super_top_secret 0.2.0 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/super_top_secret/Injector.rb +23 -8
- data/lib/super_top_secret/version.rb +1 -1
- data/lib/tasks/super_top_secret_tasks.rake +15 -16
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4684d25489b61bed95644337f1ae63bce74fcf8f
|
|
4
|
+
data.tar.gz: e526fd185ea0f6f8cec825c3706fd0738683cc69
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c5e7a9a14c4e6d1d1931fb8cb12e04a567986dc350724759548d150247bdd312ad9b30f3a42607a8d4b972c65874519469da01ac4df4977666cfa0a6c0246fbf
|
|
7
|
+
data.tar.gz: 3ad3accded9d27956c8a67c22c0750800ca36322505d9545f1e8e7a69483c34e4d12a73cd36ebbb989f87894abe071681ddc1df86a8270bde5814fc629c514bc
|
|
@@ -2,26 +2,41 @@ module SuperTopSecret
|
|
|
2
2
|
|
|
3
3
|
class Injector
|
|
4
4
|
def self.generate_config(app_file, secret_file)
|
|
5
|
-
app_hash
|
|
6
|
-
secret_hash
|
|
5
|
+
app_hash = YAML.load(File.read(app_file))
|
|
6
|
+
secret_hash = YAML.load(File.read(secret_file))
|
|
7
|
+
injected_hash = create_new_hash(app_hash, secret_hash)
|
|
7
8
|
|
|
8
|
-
injected_hash
|
|
9
|
+
write_new_hash_to_file(injected_hash)
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
private
|
|
13
|
+
|
|
14
|
+
def self.create_new_hash(app_hash, secret_hash)
|
|
15
|
+
injected_hash = app_hash.dup
|
|
9
16
|
|
|
10
17
|
app_hash.each do |key, val|
|
|
11
|
-
if val.
|
|
18
|
+
if val.is_a?(Hash) # Nested
|
|
12
19
|
val.each do |nested_key, nested_val|
|
|
13
|
-
nested_val = secret_hash[key][nested_val] if
|
|
14
|
-
injected_hash[key] = val
|
|
20
|
+
nested_val = secret_hash[key][nested_val] if secret_field?(nested_val)
|
|
15
21
|
injected_hash[key][nested_key] = nested_val
|
|
16
22
|
end
|
|
17
|
-
else
|
|
18
|
-
val = secret_hash[val] if
|
|
23
|
+
else
|
|
24
|
+
val = secret_hash[val] if secret_field?(val)
|
|
19
25
|
injected_hash[key] = val
|
|
20
26
|
end
|
|
21
27
|
end
|
|
22
28
|
|
|
29
|
+
return injected_hash
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def self.secret_field?(val)
|
|
33
|
+
val.include?("53CR3T_")
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def self.write_new_hash_to_file(injected_hash)
|
|
23
37
|
File.open("config/application.yml", "w+"){|f| f.write(injected_hash.to_yaml)}
|
|
24
38
|
end
|
|
39
|
+
|
|
25
40
|
end
|
|
26
41
|
|
|
27
42
|
end
|
|
@@ -1,29 +1,28 @@
|
|
|
1
1
|
namespace :secrets do
|
|
2
|
-
desc "
|
|
3
|
-
task :decrypt do
|
|
4
|
-
puts "Decrypting your file, sir and/or madam. Whatever you are, your file is being worked on."
|
|
5
|
-
if File.file?("config/application_secrets.yml.enc")
|
|
6
|
-
sh("aws kms decrypt --ciphertext-blob fileb://config/application_secrets.yml.enc --output text --query Plaintext | base64 --decode > config/application_secrets.yml")
|
|
7
|
-
end
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
desc "Encrypt your secrets rake secrets:encrypt"
|
|
2
|
+
desc "Encrypt your secrets - rake secrets:encrypt"
|
|
11
3
|
task :encrypt do
|
|
12
|
-
puts "
|
|
4
|
+
puts "Attempting to decrypt..."
|
|
13
5
|
if File.file?("config/application_secrets.yml")
|
|
14
6
|
sh("aws kms encrypt --key-id arn:aws:kms:us-west-2:155751353262:alias/properties --plaintext fileb://config/application_secrets.yml --output text --query CiphertextBlob | base64 --decode > config/application_secrets.yml.enc")
|
|
7
|
+
else
|
|
8
|
+
puts "Error: File missing. config/application_secrets.yml is required."
|
|
15
9
|
end
|
|
16
10
|
end
|
|
17
11
|
|
|
18
|
-
desc "
|
|
19
|
-
task :
|
|
12
|
+
desc "Decrypt your secrets - rake secrets:decrypt"
|
|
13
|
+
task :decrypt do
|
|
14
|
+
puts "Attempting to decrypt..."
|
|
15
|
+
if File.file?("config/application_secrets.yml.enc")
|
|
16
|
+
sh("aws kms decrypt --ciphertext-blob fileb://config/application_secrets.yml.enc --output text --query Plaintext | base64 --decode > config/application_secrets.yml")
|
|
17
|
+
else
|
|
18
|
+
puts "Error: File missing. config/application_secrets.yml.enc is required."
|
|
19
|
+
end
|
|
20
|
+
|
|
20
21
|
if File.file?("config/application_keys.yml") && File.file?("config/application_secrets.yml")
|
|
21
|
-
puts "Injecting your files, sir and/or madam. Whatever you are, your files are being worked on."
|
|
22
22
|
SuperTopSecret::Injector.generate_config("config/application_keys.yml", "config/application_secrets.yml")
|
|
23
23
|
else
|
|
24
|
-
puts "File(s) missing. config/application_keys.yml && config/application_secrets.yml are both required."
|
|
25
|
-
return
|
|
24
|
+
puts "Error: File(s) missing. config/application_keys.yml && config/application_secrets.yml are both required."
|
|
26
25
|
end
|
|
27
|
-
|
|
28
26
|
end
|
|
27
|
+
|
|
29
28
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: super_top_secret
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Cody Stringham
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-06-
|
|
11
|
+
date: 2017-06-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|