sssecrets 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +5 -3
- data/README.md +25 -8
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5b07e9dd6c5a826261b26ecfb03afd1939b04d660f641755fafc623f41d3255d
|
|
4
|
+
data.tar.gz: dd220ee769c85f9c0c50ad6dea2a89ae3596158bc28212a737fa56c10afd41d9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6a0a9b4ea690cd117c8d6f9cdf9378bc1aaf665935996b2d2ea2c59ca9694c3916d383edd33dae5680bccc3e17768505e0b335b5d0a2f36f2295b0503055b6e2
|
|
7
|
+
data.tar.gz: 4c9273792320b5d3d6bfd07decfe365e3949614fff81c1653a0ebc10664988b4bc2dce610dfff580c215757ebcfeaff66b4ad167ab29a0880b0d349fbca13259
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
sssecrets (1.0.
|
|
4
|
+
sssecrets (1.0.1)
|
|
5
5
|
|
|
6
6
|
GEM
|
|
7
7
|
remote: https://rubygems.org/
|
|
@@ -15,7 +15,8 @@ GEM
|
|
|
15
15
|
rainbow (3.1.1)
|
|
16
16
|
rake (13.0.6)
|
|
17
17
|
regexp_parser (2.6.2)
|
|
18
|
-
rexml (3.
|
|
18
|
+
rexml (3.3.3)
|
|
19
|
+
strscan
|
|
19
20
|
rubocop (1.44.1)
|
|
20
21
|
json (~> 2.3)
|
|
21
22
|
parallel (~> 1.10)
|
|
@@ -29,12 +30,13 @@ GEM
|
|
|
29
30
|
rubocop-ast (1.24.1)
|
|
30
31
|
parser (>= 3.1.1.0)
|
|
31
32
|
ruby-progressbar (1.11.0)
|
|
33
|
+
strscan (3.1.0)
|
|
32
34
|
unicode-display_width (2.4.2)
|
|
33
35
|
|
|
34
36
|
PLATFORMS
|
|
35
37
|
arm64-darwin-21
|
|
36
|
-
x86_64-linux
|
|
37
38
|
ruby
|
|
39
|
+
x86_64-linux
|
|
38
40
|
|
|
39
41
|
DEPENDENCIES
|
|
40
42
|
minitest (~> 5.0)
|
data/README.md
CHANGED
|
@@ -1,12 +1,21 @@
|
|
|
1
1
|
# Sssecrets
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
[](https://badge.fury.io/rb/sssecrets) [](https://rubydoc.info/gems/sssecrets) [](https://github.com/chtzvt/sssecrets/actions/workflows/main.yml) [](https://github.com/chtzvt/sssecrets/actions/workflows/release.yml)
|
|
4
4
|
|
|
5
|
-
Sssecrets is a reusable implementation of GitHub's structured secret token format. You can learn more about GitHub's design process and the properties of their API token format on the [GitHub blog](https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/).
|
|
6
5
|
|
|
7
|
-
|
|
6
|
+
Welcome to sssecrets: **S**imple **S**tructured **Secrets**. Sssecrets is a library for generating secrets (like API tokens, etc) in line with best practices.
|
|
8
7
|
|
|
9
|
-
|
|
8
|
+
Sssecrets is a reusable implementation of GitHub's [API token format](https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/) (which is also used by [NPM](https://github.blog/2021-09-23-announcing-npms-new-access-token-format/)), and it's designed to make it simple for developers to issue secure secret tokens that are easy to detect when leaked.
|
|
9
|
+
|
|
10
|
+
You can learn more about GitHub's design process and the properties of this API token format on the [GitHub blog](https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/).
|
|
11
|
+
|
|
12
|
+
### Want to use Sssecrets with Devise?
|
|
13
|
+
|
|
14
|
+
Check out [this demo](https://github.com/chtzvt/devise-sssecrets-demo) to learn how you can use the [devise-sssecrets](https://github.com/chtzvt/devise-sssecrets) gem as a drop-in replacement for the framework's [built-in friendly token generator](https://github.com/heartcombo/devise/blob/main/lib/devise.rb#L507).
|
|
15
|
+
|
|
16
|
+
## Why Structured Secrets?
|
|
17
|
+
|
|
18
|
+
If you're a developer and your application issues some kind of access tokens (API keys, PATs, etc), it's important to format these in a way that both identifies the string as a secret token and provides insight into its permissions. For bonus points, you should also provide example (dummy) tokens and regexes for them in your documentation.
|
|
10
19
|
|
|
11
20
|
Simple Structured Secrets help solve this problem: They're a compact format with properties that are optimized for detection with static analysis tools. That makes it possible to automatically detect when secrets are leaked in a codebase using features like [GitHub Secret Scanning](https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning) or GitLab Secret Detection.
|
|
12
21
|
|
|
@@ -22,14 +31,20 @@ While random, strings in this format are used in many places for non-sensitive p
|
|
|
22
31
|
|
|
23
32
|
Structured secrets have three parts:
|
|
24
33
|
|
|
25
|
-
- A prefix (defined by you)
|
|
26
|
-
- 30 characters of randomness
|
|
27
|
-
- A 6 character checksum
|
|
34
|
+
- A prefix (2-10 characters, defined by you)
|
|
35
|
+
- 30 characters of randomness
|
|
36
|
+
- A 6 character checksum
|
|
28
37
|
|
|
29
|
-
That's it!
|
|
38
|
+
That's it!
|
|
39
|
+
|
|
40
|
+
Here's the format:
|
|
30
41
|
|
|
31
42
|
`[prefix]_[randomness][checksum]`
|
|
32
43
|
|
|
44
|
+
An example Sssecret, with an `org` of `t` and a `type` of `k`, looks like this:
|
|
45
|
+
|
|
46
|
+
`tk_GNrRoBa1p9nuwm7XrWkrhYUNQ7edOw4GUp8I`
|
|
47
|
+
|
|
33
48
|
### Prefix
|
|
34
49
|
|
|
35
50
|
Token prefixes are a simple and effective method to make tokens identifiable. [Slack](https://api.slack.com/authentication/token-types), [Stripe](https://stripe.com/docs/api/authentication), [GitHub](https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/#identifiable-prefixes), and others have adopted this approach to great effect.
|
|
@@ -52,6 +67,8 @@ The token checksum can be used as a first-pass validity check. Using these check
|
|
|
52
67
|
|
|
53
68
|
_Note that this library can only check whether a given token is in the correct form and has a valid checksum. To fully determine whether a given token is active, you'll still need to implement your own logic for checking the validity of tokens you've issued._
|
|
54
69
|
|
|
70
|
+
_Another note: Because Sssecrets uses the same format as GitHub tokens, you can also perform offline validation of GitHub-issued secrets with `SimpleStructuredSecrets#validate`._
|
|
71
|
+
|
|
55
72
|
## Installation
|
|
56
73
|
|
|
57
74
|
Add this gem to your application's Gemfile:
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sssecrets
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Charlton Trezevant
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-08-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: Easily generate and validate structured secrets for your application
|
|
14
14
|
email:
|
|
@@ -30,6 +30,7 @@ licenses:
|
|
|
30
30
|
metadata:
|
|
31
31
|
homepage_uri: https://github.com/chtzvt/sssecrets
|
|
32
32
|
source_code_uri: https://github.com/chtzvt/sssecrets
|
|
33
|
+
github_repo: ssh://github.com/chtzvt/sssecrets
|
|
33
34
|
post_install_message:
|
|
34
35
|
rdoc_options: []
|
|
35
36
|
require_paths:
|
|
@@ -45,7 +46,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
45
46
|
- !ruby/object:Gem::Version
|
|
46
47
|
version: '0'
|
|
47
48
|
requirements: []
|
|
48
|
-
rubygems_version: 3.
|
|
49
|
+
rubygems_version: 3.5.11
|
|
49
50
|
signing_key:
|
|
50
51
|
specification_version: 4
|
|
51
52
|
summary: Simple Structured Secrets
|