shhh 1.4.0 → 1.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +15 -13
- data/lib/shhh/app/cli.rb +9 -8
- data/lib/shhh/app/commands/show_examples.rb +12 -0
- data/lib/shhh/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8be044ac1a326bd26c343102e64650b364ca6825
|
|
4
|
+
data.tar.gz: ae67a04259e58203f3d6cf54a1f7e22ebfe61279
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a334844785be58e522aa97add26d34961799885540dffcc5f584939cad872bab7f97a0229fcefcd4856c0123cd19bc15e12602784a6ac28fdf94b14cb6762510
|
|
7
|
+
data.tar.gz: 273554d3ce0ffb40c60b878761fd60255df7d00366d1627812600536e5cf9528d5878b145fc82ce51b858205d9b5d25688d54d0e8069d35383d17ab5b9df2735
|
data/README.md
CHANGED
|
@@ -27,7 +27,7 @@ You see, security is an incredibly wide topic. The tools around security tend to
|
|
|
27
27
|
> * Automatic detection of password-protected keys,
|
|
28
28
|
> * and more...
|
|
29
29
|
|
|
30
|
-
The main point behind this gem is to allow you to store sensitive application
|
|
30
|
+
The main point behind this gem is to allow you to store sensitive application secrets in your source code repo as `AES-256-CBC`-encrypted files or strings (this is the same encryption algorithm that US Government uses internally). The output of the encryption is always a (urlsafe) `base64`-encoded string, without the linebreaks.
|
|
31
31
|
|
|
32
32
|
The private key (encrypted or not) is also a base64-encoded string, typically 45 characters long (unless it's password encrypted, in which case it is considerably longer).
|
|
33
33
|
|
|
@@ -64,9 +64,9 @@ This library relies on the existance of the 32-byte private key (aka, *a secret*
|
|
|
64
64
|
|
|
65
65
|
> In fact, we put together a separate file that discusses strategies for protecting your encryption keys, for example you can read about [how to use Mac OS-X Keychain Access application](https://github.com/kigster/shhh/blob/master/MANAGING-KEYS.md) and other methods. Additions and discussion are welcome. Please contribute!
|
|
66
66
|
|
|
67
|
-
You can use one key for all encrypted fields, or many keys – perhaps one per deployment environment, etc. While you can have per-field
|
|
67
|
+
You can use one key for all encrypted fields, or many keys – perhaps one per deployment environment, etc. While you can have per-field private key, it seems like an overkill.
|
|
68
68
|
|
|
69
|
-
__NOTE: it is considered a bad practice to check in the private key into the version control.__ If you keep your secret out of your repo, you can check-in encrypted
|
|
69
|
+
__NOTE: it is considered a bad practice to check in the private key into the version control.__ If you keep your secret out of your repo, you can check-in encrypted key file directly into the repo. As long as the private key itself is safe, the data in your encrypted will be next to impossible to extract.
|
|
70
70
|
|
|
71
71
|
### Command Line (CLI)
|
|
72
72
|
|
|
@@ -129,30 +129,32 @@ You can use this to add an existing key that can be used with the `shhh` later.
|
|
|
129
129
|
|
|
130
130
|
#### Encryption and Decryption
|
|
131
131
|
|
|
132
|
-
This may be a good time to take a look at the full help message for the `shhh` tool
|
|
132
|
+
This may be a good time to take a look at the full help message for the `shhh` tool, shown naturally with a `-h` or `--help` option.
|
|
133
133
|
|
|
134
134
|
```bash
|
|
135
|
-
❯
|
|
135
|
+
❯ shhh -h
|
|
136
|
+
|
|
136
137
|
Usage:
|
|
137
138
|
shhh [options]
|
|
138
139
|
Modes:
|
|
139
|
-
-t, --edit decrypt, open encr. file in vim
|
|
140
140
|
-e, --encrypt encrypt mode
|
|
141
141
|
-d, --decrypt decrypt mode
|
|
142
|
-
|
|
142
|
+
-t, --edit decrypt, open an encr. file in vim
|
|
143
|
+
Create a private key:
|
|
143
144
|
-g, --generate generate a new private key
|
|
144
145
|
-p, --password encrypt the key with a password
|
|
145
|
-
-c, --copy copy the new key to
|
|
146
|
+
-c, --copy copy the new key to the clipboard
|
|
147
|
+
Provide a private key:
|
|
148
|
+
-i, --interactive Paste or type the key interactively
|
|
146
149
|
-k, --private-key [key] private key as a string
|
|
147
|
-
-K, --
|
|
148
|
-
|
|
149
|
-
-
|
|
150
|
+
-K, --keyfile [key-file] private key from a file
|
|
151
|
+
Use your KeyChain password entry to store a private key:
|
|
152
|
+
-x, --keychain [key-name] add to, or read the key from Keychain
|
|
153
|
+
--keychain-del [key-name] delete keychain entry with that name
|
|
150
154
|
Data:
|
|
151
155
|
-s, --string [string] specify a string to encrypt/decrypt
|
|
152
156
|
-f, --file [file] filename to read from
|
|
153
157
|
-o, --output [file] filename to write to
|
|
154
|
-
Data:
|
|
155
|
-
-i, --interactive ask for a key interactively
|
|
156
158
|
-b, --backup create a backup file in the edit mode
|
|
157
159
|
Flags:
|
|
158
160
|
-v, --verbose show additional information
|
data/lib/shhh/app/cli.rb
CHANGED
|
@@ -177,21 +177,22 @@ module Shhh
|
|
|
177
177
|
o.string '-k', '--private-key', '[key] '.bold.blue + ' private key as a string'
|
|
178
178
|
o.string '-K', '--keyfile', '[key-file]'.bold.blue + ' private key from a file'
|
|
179
179
|
if Shhh::App.is_osx?
|
|
180
|
-
o.
|
|
180
|
+
o.separator 'Use your KeyChain password entry to store a private key:'.bold.yellow
|
|
181
|
+
o.string '-x', '--keychain', '[key-name] '.bold.blue + 'add to, or read the key from Keychain'
|
|
181
182
|
o.string '--keychain-del', '[key-name] '.bold.blue + 'delete keychain entry with that name'
|
|
182
183
|
end
|
|
183
184
|
o.separator 'Data:'.bold.yellow
|
|
184
185
|
o.string '-s', '--string', '[string]'.bold.blue + ' specify a string to encrypt/decrypt'
|
|
185
186
|
o.string '-f', '--file', '[file] '.bold.blue + ' filename to read from'
|
|
186
187
|
o.string '-o', '--output', '[file] '.bold.blue + ' filename to write to'
|
|
187
|
-
o.bool '-b',
|
|
188
|
+
o.bool '-b', '--backup', ' create a backup file in the edit mode'
|
|
188
189
|
o.separator 'Flags:'.bold.yellow
|
|
189
|
-
o.bool '-v',
|
|
190
|
-
o.bool '-T',
|
|
191
|
-
o.bool '-E',
|
|
192
|
-
o.bool '-V',
|
|
193
|
-
o.bool '-N',
|
|
194
|
-
o.bool '-e',
|
|
190
|
+
o.bool '-v', '--verbose', ' show additional information'
|
|
191
|
+
o.bool '-T', '--trace', ' print a backtrace of any errors'
|
|
192
|
+
o.bool '-E', '--examples', ' show several examples'
|
|
193
|
+
o.bool '-V', '--version', ' print library version'
|
|
194
|
+
o.bool '-N', '--no-color', ' disable color output'
|
|
195
|
+
o.bool '-e', '--encrypt', ' encrypt mode'
|
|
195
196
|
o.separator ''
|
|
196
197
|
end
|
|
197
198
|
rescue StandardError => e
|
|
@@ -47,6 +47,18 @@ Diff:
|
|
|
47
47
|
---' + '
|
|
48
48
|
# (c) 2016 Konstantin Gredeskoul. All rights reserved.'.green.bold)
|
|
49
49
|
|
|
50
|
+
|
|
51
|
+
if Shhh::App.is_osx?
|
|
52
|
+
output << example(comment: 'generate a new password-encrypted key, save it to your Keychain:',
|
|
53
|
+
command: 'shhh -gpx mykey -o ~/.key')
|
|
54
|
+
|
|
55
|
+
output << example(comment: 'use the new key to encrypt a file:',
|
|
56
|
+
command: 'shhh -x mykey -e -f password.txt -o passwords.enc')
|
|
57
|
+
|
|
58
|
+
output << example(comment: 'use the new key to inline-edit the encrypted file:',
|
|
59
|
+
command: 'shhh -x mykey -t -f shhh.yml')
|
|
60
|
+
end
|
|
61
|
+
|
|
50
62
|
output.flatten.compact.join("\n")
|
|
51
63
|
end
|
|
52
64
|
|
data/lib/shhh/version.rb
CHANGED