ssssh 1.1.1 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +6 -0
- data/bin/ssssh +27 -2
- data/lib/ssssh/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 80a20e0a46cd709e4d011fa309c4bb6bd8b232b8
|
|
4
|
+
data.tar.gz: f3a9089a203a7a507481f581783391493f84d220
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 90dbafdea7eee03f7b40135ef075a0736ae8d51a4f37fb25bd769f14a4e8ed6366823c4dd12958f509b852b0d085c2c5c4c17a2dd3b84f04896aef7920455ead
|
|
7
|
+
data.tar.gz: 8c7a205d4cbc5462a744377f2d555877f61f601da3524874efd0019b6e6f234bd74163687932c4e2ef27237d97867a969ccdf23086703d6e8f7fe50a99f1c1d2
|
data/README.md
CHANGED
|
@@ -26,3 +26,9 @@ If you'd rather install a Python interpreter than a Ruby one, secrets may also b
|
|
|
26
26
|
|
|
27
27
|
base64 -d < secrets.encrypted > /tmp/secrets.bin
|
|
28
28
|
aws kms decrypt --ciphertext-blob fileb:///tmp/secrets.bin --output text --query Plaintext | base64 -d > secrets.txt
|
|
29
|
+
|
|
30
|
+
## Changes
|
|
31
|
+
|
|
32
|
+
### 1.2.0 (2015-04-27)
|
|
33
|
+
|
|
34
|
+
* Add support for encryption contexts (`--context` option).
|
data/bin/ssssh
CHANGED
|
@@ -10,6 +10,10 @@ require "ssssh/version"
|
|
|
10
10
|
|
|
11
11
|
Clamp do
|
|
12
12
|
|
|
13
|
+
option ["-C", "--context"], "KEY=VALUE",
|
|
14
|
+
"add to encryption context\n (may be specified multiple times)",
|
|
15
|
+
:multivalued => true
|
|
16
|
+
|
|
13
17
|
option ["--region"], "REGION", "AWS region",
|
|
14
18
|
:environment_variable => "AWS_REGION", :required => true
|
|
15
19
|
option "--access-key", "KEY", "AWS access key",
|
|
@@ -107,15 +111,36 @@ Clamp do
|
|
|
107
111
|
signal_error(e.message, :status => 9)
|
|
108
112
|
end
|
|
109
113
|
|
|
114
|
+
def encryption_context
|
|
115
|
+
@encryption_context ||= {}
|
|
116
|
+
end
|
|
117
|
+
|
|
118
|
+
def append_to_context_list(context_string)
|
|
119
|
+
key, value = context_string.split('=')
|
|
120
|
+
if value.nil?
|
|
121
|
+
raise ArgumentError, "KEY=VALUE expected"
|
|
122
|
+
end
|
|
123
|
+
encryption_context[key] = value
|
|
124
|
+
end
|
|
125
|
+
|
|
110
126
|
def encrypt(plaintext, key_id)
|
|
111
127
|
with_kms do |kms|
|
|
112
|
-
|
|
128
|
+
encryption_params = {
|
|
129
|
+
:key_id => key_id,
|
|
130
|
+
:plaintext => plaintext,
|
|
131
|
+
:encryption_context => encryption_context
|
|
132
|
+
}
|
|
133
|
+
kms.encrypt(encryption_params).ciphertext_blob
|
|
113
134
|
end
|
|
114
135
|
end
|
|
115
136
|
|
|
116
137
|
def decrypt(ciphertext)
|
|
117
138
|
with_kms do |kms|
|
|
118
|
-
|
|
139
|
+
decryption_params = {
|
|
140
|
+
:ciphertext_blob => ciphertext,
|
|
141
|
+
:encryption_context => encryption_context
|
|
142
|
+
}
|
|
143
|
+
kms.decrypt(decryption_params).plaintext
|
|
119
144
|
end
|
|
120
145
|
end
|
|
121
146
|
|
data/lib/ssssh/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ssssh
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mike Williams
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-04-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-core
|