streetcreds 0.1.2 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d6b3156f5f57a91de79416f6a14ed92da63cfeb2
-  data.tar.gz: 577f748d2637ecf56289967ef2bb282061b97479
+  metadata.gz: 0573e55f19dd3630b82109a083f349004e918ecb
+  data.tar.gz: 7b1de8a55c673746ffcbef42cfa49631484406e5
 SHA512:
-  metadata.gz: bc941acb4211500dca4e8f3571d157ee1416b08c25d9e91e0e7b4394b47f9d6cf7ed5017181a9068ffabee9b2023706205a3e489d38a4b9fb21e01df923d1333
-  data.tar.gz: f057015e492ea3818f0793b88c55708c4c9b9ebca0e2c8eee661f4035633d958ffd43de20fa62261719f086e5690ee415828a6e438544d8b433f2fb8998d7f96
+  metadata.gz: a7acd91f79ac3c1a2cce59706f80b8abade9d088f951caee78f6c4883630deeee8a7b9afe6e67282c0ee9f963783204dcf8bf41f0189fb1598479170ad292046
+  data.tar.gz: 8506e8b4cea0e388d30c913c22afde738412f9b83ed98a72ef5c997ce1a6e104c394454170ddf39aa9eb21d241af586eba16187fea04a9c168da0c7528e0efae

data/Gemfile

@@ -1,4 +1,3 @@
-source 'https://rubygems.org'
+source "https://rubygems.org"
 
-# Specify your gem's dependencies in 1s.gemspec
 gemspec

data/Gemfile.lock

@@ -1,20 +1,24 @@
 PATH
   remote: .
   specs:
-    streetcreds (0.1.1)
-      colorize
+    streetcreds (0.2.0)
+      encrypted_strings
 
 GEM
   remote: https://rubygems.org/
   specs:
-    colorize (0.7.7)
+    byebug (9.0.6)
+    encrypted_strings (0.3.3)
+    rake (10.5.0)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  bundler (~> 1.10)
+  bundler (~> 1.15)
+  byebug
+  rake (~> 10.0)
   streetcreds!
 
 BUNDLED WITH
-   1.10.6
+   1.15.1

data/LICENSE.txt

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015 Wesley Boynton
+Copyright (c) 2017 Wesley Boynton
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -1,38 +1,44 @@
 # StreetCreds
 
-StreetCreds is a little tiny library to handle reading/writing credentials for ruby apps. I wrote it mostly because I do this a lot, and I want to stop re-writing my own code. I'm sure someone else has done it, but my apps all already use my code, so this should work as a drop-in replacement.
+This is a gem that manages encrypted YAML files that can be used to store credentials and stuff you might just not want to leave lying around on your system.
 
-I plan to add stuff like:
-  - Safer (non plaintext) storage
-  - Database-based storage
-  - Password Generation
-  
-It's not in rubygems yet.
+It doesn't use a strong or unique IV or anything like that. It's not top-notch security. It's just a quick-and-dirty way to obfuscate things you might be using locally to enable your code to access resources, short of using a local deployment of a secret manager like Hashicorp Vault.
+
+It uses ruby 2.0 hash-syntax for many of its methods, allowing you to leave some things un-filled and asking for them if it needs them. If you don't want your code being interrupted to ask for a password, provide one programatically.
+
+This is a complete rewrite of StreetCreds 0.1 and is definitely not backwards-compatible. It's barely the same thing.
 
 ## Usage
 
-TODO
+Use it like this:
+```ruby
+# #convert_on_valid is false by default and will assume you want to encrypt a valid YAML file
+#  if it hasn't been encrypted already.
+cf = StreetCreds::CredFile.new(filepath: '~/mycreds.yml', convert_on_valid: true)
 
-## License
+# Add a cred via code:
+cf['github'] = {'username' => 'wwboynton', password: 'xxxxxxxxxxxxxx'}
+# Worth noting, all your keys will be recursively symbolized. Hope that's okay.
+
+# #inspect is overridden and will #inspect the internal hash.
+#  This will show all values, including passwords and sensitive data!
+puts cf.inspect
 
-The MIT License (MIT)
+# Save back to the file. This will always be encrypted.
+cf.save
 
-Copyright (c) 2015 Wesley Boynton
+# Decrypt a file in-place
+StreetCreds::CredFile.decrypt_existing_file(filepath: '~/mycreds.yml')
+
+# You can encrypt-in-place too, but you could also just use #convert_on_valid
+StreetCreds::CredFile.encrypt_existing_file(filepath: '~/mycreds.yml')
+
+```
+
+## License
 
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+It's MIT. Do whatever.
 
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
+## Contributing
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+I guess you can PR if you really want to. I'd probably look at it. 

data/lib/streetcreds.rb

@@ -1,101 +1,9 @@
-require 'streetcreds/version'
-require 'colorize'
-
-module StreetCreds
-  class Credentials
-    # rubocop:disable Style/PredicateName
-
-    require 'singleton'
-    include Singleton
-    attr_accessor :credentials
-
-    def initialize
-    end
-
-    def set_up(cred_file)
-      @cred_file = cred_file
-      @sample_file = "#{cred_file}.sample"
-      check_dir
-      check_file
-      @credentials = YAML.load_file(@cred_file) || {}
-    end
-
-    def check_dir
-      cred_path = get_cred_path
-      unless File.exist?(cred_path)
-        puts "Creating credentials directory at '#{cred_path}'"
-        FileUtils.mkdir_p(cred_path)
-      end
-    end
-
-    def check_file
-      unless File.exist?(@cred_file)
-        puts "There is no credentials.yml file at '#{@cred_file.yellow}'".red
-        puts "Please fill out the sample file at '#{@sample_file.yellow}' and copy it to '#{@cred_file.yellow}'".red
-        if !File.exist?(@cred_file) && !File.exist?(@sample_file)
-          File.open(@sample_file, 'w') { |f| f.write(sample) }
-        end
-        raise StandardError
-      end
-    end
-
-
-    def get_cred_path
-      @cred_file.split('/')[0..-2].join('/')
-    end
-
-    def save
-      File.open(@cred_file, 'w') { |f| f.write(@credentials.to_yaml) }
-    end
-
-    def [](key)
-      @credentials[key]
-    end
-
-    def []=(key, val)
-      @credentials[key] = val
-    end
-
-    def has_key?(key)
-      @credentials.has_key?(key)
-    end
-
-    def self.has_key?(key)
-      Credentials.instance.has_key?(key)
-    end
-
-    def self.[](key)
-      Credentials.instance[key]
-    end
-
-    def self.[]=(key, val)
-      Credentials.instance[key] = val
-    end
-
-    def self.save
-      Credentials.instance.save
-    end
-
-    def self.credentials
-      Credentials.instance.credentials
-    end
-
-    def sample
-      <<EOS
----
-:google:
-  :username:
-  :password:
-:google_drive:
-  :client_id:
-  :client_secret:
-:github:
-  :username:
-  :password:
-:hipchat:
-  :token:
-EOS
-    end
-  end
-end
-
+require 'streetcred/version'
+require 'streetcred/cred_file'
+require 'encrypted_strings'
+require 'streetcred/patches/openssl_cipher_patch'
+require 'yaml'
+require 'streetcred/patches/yaml_patch'
+require 'fileutils'
+require 'pp'
+# require 'byebug'

data/lib/streetcreds/cred_file.rb

@@ -0,0 +1,84 @@
+module StreetCred
+  class CredFile
+    def self.encrypt_existing_file(filepath:)
+      filepath = full_path(filepath)
+      hash     = YAML.load(File.open(filepath))
+      new(filepath: filepath, hash: hash)
+    end
+
+    def self.decrypt_existing_file(filepath:)
+      filepath           = full_path(filepath)
+      decrypted_contents = new(filepath: filepath).decrypt_file
+      File.open(filepath, 'w+') { |f| f.write(decrypted_contents) }
+    end
+
+    def initialize(filepath:, hash: nil, convert_on_valid: false)
+      @filepath = self.class.full_path(filepath)
+      load_file(hash: hash, convert_on_valid: convert_on_valid)
+    end
+
+    def load_file(convert_on_valid:, hash: nil)
+      if hash.nil?
+        begin
+          file_contents = File.read(@filepath)
+          return @hash = {} if file_contents.empty?
+          @hash = YAMLHelper.load_if_valid(file_contents) if convert_on_valid
+          @hash = YAMLHelper.load_if_valid(decrypt_file) unless @hash
+        rescue Errno::ENOENT
+          @hash = {}
+        end
+      end
+      @hash = self.class.symbolize_keys(@hash)
+    end
+
+    def decrypt_file(contents: nil, password: nil)
+      contents = File.read(@filepath) unless contents
+      password = ask_password if password.nil?
+      contents.decrypt(:symmetric, :password => password)
+    end
+
+    def save
+      FileUtils.mkdir_p(File.dirname(@filepath))
+      yaml = self.class.symbolize_keys(@hash).to_yaml
+      if yaml.empty?
+        File.delete(@filepath)
+      else
+        encrypted_yaml = encrypt_file(contents: yaml)
+        File.open(@filepath, 'w+') { |f| f.write(encrypted_yaml) }
+      end
+    end
+
+    def encrypt_file(contents:, password: nil)
+      password = ask_password if password.nil?
+      contents.encrypt(:symmetric, :password => password)
+    end
+
+    def ask_password
+      return @password if @password
+      print "Password?\n> "
+      @password = $stdin.noecho(&:gets).chomp
+      puts ''
+      @password
+    end
+
+    def inspect
+      @hash.inspect
+    end
+
+    # Act like a hash
+    def method_missing(meth, *args)
+      @hash.send(meth, *args)
+    end
+
+    def self.full_path(filepath)
+      Pathname.new(filepath).expand_path.to_s
+    end
+
+    # Adapted from https://stackoverflow.com/a/8379653/5637619
+    def self.symbolize_keys(hash)
+      Hash[hash.map do |k, v|
+        [k.to_sym, (v.is_a?(Hash) ? symbolize_keys(v) : v)]
+      end]
+    end
+  end
+end

data/lib/streetcreds/patches/openssl_cipher_patch.rb

@@ -0,0 +1,12 @@
+require 'encrypted_strings'
+
+# I know monkey patches are bad, but this warning is annoying and the encrypted_strings guys haven't accepted that PR.
+module EncryptedStrings
+  class SymmetricCipher
+    def build_cipher(type) #:nodoc:
+      cipher = OpenSSL::Cipher.new(algorithm).send(type)
+      cipher.pkcs5_keyivgen(password)
+      cipher
+    end
+  end
+end

data/lib/streetcreds/patches/yaml_patch.rb

@@ -0,0 +1,9 @@
+module YAMLHelper
+  def self.load_if_valid(str)
+    res = YAML.load(str)
+    return false unless res.is_a?(Hash)
+    res
+    # rescue Exception => e
+    #   return false
+  end
+end

data/lib/streetcreds/version.rb

@@ -1,3 +1,3 @@
 module StreetCreds
-  VERSION = "0.1.2"
+  VERSION = "0.2.0"
 end

data/streetcreds.gemspec

@@ -1,7 +1,7 @@
 # coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
+lib = File.expand_path("../lib", __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'streetcreds/version'
+require "streetcreds/version"
 
 Gem::Specification.new do |spec|
   spec.name          = "streetcreds"
@@ -9,24 +9,28 @@ Gem::Specification.new do |spec|
   spec.authors       = ["Wesley Boynton"]
   spec.email         = ["wes@boynton.io"]
 
-  spec.summary       = %q{Manage credentials with ease!}
-  spec.homepage      = "https://www.github.com/wwboynton/streetcreds"
+  spec.summary       = %q{Dead-simple password-based encryption and decryption of some yaml configuration files}
   spec.license       = "MIT"
 
-  # Prevent pushing this gem to RubyGems.org by setting 'allowed_push_host', or
-  # delete this section to allow pushing this gem to any host.
-  if spec.respond_to?(:metadata)
-    spec.metadata['allowed_push_host'] = "TODO: Set to 'http://mygemserver.com'"
-  else
-    raise "RubyGems 2.0 or newer is required to protect against public gem pushes."
-  end
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  # if spec.respond_to?(:metadata)
+  #   spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
+  # else
+  #   raise "RubyGems 2.0 or newer is required to protect against " \
+  #     "public gem pushes."
+  # end
 
-  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
-  spec.bindir        = "bin"
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_runtime_dependency 'colorize'
+  spec.add_runtime_dependency "encrypted_strings"
 
-  spec.add_development_dependency "bundler", "~> 1.10"
+  spec.add_development_dependency "bundler", "~> 1.15"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "byebug"
 end

metadata

@@ -1,43 +1,71 @@
 --- !ruby/object:Gem::Specification
 name: streetcreds
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.2.0
 platform: ruby
 authors:
 - Wesley Boynton
 autorequire: 
-bindir: bin
+bindir: exe
 cert_chain: []
-date: 2015-11-06 00:00:00.000000000 Z
+date: 2017-06-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: colorize
+  name: encrypted_strings
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: '1.15'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: '1.15'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: 
 email:
 - wes@boynton.io
@@ -45,37 +73,40 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
+- ".gitignore"
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
 - README.md
 - lib/streetcreds.rb
+- lib/streetcreds/cred_file.rb
+- lib/streetcreds/patches/openssl_cipher_patch.rb
+- lib/streetcreds/patches/yaml_patch.rb
 - lib/streetcreds/version.rb
 - streetcreds.gemspec
-homepage: https://www.github.com/wwboynton/streetcreds
+homepage: 
 licenses:
 - MIT
-metadata:
-  allowed_push_host: 'TODO: Set to ''http://mygemserver.com'''
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.14
+rubygems_version: 2.6.11
 signing_key: 
 specification_version: 4
-summary: Manage credentials with ease!
+summary: Dead-simple password-based encryption and decryption of some yaml configuration
+  files
 test_files: []