super_top_secret 0.2.0 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/super_top_secret/Injector.rb +23 -8
- data/lib/super_top_secret/version.rb +1 -1
- data/lib/tasks/super_top_secret_tasks.rake +15 -16
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4684d25489b61bed95644337f1ae63bce74fcf8f
|
4
|
+
data.tar.gz: e526fd185ea0f6f8cec825c3706fd0738683cc69
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c5e7a9a14c4e6d1d1931fb8cb12e04a567986dc350724759548d150247bdd312ad9b30f3a42607a8d4b972c65874519469da01ac4df4977666cfa0a6c0246fbf
|
7
|
+
data.tar.gz: 3ad3accded9d27956c8a67c22c0750800ca36322505d9545f1e8e7a69483c34e4d12a73cd36ebbb989f87894abe071681ddc1df86a8270bde5814fc629c514bc
|
@@ -2,26 +2,41 @@ module SuperTopSecret
|
|
2
2
|
|
3
3
|
class Injector
|
4
4
|
def self.generate_config(app_file, secret_file)
|
5
|
-
app_hash
|
6
|
-
secret_hash
|
5
|
+
app_hash = YAML.load(File.read(app_file))
|
6
|
+
secret_hash = YAML.load(File.read(secret_file))
|
7
|
+
injected_hash = create_new_hash(app_hash, secret_hash)
|
7
8
|
|
8
|
-
injected_hash
|
9
|
+
write_new_hash_to_file(injected_hash)
|
10
|
+
end
|
11
|
+
|
12
|
+
private
|
13
|
+
|
14
|
+
def self.create_new_hash(app_hash, secret_hash)
|
15
|
+
injected_hash = app_hash.dup
|
9
16
|
|
10
17
|
app_hash.each do |key, val|
|
11
|
-
if val.
|
18
|
+
if val.is_a?(Hash) # Nested
|
12
19
|
val.each do |nested_key, nested_val|
|
13
|
-
nested_val = secret_hash[key][nested_val] if
|
14
|
-
injected_hash[key] = val
|
20
|
+
nested_val = secret_hash[key][nested_val] if secret_field?(nested_val)
|
15
21
|
injected_hash[key][nested_key] = nested_val
|
16
22
|
end
|
17
|
-
else
|
18
|
-
val = secret_hash[val] if
|
23
|
+
else
|
24
|
+
val = secret_hash[val] if secret_field?(val)
|
19
25
|
injected_hash[key] = val
|
20
26
|
end
|
21
27
|
end
|
22
28
|
|
29
|
+
return injected_hash
|
30
|
+
end
|
31
|
+
|
32
|
+
def self.secret_field?(val)
|
33
|
+
val.include?("53CR3T_")
|
34
|
+
end
|
35
|
+
|
36
|
+
def self.write_new_hash_to_file(injected_hash)
|
23
37
|
File.open("config/application.yml", "w+"){|f| f.write(injected_hash.to_yaml)}
|
24
38
|
end
|
39
|
+
|
25
40
|
end
|
26
41
|
|
27
42
|
end
|
@@ -1,29 +1,28 @@
|
|
1
1
|
namespace :secrets do
|
2
|
-
desc "
|
3
|
-
task :decrypt do
|
4
|
-
puts "Decrypting your file, sir and/or madam. Whatever you are, your file is being worked on."
|
5
|
-
if File.file?("config/application_secrets.yml.enc")
|
6
|
-
sh("aws kms decrypt --ciphertext-blob fileb://config/application_secrets.yml.enc --output text --query Plaintext | base64 --decode > config/application_secrets.yml")
|
7
|
-
end
|
8
|
-
end
|
9
|
-
|
10
|
-
desc "Encrypt your secrets rake secrets:encrypt"
|
2
|
+
desc "Encrypt your secrets - rake secrets:encrypt"
|
11
3
|
task :encrypt do
|
12
|
-
puts "
|
4
|
+
puts "Attempting to decrypt..."
|
13
5
|
if File.file?("config/application_secrets.yml")
|
14
6
|
sh("aws kms encrypt --key-id arn:aws:kms:us-west-2:155751353262:alias/properties --plaintext fileb://config/application_secrets.yml --output text --query CiphertextBlob | base64 --decode > config/application_secrets.yml.enc")
|
7
|
+
else
|
8
|
+
puts "Error: File missing. config/application_secrets.yml is required."
|
15
9
|
end
|
16
10
|
end
|
17
11
|
|
18
|
-
desc "
|
19
|
-
task :
|
12
|
+
desc "Decrypt your secrets - rake secrets:decrypt"
|
13
|
+
task :decrypt do
|
14
|
+
puts "Attempting to decrypt..."
|
15
|
+
if File.file?("config/application_secrets.yml.enc")
|
16
|
+
sh("aws kms decrypt --ciphertext-blob fileb://config/application_secrets.yml.enc --output text --query Plaintext | base64 --decode > config/application_secrets.yml")
|
17
|
+
else
|
18
|
+
puts "Error: File missing. config/application_secrets.yml.enc is required."
|
19
|
+
end
|
20
|
+
|
20
21
|
if File.file?("config/application_keys.yml") && File.file?("config/application_secrets.yml")
|
21
|
-
puts "Injecting your files, sir and/or madam. Whatever you are, your files are being worked on."
|
22
22
|
SuperTopSecret::Injector.generate_config("config/application_keys.yml", "config/application_secrets.yml")
|
23
23
|
else
|
24
|
-
puts "File(s) missing. config/application_keys.yml && config/application_secrets.yml are both required."
|
25
|
-
return
|
24
|
+
puts "Error: File(s) missing. config/application_keys.yml && config/application_secrets.yml are both required."
|
26
25
|
end
|
27
|
-
|
28
26
|
end
|
27
|
+
|
29
28
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: super_top_secret
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Cody Stringham
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-06-
|
11
|
+
date: 2017-06-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|