streetcreds 0.2.4 → 0.2.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4992cea56865f3bea517948f1b74b2278cbd3d9f
-  data.tar.gz: dad38638afac30b47c78c17a6401443aefd877df
+  metadata.gz: daffef863b06822916e5e86036fb4ddd5e302fd1
+  data.tar.gz: 748fd2b4f3f4e657a48270441e729483ea065236
 SHA512:
-  metadata.gz: 53ede8197582183c6df7ba4cf2edde7d63a71460d486de928538d356c966c9e1600f65cba33abbef49d01985b27f84a7e4d022b5694129a44fe37f933e1f185a
-  data.tar.gz: 56368552c1564d21a1907a6eb042bbae6499647b0684ee0bab5b066f00cc57a34a76aee6ce30d42dd074d3c82efcf72c9ed0a925a4f0d005b4cd1d596af69172
+  metadata.gz: 71720037c86de243c85bbcafe143a7c6d19bec15a8740e871a10112e6fcd6a4a67c5b8e60ce20aa3267d2807eb29cead2befb76000ea34a9c48b2b4e34ec7c58
+  data.tar.gz: d170c302848d43dc93ba8a125bf4b63d3ffb74652de4e60ec5bd848b44994b00d4fe7490b2ce43651e39aff3c8fde024581f534db0ceb993320bdb17c784ce2a

data/.gitignore

@@ -0,0 +1 @@
+*.gem

data/Gemfile

@@ -0,0 +1,3 @@
+source "https://rubygems.org"
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,24 @@
+PATH
+  remote: .
+  specs:
+    streetcreds (0.2.0)
+      encrypted_strings
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    byebug (9.0.6)
+    encrypted_strings (0.3.3)
+    rake (10.5.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.15)
+  byebug
+  rake (~> 10.0)
+  streetcreds!
+
+BUNDLED WITH
+   1.15.1

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Wesley Boynton
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,44 @@
+# StreetCreds
+
+This is a gem that manages encrypted YAML files that can be used to store credentials and stuff you might just not want to leave lying around on your system.
+
+It doesn't use a strong or unique IV or anything like that. It's not top-notch security. It's just a quick-and-dirty way to obfuscate things you might be using locally to enable your code to access resources, short of using a local deployment of a secret manager like Hashicorp Vault.
+
+It uses ruby 2.0 hash-syntax for many of its methods, allowing you to leave some things un-filled and asking for them if it needs them. If you don't want your code being interrupted to ask for a password, provide one programatically.
+
+This is a complete rewrite of StreetCreds 0.1 and is definitely not backwards-compatible. It's barely the same thing.
+
+## Usage
+
+Use it like this:
+```ruby
+# #convert_on_valid is false by default and will assume you want to encrypt a valid YAML file
+#  if it hasn't been encrypted already.
+cf = StreetCreds::CredFile.new(filepath: '~/mycreds.yml', convert_on_valid: true)
+
+# Add a cred via code:
+cf['github'] = {'username' => 'wwboynton', password: 'xxxxxxxxxxxxxx'}
+# Worth noting, all your keys will be recursively symbolized. Hope that's okay.
+
+# #inspect is overridden and will #inspect the internal hash.
+#  This will show all values, including passwords and sensitive data!
+puts cf.inspect
+
+# Save back to the file. This will always be encrypted.
+cf.save
+
+# Decrypt a file in-place
+StreetCreds::CredFile.decrypt_existing_file(filepath: '~/mycreds.yml')
+
+# You can encrypt-in-place too, but you could also just use #convert_on_valid
+StreetCreds::CredFile.encrypt_existing_file(filepath: '~/mycreds.yml')
+
+```
+
+## License
+
+It's MIT. Do whatever.
+
+## Contributing
+
+I guess you can PR if you really want to. I'd probably look at it. 

data/lib/streetcreds.rb

@@ -0,0 +1,9 @@
+require 'streetcreds/version'
+require 'streetcreds/cred_file'
+require 'encrypted_strings'
+require 'streetcreds/patches/openssl_cipher_patch'
+require 'yaml'
+require 'streetcreds/patches/yaml_patch'
+require 'fileutils'
+require 'pp'
+# require 'byebug'

data/lib/streetcreds/cred_file.rb

@@ -0,0 +1,85 @@
+module StreetCreds
+  class CredFile
+    def self.encrypt_existing_file(filepath:)
+      filepath = full_path(filepath)
+      hash     = YAML.load(File.open(filepath))
+      new(filepath: filepath, hash: hash)
+    end
+
+    def self.decrypt_existing_file(filepath:)
+      filepath           = full_path(filepath)
+      decrypted_contents = new(filepath: filepath).decrypt_file
+      File.open(filepath, 'w+') { |f| f.write(decrypted_contents) }
+    end
+
+    def initialize(filepath:, hash: nil, convert_on_valid: false, password: nil)
+      @filepath = self.class.full_path(filepath)
+      @password = password
+      load_file(hash: hash, convert_on_valid: convert_on_valid)
+    end
+
+    def load_file(convert_on_valid:, hash: nil)
+      if hash.nil?
+        begin
+          file_contents = File.read(@filepath)
+          return @hash = {} if file_contents.empty?
+          @hash = YAMLHelper.load_if_valid(file_contents) if convert_on_valid
+          @hash = YAMLHelper.load_if_valid(decrypt_file) unless @hash
+        rescue Errno::ENOENT
+          @hash = {}
+        end
+      end
+      @hash = self.class.symbolize_keys(@hash)
+    end
+
+    def decrypt_file(contents: nil, password: nil)
+      contents = File.read(@filepath) unless contents
+      password = ask_password if password.nil?
+      contents.decrypt(:symmetric, :password => password)
+    end
+
+    def save
+      FileUtils.mkdir_p(File.dirname(@filepath))
+      yaml = self.class.symbolize_keys(@hash).to_yaml
+      if yaml.empty?
+        File.delete(@filepath)
+      else
+        encrypted_yaml = encrypt_file(contents: yaml)
+        File.open(@filepath, 'w+') { |f| f.write(encrypted_yaml) }
+      end
+    end
+
+    def encrypt_file(contents:, password: nil)
+      password = ask_password if password.nil?
+      contents.encrypt(:symmetric, :password => password)
+    end
+
+    def ask_password
+      return @password if @password
+      print "Password?\n> "
+      @password = $stdin.noecho(&:gets).chomp
+      puts ''
+      @password
+    end
+
+    def inspect
+      @hash.inspect
+    end
+
+    # Act like a hash
+    def method_missing(meth, *args)
+      @hash.send(meth, *args)
+    end
+
+    def self.full_path(filepath)
+      Pathname.new(filepath).expand_path.to_s
+    end
+
+    # Adapted from https://stackoverflow.com/a/8379653/5637619
+    def self.symbolize_keys(hash)
+      Hash[hash.map do |k, v|
+        [k.to_sym, (v.is_a?(Hash) ? symbolize_keys(v) : v)]
+      end]
+    end
+  end
+end

data/lib/streetcreds/patches/openssl_cipher_patch.rb

@@ -0,0 +1,12 @@
+require 'encrypted_strings'
+
+# I know monkey patches are bad, but this warning is annoying and the encrypted_strings guys haven't accepted that PR.
+module EncryptedStrings
+  class SymmetricCipher
+    def build_cipher(type) #:nodoc:
+      cipher = OpenSSL::Cipher.new(algorithm).send(type)
+      cipher.pkcs5_keyivgen(password)
+      cipher
+    end
+  end
+end

data/lib/streetcreds/patches/yaml_patch.rb

@@ -0,0 +1,9 @@
+module YAMLHelper
+  def self.load_if_valid(str)
+    res = YAML.load(str)
+    return false unless res.is_a?(Hash)
+    res
+    # rescue Exception => e
+    #   return false
+  end
+end

data/lib/streetcreds/version.rb

@@ -0,0 +1,4 @@
+module StreetCreds
+  VERSION = "0.2.5"
+end
+

data/streetcreds.gemspec

@@ -0,0 +1,36 @@
+# coding: utf-8
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "streetcreds/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "streetcreds"
+  spec.version       = StreetCreds::VERSION
+  spec.authors       = ["Wesley Boynton"]
+  spec.email         = ["wes@boynton.io"]
+
+  spec.summary       = %q{Dead-simple password-based encryption and decryption of some yaml configuration files}
+  spec.license       = "MIT"
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  # if spec.respond_to?(:metadata)
+  #   spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
+  # else
+  #   raise "RubyGems 2.0 or newer is required to protect against " \
+  #     "public gem pushes."
+  # end
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency "encrypted_strings"
+
+  spec.add_development_dependency "bundler", "~> 1.15"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "byebug"
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: streetcreds
 version: !ruby/object:Gem::Version
-  version: 0.2.4
+  version: 0.2.5
 platform: ruby
 authors:
 - Wesley Boynton
@@ -72,7 +72,18 @@ email:
 executables: []
 extensions: []
 extra_rdoc_files: []
-files: []
+files:
+- ".gitignore"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- lib/streetcreds.rb
+- lib/streetcreds/cred_file.rb
+- lib/streetcreds/patches/openssl_cipher_patch.rb
+- lib/streetcreds/patches/yaml_patch.rb
+- lib/streetcreds/version.rb
+- streetcreds.gemspec
 homepage: 
 licenses:
 - MIT