team-secrets 0.1.0

data/spec/secret_manager_spec.rb

@@ -0,0 +1,122 @@
+require 'team-secrets/secret_manager'
+require 'team-secrets/master_key'
+require 'fileutils'
+
+describe SecretManager do
+
+    context 'secret management' do
+        master_key = MasterKey.generate
+        secrets = SecretManager.new master_key
+
+        it 'can add a secret' do
+            # add(secret_name, secret, account = nil, category = nil, notes = nil)
+            secrets.add('SMTP_PASS', 'sMith_bArney!', 'mailer@example.com', [:PROD], 'Production SMTP password')
+            secrets.add('SMTP_PASS', 'jAmes_fRanke1', 'dev@example.com', [:DEV], 'Development SMTP password')
+            secrets.add('SMS_API_KEY', '843jds83jd82jd', nil, [:PROD, :DEV])
+            secrets.add('DEPLOY_KEY', '84dk84ujd83jeallmxcjrujdjjfjkhkjhakjshdfjk')
+
+            expect(secrets.data).to be_a(Array)
+            expect(secrets.data.size).to eq(4)
+            expect(secrets.data[0].keys).to eq([:name, :tags, :account, :secret, :notes, :added])
+            expect(secrets.data[0][:name]).to eq('SMTP_PASS')
+            expect(secrets.data[0][:secret]).to_not eq('sMith_bArney!')
+        end
+
+        it 'find a secret with data' do
+            # No tag
+            res = secrets.find('SMTP_PASS')
+            expect(res.length).to eq(2)
+
+            # With tags
+            res = secrets.find('SMTP_PASS', [:DEV], false)
+            expect(res.length).to eq(1)
+
+            expect(res[0][:name]).to eq('SMTP_PASS')
+            expect(res[0][:secret]).to_not eq('jAmes_fRanke1')
+            expect(res[0][:account]).to eq('dev@example.com')
+            expect(res[0][:tags]).to eq([:DEV])
+            expect(res[0][:notes]).to eq('Development SMTP password')
+            expect(res[0][:added]).to be
+        end
+
+        it 'can get a secret' do
+            # No tags
+            res = secrets.getSecret('SMTP_PASS')
+            expect(res.length).to eq(2)
+            expect(res).to include('jAmes_fRanke1')
+            expect(res).to include('sMith_bArney!')
+
+            # With tag
+            res = secrets.getSecret('SMTP_PASS', :DEV)
+            expect(res).to eq('jAmes_fRanke1')
+
+            # Can we get it twice?
+            res = secrets.getSecret('SMTP_PASS', [:DEV])
+            expect(res).to eq('jAmes_fRanke1')
+
+            # With the other tags
+            res = secrets.getSecret('SMTP_PASS', [:PROD])
+            expect(res).to eq('sMith_bArney!')
+
+            # With both tags, no matches
+            res = secrets.getSecret('SMTP_PASS', [:DEV, :PROD])
+            expect(res).to be_nil
+
+            # A longer string, matches both tags
+            res = secrets.getSecret('SMS_API_KEY', [:DEV, :PROD])
+            expect(res).to eq('843jds83jd82jd')
+
+            # No match, wrong tags
+            res = secrets.getSecret('SMS_API_KEY', [:DEV, :QA])
+            expect(res).to be_nil
+
+            # No category
+            res = secrets.getSecret('DEPLOY_KEY')
+            expect(res).to eq('84dk84ujd83jeallmxcjrujdjjfjkhkjhakjshdfjk')
+        end
+
+        it 'can return all secrets' do
+            res = secrets.getAll
+            expect(res.length).to eq(4)
+
+            res = secrets.getAll(:DEV)
+            expect(res.length).to eq(2)
+        end
+
+        it 'can remove a secret' do
+            res = secrets.getAll
+            expect(res.length).to eq(4)
+
+            # Remove nothing, tag doesn't match
+            secrets.remove('SMS_API_KEY', :NOPE)
+            res = secrets.getAll
+            expect(res.length).to eq(4)
+
+            secrets.remove('SMS_API_KEY', [:PROD, :DEV])
+            res = secrets.getAll
+            expect(res.length).to eq(3)
+
+            secrets.remove('SMTP_PASS')
+            res = secrets.getAll
+            expect(res.length).to eq(1)
+        end
+
+        it 'can rotate encryption keys' do
+            secrets.add('ROTATE_TEST_1', 'alskdfjalskjdf3984')
+            secrets.add('ROTATE_TEST_2', '2o341-llakdsjfjfdk')
+
+            secret_ref = []
+            for i in 0..2
+                secret_ref.push secrets.data[i][:secret]
+            end
+
+            secrets.rotateMasterKey(MasterKey.generate)
+
+            for i in 0..2
+                expect(secret_ref).not_to include(secrets.data[i][:secret])
+            end
+        end
+
+    end
+
+end

data/spec/support/test_key

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,976BA65B445F48E06F6486493B76E3ED
+
+6Y+inTC0bI9bPKYuz9+zZjyST5h/iAxApDSjIZzntp7j8oM6XxVb4DeLyG1L/Don
+VMbjx3NCnsGNSTw51MrV9Kwhsq0CvtgIOW6CdP3oQT3D4wA8516r6qjNm6NF0ePz
+/e7CxzFIOcX1TUbwBYc7/rTQg27Ll77tcoCSO3P6Pn1U/QSIHQO8U7LKNVPt5JFo
+TUM7m50dWUuqgcQLqicfyZoG2EB3T0a/YsmDiBG49gepCjmiPAaTC8O0YqaeMREZ
+UuxWHB22LuNc689FFrf4WNajw+DVgpGHdRRotILZcT6JftpHvHe+7I3TbRxglUsm
+30XHGnn+yQntHmQ0JFaMoZeBn3C0KGg0e213Nb35OHWkMO/NBRXQpYFAECCx26wz
+GP71+oYe8xysatUC7t9eBaFhQuFU9vKCW5Vw0nkpwIaUAuWVExMtSiaV909BfQ/G
+TZcwqeFi2U7TNGaGQN0Bky1bAIHDHPrmJ3DVs0Ql1TNRszIkyjiFUFBK27k3Yn4K
+Xs4WUihzYuPgzh7pZ40vldhbVHMTSQtLRX9TptiRMEqtTXl6hVb701w+zDcE0sDQ
+G2mNOihE12CRMLBo9TMWDyAeXxSNu4JRJnXMzLCIwCl6McE+0TW8nFf5wQ1gJ85Z
+TCDXpVM9U3MQcpLoPsBoLBiJRGqi3dcuimjDNuZAoIbTk6yQ4c6frLUWG4+kfuCI
+moK23uCdFVY3F6KrNFv4YnWlO5lSnWOFA21RKraGhvwIId+LK126cIDuwlL/TEI8
+FviFBYCkwVsxv8EhcF/hllGIHfVi45ONjzECLLJGH7bplURaDB+tcXUtdJ6orUjI
+k9ZONkIO8AlYJ0VMv2O/qjXKbNFOoch/LUC2J6DDcKKcNj8KX2Q803K+mcFOgzLz
+FkWru6CBQVdSo3vR0gX47BBMJWWksEMuxLq7dh1KZ+LLZQtsjU3bAlYpl2gcEhTC
+W0L+OE8J5C1ER/SniJ84hgF2kkTQjBHSHQOlrc+b/FbxgCMphdUekP1hTfr74CfV
+Su13SFxnvNVxjyuHMRVI6iICsAbpicKAbakqqCzEChT5jaNDQpATevdhiAMZsJAO
+7YxozipZu6j8Uxgvwwv+hHKE0JHATJ223alBHPrFZLd8Kj0yGpx3b4yT8psfHZHb
+ptEPosz9EcdF6zO4FH6dV6kX1JLBu+jwYQqrlgmk3KraYNlWpPKbB0/eQD9GLpds
+JnqHD5lAunYyEQwmnm5S+sojT7nxM7WmOhwHxJNtFAZevMMJ7EPKwuaFhFq5B1qt
+2rZIERYWF4EYn3V2AGh37HAyJQGc2pQRacVdzwC9oiqo7wdu7TaqEks5+iKMspK7
+lpFAnXfa0GFnJHHyCyC0qxuzU/kSaWxrTIzxirl8wABndoqZfWjh9f+eMVMrr6CR
+IFll1vwPhqUe2SniRBPDfIsSVCLxtQnFXnJ3zxj2VQRODJP/FICItHqy5R2S2qTW
+9J7KGpaC3elDKcpuUULeoLwzqEu7Gl8sRq8zSzcP9QOuRo6a2iFeRMgtthSbL1xe
+jiYehLZWZoh+TlHqe2ED8uR9inTFtddS85Z4i1eXoKBxHN7kP46ENtkC8jp+g80S
+-----END RSA PRIVATE KEY-----

data/spec/support/test_key.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKyRjeNjDigBgFdRl9BkAaWMuZZJ6hRm4UaDOdScZxeahgdpKh0YnceFF5CBTBcKfotfAHh13yKqCZNDOXQOAycZFF6NiRnqSHemIkPNtwUP27Cuh/emHsCyvElBr6Gh3Hlr0kcnPwe6xKfRG+kSoTFt8sqQ/ZiOCs6fguZXTEMpsWCEt6QyLKcSV8N/ow4TcJ39DhanIm+nm4wsGafvgAsuGTuzTus4EuOmQg3CxCsxxri2EcnqewLXyqzHiQUQneO9oLq6i1rmL0XiM0h9mmojqj4m1WPWGYGnz6oWRqm3P9ReyJhnLqmTCenoouCo5y/OO7Rc9Fm/brf8Wxn7Ib example@example.local

data/spec/support/test_key.pub.pem

@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAyskY3jYw4oAYBXUZfQZAGljLmWSeoUZuFGgznUnGcXmoYHaSodGJ
+3HhReQgUwXCn6LXwB4dd8iqgmTQzl0DgMnGRRejYkZ6kh3piJDzbcFD9uwrof3ph
+7AsrxJQa+hodx5a9JHJz8HusSn0RvpEqExbfLKkP2YjgrOn4LmV0xDKbFghLekMi
+ynElfDf6MOE3Cd/Q4WpyJvp5uMLBmn74ALLhk7s07rOBLjpkINwsQrMca4thHJ6n
+sC18qsx4kFEJ3jvaC6uota5i9F4jNIfZpqI6o+JtVj1hmBp8+qFkaptz/UXsiYZy
+6pkwnp6KLgqOcvzju0XPRZv263/FsZ+yGwIDAQAB
+-----END RSA PUBLIC KEY-----

data/spec/user_manager_spec.rb

@@ -0,0 +1,67 @@
+require 'team-secrets/user_manager'
+require 'fileutils'
+
+describe UserManager do
+
+    context 'user management' do
+        temp_folder = File.dirname(File.dirname(__FILE__)) +'/tmp'
+
+        before(:all) do
+            Dir.mkdir(temp_folder) unless File.exists?(temp_folder)
+        end
+
+        after(:all) do
+            FileUtils.rm_rf(temp_folder+'/users') if File.exists?(temp_folder+'/users')
+        end
+
+        it 'can add a user' do
+            users = UserManager.new
+
+            users.working_dir = temp_folder
+            users.user_dir = temp_folder+'/users'
+
+            users.add('new_guy', File.dirname(__FILE__) +'/support/test_key.pub.pem')
+            users.add('new_gal', File.dirname(__FILE__) +'/support/test_key.pub.pem')
+
+            expect(users.data).to be_a(Array)
+            expect(users.data.size).to eq(2)
+            expect(users.data[0].keys).to eq([:user, :public_key, :added, :lock_box, :sha256])
+            expect(users.all).to eq(['new_guy', 'new_gal'])
+        end
+
+        it 'can find a user' do
+            users = UserManager.new
+
+            users.working_dir = temp_folder
+            users.user_dir = temp_folder+'/users'
+
+            users.add('new_guy', File.dirname(__FILE__) +'/support/test_key.pub.pem')
+            users.add('new_gal', File.dirname(__FILE__) +'/support/test_key.pub.pem')
+
+            expect(users.find('fake_bud')).to be_nil
+            expect(users.find('new_guy')).to be
+            expect(users.find('new_gal')).to have_key(:public_key)
+            expect(users.find('new_gal')[:user]).to eq('new_gal')
+        end
+
+        it 'can remove a user' do
+            users = UserManager.new
+
+            users.working_dir = temp_folder
+            users.user_dir = temp_folder+'/users'
+
+            users.add('good_gal', File.dirname(__FILE__) +'/support/test_key.pub.pem')
+            users.add('bad_guy', File.dirname(__FILE__) +'/support/test_key.pub.pem')
+
+            expect(users.data).to be_a(Array)
+            expect(users.data.size).to eq(2)
+            expect(users.all).to eq(['good_gal', 'bad_guy'])
+
+            users.remove('bad_guy')
+
+            expect(users.data.size).to eq(1)
+            expect(users.all).to eq(['good_gal'])
+        end
+    end
+
+end

data/team-secrets.gemspec

@@ -0,0 +1,19 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.name          = 'team-secrets'
+  gem.version       = '0.1.0'
+  gem.platform      = Gem::Platform::RUBY
+  gem.authors       = ['Eric Bigoness']
+  gem.email         = ['design@firelit.com']
+  gem.homepage      = 'https://github.com/firelit/secrets'
+
+  gem.summary       = 'A utility for securely managing team secrets'
+  gem.description   = 'Encyrpt and store team secrets, passwords and API keys in a repository with built-in user management'
+
+  gem.files         = `git ls-files`.split("\n")
+  gem.test_files    = `git ls-files -- {test,spec,features}/*.rb`.split("\n")
+  gem.require_paths = ["lib"]
+
+end

metadata

@@ -0,0 +1,72 @@
+--- !ruby/object:Gem::Specification
+name: team-secrets
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Eric Bigoness
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-02-25 00:00:00.000000000 Z
+dependencies: []
+description: Encyrpt and store team secrets, passwords and API keys in a repository
+  with built-in user management
+email:
+- design@firelit.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- lib/team-secrets.rb
+- lib/team-secrets/file_manager.rb
+- lib/team-secrets/key_helper.rb
+- lib/team-secrets/manifest_manager.rb
+- lib/team-secrets/master_key.rb
+- lib/team-secrets/secret_manager.rb
+- lib/team-secrets/user_manager.rb
+- spec/file_manager_spec.rb
+- spec/manifest_manager_spec.rb
+- spec/master_key_spec.rb
+- spec/secret_manager_spec.rb
+- spec/support/test_key
+- spec/support/test_key.pub
+- spec/support/test_key.pub.pem
+- spec/user_manager_spec.rb
+- team-secrets.gemspec
+homepage: https://github.com/firelit/secrets
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.8
+signing_key: 
+specification_version: 4
+summary: A utility for securely managing team secrets
+test_files:
+- spec/file_manager_spec.rb
+- spec/manifest_manager_spec.rb
+- spec/master_key_spec.rb
+- spec/secret_manager_spec.rb
+- spec/user_manager_spec.rb