ssssh 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 1fe0419d821e061f0e6193d250b521f3cf38f2bc
4
+ data.tar.gz: d725bbcded6a0e3a64c4e94d252cdff92bb7fbb7
5
+ SHA512:
6
+ metadata.gz: 9f42e0c71cb003cea6e77cbe9f2689e5d192f48b5ad853bede18cbea86a1c75dcda7c55d67fbb637ff84b0a44d9de47172c38c845427141f325ae0fe782ad7b5
7
+ data.tar.gz: 67395c2bd2284370cd8ab9f7927c55a164ce208b94302e94f60b4a5379d2e0997908721dbfecbe87da79bb7383c361d8508bdbe8caf27ab47d76ddf2174fead6
data/.gitignore ADDED
@@ -0,0 +1,14 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
10
+ *.bundle
11
+ *.so
12
+ *.o
13
+ *.a
14
+ mkmf.log
data/Gemfile ADDED
@@ -0,0 +1,6 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in ssssh.gemspec
4
+ gemspec
5
+
6
+ gem "pry"
data/LICENSE.txt ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2015 Mike Williams
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,26 @@
1
+ # Ssssh!
2
+
3
+ "ssssh" is a small tool that can be used to encrypt and decrypt secrets, using the AWS "Key Management Service" (KMS).
4
+
5
+ ## Usage
6
+
7
+ Encrypt secrets like this:
8
+
9
+ ssssh encrypt KEY-ID < secrets.txt > secrets.encrypted
10
+
11
+ Later, you can decrypt them:
12
+
13
+ ssssh decrypt < secrets.encrypted > secrets.txt
14
+
15
+ This assumes that the necessary AWS_xxx environment variables are set, and that KEY-ID is the name or alias of an existing KMS key.
16
+
17
+ ## Limitations
18
+
19
+ "ssssh" can only encrypt small amounts of data; up to 4 KB.
20
+
21
+ ## See also
22
+
23
+ If you'd rather install a Python interpreter than a Ruby one, secrets may also be decrypted using the AWS CLI.
24
+
25
+ base64 -d < secrets.encrypted > /tmp/secrets.bin
26
+ aws kms decrypt --ciphertext-blob fileb:///tmp/secrets.bin --output text --query Plaintext | base64 -d > secrets.txt
data/Rakefile ADDED
@@ -0,0 +1,2 @@
1
+ require "bundler/gem_tasks"
2
+
data/bin/ssssh ADDED
@@ -0,0 +1,76 @@
1
+ #! /usr/bin/env ruby
2
+
3
+ require "aws-sdk-core"
4
+ require "base64"
5
+ require "clamp"
6
+ require "logger"
7
+
8
+ Clamp do
9
+
10
+ option ["--region"], "REGION", "AWS region\n",
11
+ :environment_variable => "AWS_REGION",
12
+ :default => "ap-southeast-2"
13
+ option "--access-key", "KEY", "AWS access key\n",
14
+ :environment_variable => "AWS_ACCESS_KEY_ID",
15
+ :attribute_name => :access_key_id
16
+ option "--secret-key", "KEY", "AWS secret key\n",
17
+ :environment_variable => "AWS_SECRET_ACCESS_KEY",
18
+ :attribute_name => :secret_access_key
19
+ option "--session-token", "KEY", "AWS security token\n",
20
+ :environment_variable => "AWS_SECURITY_TOKEN",
21
+ :attribute_name => :session_token
22
+
23
+ option "--debug", :flag, "enable debugging"
24
+
25
+ subcommand "encrypt", "Encrypt STDIN" do
26
+
27
+ parameter "KEY_ID", "KMS key-id"
28
+ parameter "[DATA]", "plaintext data"
29
+
30
+ def execute
31
+ plaintext = data || $stdin.read
32
+ puts Base64.encode64(encrypt(plaintext, key_id))
33
+ end
34
+
35
+ end
36
+
37
+ subcommand "decrypt", "Decrypt STDIN" do
38
+
39
+ def execute
40
+ encoded_ciphertext = $stdin.read
41
+ puts decrypt(Base64.decode64(encoded_ciphertext))
42
+ end
43
+
44
+ end
45
+
46
+ protected
47
+
48
+ def logger
49
+ @logger ||= ::Logger.new($stderr).tap do |logger|
50
+ logger.level = (debug? ? ::Logger::DEBUG : ::Logger::INFO)
51
+ end
52
+ end
53
+
54
+ def aws_config
55
+ {
56
+ :access_key_id => access_key_id,
57
+ :secret_access_key => secret_access_key,
58
+ :session_token => session_token,
59
+ :region => region,
60
+ :logger => logger, :log_level => :debug
61
+ }.reject { |k,v| v.nil? || v == "" }
62
+ end
63
+
64
+ def kms
65
+ @kms ||= Aws::KMS::Client.new(aws_config)
66
+ end
67
+
68
+ def encrypt(plaintext, key_id)
69
+ kms.encrypt(:key_id => key_id, :plaintext => plaintext).ciphertext_blob
70
+ end
71
+
72
+ def decrypt(ciphertext)
73
+ kms.decrypt(:ciphertext_blob => ciphertext).plaintext
74
+ end
75
+
76
+ end
@@ -0,0 +1,3 @@
1
+ module Ssssh
2
+ VERSION = "1.0.0"
3
+ end
data/ssssh.gemspec ADDED
@@ -0,0 +1,30 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'ssssh/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+
8
+ spec.name = "ssssh"
9
+ spec.version = Ssssh::VERSION
10
+ spec.summary = %q{It's a secret!}
11
+ spec.description = %q{"ssssh" is a small tool that can be used to encrypt and decrypt secrets, using the AWS "Key Management Service" (KMS).
12
+ }
13
+ spec.license = "MIT"
14
+
15
+ spec.authors = ["Mike Williams"]
16
+ spec.email = ["mdub@dogbiscuit.org"]
17
+ spec.homepage = "https://github.com/mdub/ssssh"
18
+
19
+ spec.files = `git ls-files -z`.split("\x0")
20
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
21
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
22
+ spec.require_paths = ["lib"]
23
+
24
+ spec.add_runtime_dependency "aws-sdk-core", "~> 2.0"
25
+ spec.add_runtime_dependency "clamp", ">= 0.6"
26
+
27
+ spec.add_development_dependency "bundler", "~> 1.7"
28
+ spec.add_development_dependency "rake", "~> 10.0"
29
+
30
+ end
metadata ADDED
@@ -0,0 +1,110 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: ssssh
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.0
5
+ platform: ruby
6
+ authors:
7
+ - Mike Williams
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2015-02-24 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: aws-sdk-core
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: clamp
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0.6'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0.6'
41
+ - !ruby/object:Gem::Dependency
42
+ name: bundler
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '1.7'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '1.7'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rake
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '10.0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '10.0'
69
+ description: |
70
+ "ssssh" is a small tool that can be used to encrypt and decrypt secrets, using the AWS "Key Management Service" (KMS).
71
+ email:
72
+ - mdub@dogbiscuit.org
73
+ executables:
74
+ - ssssh
75
+ extensions: []
76
+ extra_rdoc_files: []
77
+ files:
78
+ - ".gitignore"
79
+ - Gemfile
80
+ - LICENSE.txt
81
+ - README.md
82
+ - Rakefile
83
+ - bin/ssssh
84
+ - lib/ssssh/version.rb
85
+ - ssssh.gemspec
86
+ homepage: https://github.com/mdub/ssssh
87
+ licenses:
88
+ - MIT
89
+ metadata: {}
90
+ post_install_message:
91
+ rdoc_options: []
92
+ require_paths:
93
+ - lib
94
+ required_ruby_version: !ruby/object:Gem::Requirement
95
+ requirements:
96
+ - - ">="
97
+ - !ruby/object:Gem::Version
98
+ version: '0'
99
+ required_rubygems_version: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ requirements: []
105
+ rubyforge_project:
106
+ rubygems_version: 2.2.2
107
+ signing_key:
108
+ specification_version: 4
109
+ summary: It's a secret!
110
+ test_files: []