shhh 1.4.0 → 1.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +15 -13
- data/lib/shhh/app/cli.rb +9 -8
- data/lib/shhh/app/commands/show_examples.rb +12 -0
- data/lib/shhh/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8be044ac1a326bd26c343102e64650b364ca6825
|
|
4
|
+
data.tar.gz: ae67a04259e58203f3d6cf54a1f7e22ebfe61279
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a334844785be58e522aa97add26d34961799885540dffcc5f584939cad872bab7f97a0229fcefcd4856c0123cd19bc15e12602784a6ac28fdf94b14cb6762510
|
|
7
|
+
data.tar.gz: 273554d3ce0ffb40c60b878761fd60255df7d00366d1627812600536e5cf9528d5878b145fc82ce51b858205d9b5d25688d54d0e8069d35383d17ab5b9df2735
|
data/README.md
CHANGED
|
@@ -27,7 +27,7 @@ You see, security is an incredibly wide topic. The tools around security tend to
|
|
|
27
27
|
> * Automatic detection of password-protected keys,
|
|
28
28
|
> * and more...
|
|
29
29
|
|
|
30
|
-
The main point behind this gem is to allow you to store sensitive application
|
|
30
|
+
The main point behind this gem is to allow you to store sensitive application secrets in your source code repo as `AES-256-CBC`-encrypted files or strings (this is the same encryption algorithm that US Government uses internally). The output of the encryption is always a (urlsafe) `base64`-encoded string, without the linebreaks.
|
|
31
31
|
|
|
32
32
|
The private key (encrypted or not) is also a base64-encoded string, typically 45 characters long (unless it's password encrypted, in which case it is considerably longer).
|
|
33
33
|
|
|
@@ -64,9 +64,9 @@ This library relies on the existance of the 32-byte private key (aka, *a secret*
|
|
|
64
64
|
|
|
65
65
|
> In fact, we put together a separate file that discusses strategies for protecting your encryption keys, for example you can read about [how to use Mac OS-X Keychain Access application](https://github.com/kigster/shhh/blob/master/MANAGING-KEYS.md) and other methods. Additions and discussion are welcome. Please contribute!
|
|
66
66
|
|
|
67
|
-
You can use one key for all encrypted fields, or many keys – perhaps one per deployment environment, etc. While you can have per-field
|
|
67
|
+
You can use one key for all encrypted fields, or many keys – perhaps one per deployment environment, etc. While you can have per-field private key, it seems like an overkill.
|
|
68
68
|
|
|
69
|
-
__NOTE: it is considered a bad practice to check in the private key into the version control.__ If you keep your secret out of your repo, you can check-in encrypted
|
|
69
|
+
__NOTE: it is considered a bad practice to check in the private key into the version control.__ If you keep your secret out of your repo, you can check-in encrypted key file directly into the repo. As long as the private key itself is safe, the data in your encrypted will be next to impossible to extract.
|
|
70
70
|
|
|
71
71
|
### Command Line (CLI)
|
|
72
72
|
|
|
@@ -129,30 +129,32 @@ You can use this to add an existing key that can be used with the `shhh` later.
|
|
|
129
129
|
|
|
130
130
|
#### Encryption and Decryption
|
|
131
131
|
|
|
132
|
-
This may be a good time to take a look at the full help message for the `shhh` tool
|
|
132
|
+
This may be a good time to take a look at the full help message for the `shhh` tool, shown naturally with a `-h` or `--help` option.
|
|
133
133
|
|
|
134
134
|
```bash
|
|
135
|
-
❯
|
|
135
|
+
❯ shhh -h
|
|
136
|
+
|
|
136
137
|
Usage:
|
|
137
138
|
shhh [options]
|
|
138
139
|
Modes:
|
|
139
|
-
-t, --edit decrypt, open encr. file in vim
|
|
140
140
|
-e, --encrypt encrypt mode
|
|
141
141
|
-d, --decrypt decrypt mode
|
|
142
|
-
|
|
142
|
+
-t, --edit decrypt, open an encr. file in vim
|
|
143
|
+
Create a private key:
|
|
143
144
|
-g, --generate generate a new private key
|
|
144
145
|
-p, --password encrypt the key with a password
|
|
145
|
-
-c, --copy copy the new key to
|
|
146
|
+
-c, --copy copy the new key to the clipboard
|
|
147
|
+
Provide a private key:
|
|
148
|
+
-i, --interactive Paste or type the key interactively
|
|
146
149
|
-k, --private-key [key] private key as a string
|
|
147
|
-
-K, --
|
|
148
|
-
|
|
149
|
-
-
|
|
150
|
+
-K, --keyfile [key-file] private key from a file
|
|
151
|
+
Use your KeyChain password entry to store a private key:
|
|
152
|
+
-x, --keychain [key-name] add to, or read the key from Keychain
|
|
153
|
+
--keychain-del [key-name] delete keychain entry with that name
|
|
150
154
|
Data:
|
|
151
155
|
-s, --string [string] specify a string to encrypt/decrypt
|
|
152
156
|
-f, --file [file] filename to read from
|
|
153
157
|
-o, --output [file] filename to write to
|
|
154
|
-
Data:
|
|
155
|
-
-i, --interactive ask for a key interactively
|
|
156
158
|
-b, --backup create a backup file in the edit mode
|
|
157
159
|
Flags:
|
|
158
160
|
-v, --verbose show additional information
|
data/lib/shhh/app/cli.rb
CHANGED
|
@@ -177,21 +177,22 @@ module Shhh
|
|
|
177
177
|
o.string '-k', '--private-key', '[key] '.bold.blue + ' private key as a string'
|
|
178
178
|
o.string '-K', '--keyfile', '[key-file]'.bold.blue + ' private key from a file'
|
|
179
179
|
if Shhh::App.is_osx?
|
|
180
|
-
o.
|
|
180
|
+
o.separator 'Use your KeyChain password entry to store a private key:'.bold.yellow
|
|
181
|
+
o.string '-x', '--keychain', '[key-name] '.bold.blue + 'add to, or read the key from Keychain'
|
|
181
182
|
o.string '--keychain-del', '[key-name] '.bold.blue + 'delete keychain entry with that name'
|
|
182
183
|
end
|
|
183
184
|
o.separator 'Data:'.bold.yellow
|
|
184
185
|
o.string '-s', '--string', '[string]'.bold.blue + ' specify a string to encrypt/decrypt'
|
|
185
186
|
o.string '-f', '--file', '[file] '.bold.blue + ' filename to read from'
|
|
186
187
|
o.string '-o', '--output', '[file] '.bold.blue + ' filename to write to'
|
|
187
|
-
o.bool '-b',
|
|
188
|
+
o.bool '-b', '--backup', ' create a backup file in the edit mode'
|
|
188
189
|
o.separator 'Flags:'.bold.yellow
|
|
189
|
-
o.bool '-v',
|
|
190
|
-
o.bool '-T',
|
|
191
|
-
o.bool '-E',
|
|
192
|
-
o.bool '-V',
|
|
193
|
-
o.bool '-N',
|
|
194
|
-
o.bool '-e',
|
|
190
|
+
o.bool '-v', '--verbose', ' show additional information'
|
|
191
|
+
o.bool '-T', '--trace', ' print a backtrace of any errors'
|
|
192
|
+
o.bool '-E', '--examples', ' show several examples'
|
|
193
|
+
o.bool '-V', '--version', ' print library version'
|
|
194
|
+
o.bool '-N', '--no-color', ' disable color output'
|
|
195
|
+
o.bool '-e', '--encrypt', ' encrypt mode'
|
|
195
196
|
o.separator ''
|
|
196
197
|
end
|
|
197
198
|
rescue StandardError => e
|
|
@@ -47,6 +47,18 @@ Diff:
|
|
|
47
47
|
---' + '
|
|
48
48
|
# (c) 2016 Konstantin Gredeskoul. All rights reserved.'.green.bold)
|
|
49
49
|
|
|
50
|
+
|
|
51
|
+
if Shhh::App.is_osx?
|
|
52
|
+
output << example(comment: 'generate a new password-encrypted key, save it to your Keychain:',
|
|
53
|
+
command: 'shhh -gpx mykey -o ~/.key')
|
|
54
|
+
|
|
55
|
+
output << example(comment: 'use the new key to encrypt a file:',
|
|
56
|
+
command: 'shhh -x mykey -e -f password.txt -o passwords.enc')
|
|
57
|
+
|
|
58
|
+
output << example(comment: 'use the new key to inline-edit the encrypted file:',
|
|
59
|
+
command: 'shhh -x mykey -t -f shhh.yml')
|
|
60
|
+
end
|
|
61
|
+
|
|
50
62
|
output.flatten.compact.join("\n")
|
|
51
63
|
end
|
|
52
64
|
|
data/lib/shhh/version.rb
CHANGED