ssssh 1.1.1 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +6 -0
- data/bin/ssssh +27 -2
- data/lib/ssssh/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 80a20e0a46cd709e4d011fa309c4bb6bd8b232b8
|
|
4
|
+
data.tar.gz: f3a9089a203a7a507481f581783391493f84d220
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 90dbafdea7eee03f7b40135ef075a0736ae8d51a4f37fb25bd769f14a4e8ed6366823c4dd12958f509b852b0d085c2c5c4c17a2dd3b84f04896aef7920455ead
|
|
7
|
+
data.tar.gz: 8c7a205d4cbc5462a744377f2d555877f61f601da3524874efd0019b6e6f234bd74163687932c4e2ef27237d97867a969ccdf23086703d6e8f7fe50a99f1c1d2
|
data/README.md
CHANGED
|
@@ -26,3 +26,9 @@ If you'd rather install a Python interpreter than a Ruby one, secrets may also b
|
|
|
26
26
|
|
|
27
27
|
base64 -d < secrets.encrypted > /tmp/secrets.bin
|
|
28
28
|
aws kms decrypt --ciphertext-blob fileb:///tmp/secrets.bin --output text --query Plaintext | base64 -d > secrets.txt
|
|
29
|
+
|
|
30
|
+
## Changes
|
|
31
|
+
|
|
32
|
+
### 1.2.0 (2015-04-27)
|
|
33
|
+
|
|
34
|
+
* Add support for encryption contexts (`--context` option).
|
data/bin/ssssh
CHANGED
|
@@ -10,6 +10,10 @@ require "ssssh/version"
|
|
|
10
10
|
|
|
11
11
|
Clamp do
|
|
12
12
|
|
|
13
|
+
option ["-C", "--context"], "KEY=VALUE",
|
|
14
|
+
"add to encryption context\n (may be specified multiple times)",
|
|
15
|
+
:multivalued => true
|
|
16
|
+
|
|
13
17
|
option ["--region"], "REGION", "AWS region",
|
|
14
18
|
:environment_variable => "AWS_REGION", :required => true
|
|
15
19
|
option "--access-key", "KEY", "AWS access key",
|
|
@@ -107,15 +111,36 @@ Clamp do
|
|
|
107
111
|
signal_error(e.message, :status => 9)
|
|
108
112
|
end
|
|
109
113
|
|
|
114
|
+
def encryption_context
|
|
115
|
+
@encryption_context ||= {}
|
|
116
|
+
end
|
|
117
|
+
|
|
118
|
+
def append_to_context_list(context_string)
|
|
119
|
+
key, value = context_string.split('=')
|
|
120
|
+
if value.nil?
|
|
121
|
+
raise ArgumentError, "KEY=VALUE expected"
|
|
122
|
+
end
|
|
123
|
+
encryption_context[key] = value
|
|
124
|
+
end
|
|
125
|
+
|
|
110
126
|
def encrypt(plaintext, key_id)
|
|
111
127
|
with_kms do |kms|
|
|
112
|
-
|
|
128
|
+
encryption_params = {
|
|
129
|
+
:key_id => key_id,
|
|
130
|
+
:plaintext => plaintext,
|
|
131
|
+
:encryption_context => encryption_context
|
|
132
|
+
}
|
|
133
|
+
kms.encrypt(encryption_params).ciphertext_blob
|
|
113
134
|
end
|
|
114
135
|
end
|
|
115
136
|
|
|
116
137
|
def decrypt(ciphertext)
|
|
117
138
|
with_kms do |kms|
|
|
118
|
-
|
|
139
|
+
decryption_params = {
|
|
140
|
+
:ciphertext_blob => ciphertext,
|
|
141
|
+
:encryption_context => encryption_context
|
|
142
|
+
}
|
|
143
|
+
kms.decrypt(decryption_params).plaintext
|
|
119
144
|
end
|
|
120
145
|
end
|
|
121
146
|
|
data/lib/ssssh/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ssssh
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mike Williams
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-04-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-core
|