+    it goes without saying that the local keyfile should *never* be checked in
+    and also should be in .gitignore
+
+    distribution of this key among developers is outside the scope of the
+    library.  likely unencrypted email is the best mechanism for distribution
+    ;-/

data/Rakefile

@@ -0,0 +1,390 @@
+This.rubyforge_project = 'codeforpeople'
+This.author = "Ara T. Howard"
+This.email = "ara.t.howard@gmail.com"
+This.homepage = "https://github.com/ahoward/#{ This.lib }"
+
+
+task :default do
+  puts((Rake::Task.tasks.map{|task| task.name.gsub(/::/,':')} - ['default']).sort)
+end
+
+task :test do
+  run_tests!
+end
+
+namespace :test do
+  task(:unit){ run_tests!(:unit) }
+  task(:functional){ run_tests!(:functional) }
+  task(:integration){ run_tests!(:integration) }
+end
+
+def run_tests!(which = nil)
+  which ||= '**'
+  test_dir = File.join(This.dir, "test")
+  test_glob ||= File.join(test_dir, "#{ which }/**_test.rb")
+  test_rbs = Dir.glob(test_glob).sort
+        
+  div = ('=' * 119)
+  line = ('-' * 119)
+
+  test_rbs.each_with_index do |test_rb, index|
+    testno = index + 1
+    command = "#{ File.basename(This.ruby) } -I ./lib -I ./test/lib #{ test_rb }"
+
+    puts
+    say(div, :color => :cyan, :bold => true)
+    say("@#{ testno } => ", :bold => true, :method => :print)
+    say(command, :color => :cyan, :bold => true)
+    say(line, :color => :cyan, :bold => true)
+
+    system(command)
+
+    say(line, :color => :cyan, :bold => true)
+
+    status = $?.exitstatus
+
+    if status.zero? 
+      say("@#{ testno } <= ", :bold => true, :color => :white, :method => :print)
+      say("SUCCESS", :color => :green, :bold => true)
+    else
+      say("@#{ testno } <= ", :bold => true, :color => :white, :method => :print)
+      say("FAILURE", :color => :red, :bold => true)
+    end
+    say(line, :color => :cyan, :bold => true)
+
+    exit(status) unless status.zero?
+  end
+end
+
+
+task :gemspec do
+  ignore_extensions = ['git', 'svn', 'tmp', /sw./, 'bak', 'gem']
+  ignore_directories = ['pkg', 'db']
+  ignore_files = ['test/log', 'test/db.yml', 'a.rb', 'b.rb'] + Dir['db/*'] + %w'db'
+
+  shiteless = 
+    lambda do |list|
+      list.delete_if do |entry|
+        next unless test(?e, entry)
+        extension = File.basename(entry).split(%r/[.]/).last
+        ignore_extensions.any?{|ext| ext === extension}
+      end
+      list.delete_if do |entry|
+        next unless test(?d, entry)
+        dirname = File.expand_path(entry)
+        ignore_directories.any?{|dir| File.expand_path(dir) == dirname}
+      end
+      list.delete_if do |entry|
+        next unless test(?f, entry)
+        filename = File.expand_path(entry)
+        ignore_files.any?{|file| File.expand_path(file) == filename}
+      end
+    end
+
+  lib         = This.lib
+  object      = This.object
+  version     = This.version
+  files       = shiteless[Dir::glob("**/**")]
+  executables = shiteless[Dir::glob("bin/*")].map{|exe| File.basename(exe)}
+  #has_rdoc    = true #File.exist?('doc')
+  test_files  = test(?e, "test/#{ lib }.rb") ? "test/#{ lib }.rb" : nil
+  summary     = object.respond_to?(:summary) ? object.summary : "summary: #{ lib } kicks the ass"
+  description = object.respond_to?(:description) ? object.description : "description: #{ lib } kicks the ass"
+
+  if This.extensions.nil?
+    This.extensions = []
+    extensions = This.extensions
+    %w( Makefile configure extconf.rb ).each do |ext|
+      extensions << ext if File.exists?(ext)
+    end
+  end
+  extensions = [extensions].flatten.compact
+
+# TODO
+  if This.dependencies.nil?
+    dependencies = []
+  else
+    case This.dependencies
+      when Hash
+        dependencies = This.dependencies.values
+      when Array
+        dependencies = This.dependencies
+    end
+  end
+
+  template = 
+    if test(?e, 'gemspec.erb')
+      Template{ IO.read('gemspec.erb') }
+    else
+      Template {
+        <<-__
+          ## <%= lib %>.gemspec
+          #
+
+          Gem::Specification::new do |spec|
+            spec.name = <%= lib.inspect %>
+            spec.version = <%= version.inspect %>
+            spec.platform = Gem::Platform::RUBY
+            spec.summary = <%= lib.inspect %>
+            spec.description = <%= description.inspect %>
+
+            spec.files =\n<%= files.sort.pretty_inspect %>
+            spec.executables = <%= executables.inspect %>
+            
+            spec.require_path = "lib"
+
+            spec.test_files = <%= test_files.inspect %>
+
+            <% dependencies.each do |lib_version| %>
+              spec.add_dependency(*<%= Array(lib_version).flatten.inspect %>)
+            <% end %>
+
+            spec.extensions.push(*<%= extensions.inspect %>)
+
+            spec.rubyforge_project = <%= This.rubyforge_project.inspect %>
+            spec.author = <%= This.author.inspect %>
+            spec.email = <%= This.email.inspect %>
+            spec.homepage = <%= This.homepage.inspect %>
+          end
+        __
+      }
+    end
+
+  Fu.mkdir_p(This.pkgdir)
+  gemspec = "#{ lib }.gemspec"
+  open(gemspec, "w"){|fd| fd.puts(template)}
+  This.gemspec = gemspec
+end
+
+task :gem => [:clean, :gemspec] do
+  Fu.mkdir_p(This.pkgdir)
+  before = Dir['*.gem']
+  cmd = "gem build #{ This.gemspec }"
+  `#{ cmd }`
+  after = Dir['*.gem']
+  gem = ((after - before).first || after.first) or abort('no gem!')
+  Fu.mv(gem, This.pkgdir)
+  This.gem = File.join(This.pkgdir, File.basename(gem))
+end
+
+task :readme do
+  samples = ''
+  prompt = '~ > '
+  lib = This.lib
+  version = This.version
+
+  Dir['sample*/*'].sort.each do |sample|
+    samples << "\n" << "  <========< #{ sample } >========>" << "\n\n"
+
+    cmd = "cat #{ sample }"
+    samples << Util.indent(prompt + cmd, 2) << "\n\n"
+    samples << Util.indent(`#{ cmd }`, 4) << "\n"
+
+    cmd = "ruby #{ sample }"
+    samples << Util.indent(prompt + cmd, 2) << "\n\n"
+
+    cmd = "ruby -e'STDOUT.sync=true; exec %(ruby -I ./lib #{ sample })'"
+    samples << Util.indent(`#{ cmd } 2>&1`, 4) << "\n"
+  end
+
+  template = 
+    if test(?e, 'readme.erb')
+      Template{ IO.read('readme.erb') }
+    else
+      Template {
+        <<-__
+          NAME
+            #{ lib }
+
+          DESCRIPTION
+
+          INSTALL
+            gem install #{ lib }
+
+          SAMPLES
+            #{ samples }
+        __
+      }
+    end
+
+  open("README", "w"){|fd| fd.puts template}
+end
+
+
+task :clean do
+  Dir[File.join(This.pkgdir, '**/**')].each{|entry| Fu.rm_rf(entry)}
+end
+
+
+task :release => [:clean, :gemspec, :gem] do
+  gems = Dir[File.join(This.pkgdir, '*.gem')].flatten
+  raise "which one? : #{ gems.inspect }" if gems.size > 1
+  raise "no gems?" if gems.size < 1
+
+  cmd = "gem push #{ This.gem }"
+  puts cmd
+  puts
+  system(cmd)
+  abort("cmd(#{ cmd }) failed with (#{ $?.inspect })") unless $?.exitstatus.zero?
+
+  cmd = "rubyforge login && rubyforge add_release #{ This.rubyforge_project } #{ This.lib } #{ This.version } #{ This.gem }"
+  puts cmd
+  puts
+  system(cmd)
+  abort("cmd(#{ cmd }) failed with (#{ $?.inspect })") unless $?.exitstatus.zero?
+end
+
+
+
+
+
+BEGIN {
+# support for this rakefile
+#
+  $VERBOSE = nil
+
+  require 'ostruct'
+  require 'erb'
+  require 'fileutils'
+  require 'rbconfig'
+  require 'pp'
+
+# fu shortcut
+#
+  Fu = FileUtils
+
+# cache a bunch of stuff about this rakefile/environment
+#
+  This = OpenStruct.new
+
+  This.file = File.expand_path(__FILE__)
+  This.dir = File.dirname(This.file)
+  This.pkgdir = File.join(This.dir, 'pkg')
+
+# grok lib
+#
+  lib = ENV['LIB']
+  unless lib
+    lib = File.basename(Dir.pwd).sub(/[-].*$/, '')
+  end
+  This.lib = lib
+
+# grok version
+#
+  version = ENV['VERSION']
+  unless version
+    require "./lib/#{ This.lib }"
+    This.name = lib.capitalize
+    This.object = eval(This.name)
+    version = This.object.send(:version)
+  end
+  This.version = version
+
+# see if dependencies are export by the module
+#
+  if This.object.respond_to?(:dependencies)
+    This.dependencies = This.object.dependencies
+  end
+
+# we need to know the name of the lib an it's version
+#
+  abort('no lib') unless This.lib
+  abort('no version') unless This.version
+
+# discover full path to this ruby executable
+#
+  c = Config::CONFIG
+  bindir = c["bindir"] || c['BINDIR']
+  ruby_install_name = c['ruby_install_name'] || c['RUBY_INSTALL_NAME'] || 'ruby'
+  ruby_ext = c['EXEEXT'] || ''
+  ruby = File.join(bindir, (ruby_install_name + ruby_ext))
+  This.ruby = ruby
+
+# some utils
+#
+  module Util
+    def indent(s, n = 2)
+      s = unindent(s)
+      ws = ' ' * n
+      s.gsub(%r/^/, ws)
+    end
+
+    def unindent(s)
+      indent = nil
+      s.each_line do |line|
+      next if line =~ %r/^\s*$/
+      indent = line[%r/^\s*/] and break
+    end
+    indent ? s.gsub(%r/^#{ indent }/, "") : s
+  end
+    extend self
+  end
+
+# template support
+#
+  class Template
+    def initialize(&block)
+      @block = block
+      @template = block.call.to_s
+    end
+    def expand(b=nil)
+      ERB.new(Util.unindent(@template)).result((b||@block).binding)
+    end
+    alias_method 'to_s', 'expand'
+  end
+  def Template(*args, &block) Template.new(*args, &block) end
+
+# colored console output support
+#
+  This.ansi = {
+    :clear      => "\e[0m",
+    :reset      => "\e[0m",
+    :erase_line => "\e[K",
+    :erase_char => "\e[P",
+    :bold       => "\e[1m",
+    :dark       => "\e[2m",
+    :underline  => "\e[4m",
+    :underscore => "\e[4m",
+    :blink      => "\e[5m",
+    :reverse    => "\e[7m",
+    :concealed  => "\e[8m",
+    :black      => "\e[30m",
+    :red        => "\e[31m",
+    :green      => "\e[32m",
+    :yellow     => "\e[33m",
+    :blue       => "\e[34m",
+    :magenta    => "\e[35m",
+    :cyan       => "\e[36m",
+    :white      => "\e[37m",
+    :on_black   => "\e[40m",
+    :on_red     => "\e[41m",
+    :on_green   => "\e[42m",
+    :on_yellow  => "\e[43m",
+    :on_blue    => "\e[44m",
+    :on_magenta => "\e[45m",
+    :on_cyan    => "\e[46m",
+    :on_white   => "\e[47m"
+  }
+  def say(phrase, *args)
+    options = args.last.is_a?(Hash) ? args.pop : {}
+    options[:color] = args.shift.to_s.to_sym unless args.empty?
+    keys = options.keys
+    keys.each{|key| options[key.to_s.to_sym] = options.delete(key)}
+
+    color = options[:color]
+    bold = options.has_key?(:bold)
+
+    parts = [phrase]
+    parts.unshift(This.ansi[color]) if color
+    parts.unshift(This.ansi[:bold]) if bold
+    parts.push(This.ansi[:clear]) if parts.size > 1
+
+    method = options[:method] || :puts
+
+    Kernel.send(method, parts.join)
+  end
+
+# always run out of the project dir
+#
+  Dir.chdir(This.dir)
+}