trocla 0.3.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 0fe321c3e5f61203499ad978f32fef9b9617bf54
-  data.tar.gz: 276a6191e0342e7d26c185a06b383f357483b300
+SHA256:
+  metadata.gz: 2d6d84b42cc62b4ab04eea0478d9e4801939c1d31accd0dba4a27e272f56dad2
+  data.tar.gz: 6a322a8ae343b6723476b53e9ff7158adaa8d1537bbb46fbc81ef5ebd5a6cff2
 SHA512:
-  metadata.gz: cda445d5bab3d8b96a56990b2b9e447869a44e02bb4f28ca9d29ffce8578aa1e1cb4d5dedb7bec0e0102cc42416fed6361f1c9ea276c2b9fa2b1b7e1ab99698a
-  data.tar.gz: a59f1905c9877eda6ff3614b84f50e6598c75be420ba78c4e324f0b5c6c72584efda35a711477c35571aeac804de4e8f6ff1a3de80e3f2f220a825ce0d52056d
+  metadata.gz: 9bf44101c733c550f2ca6cd76e9a3788e8e2ac9f44576af255f6ea42271b0cb0cc6c004c6d66c9a4c49e5d74ab647e1cfc8f52bf1c0944176e5e529334effd11
+  data.tar.gz: d8e988c515297525975ca3b2339cfe81ba21444cf45c42637131d3f949871ab6a993f30b62ac2992d8388a2874bf8d4d43fcc9714383ac55fb22ad176f340dbc

data/.github/workflows/ruby.yml

@@ -0,0 +1,24 @@
+---
+name: Ruby
+on: [push, pull_request]
+jobs:
+  spec:
+    runs-on: ubuntu-latest
+    steps:
+      - name: check out repository
+        uses: actions/checkout@v3
+      - name: set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+          ruby-version: ${{ matrix.ruby }}
+      - name: install dependencies
+        run: bundle install
+      - name: install wireguard
+        run: sudo apt install -y wireguard
+      - name: run rspec
+        run: bundle exec rake spec
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: [2.5, 2.7, 3.0, 3.1]

data/.rspec

@@ -1 +1 @@
---color
+--color --format documentation

data/CHANGELOG.md

@@ -1,5 +1,28 @@
 # Changelog
 
+## to 0.5.0
+
+* moved from travis ci to github actions (#73) - Thank you [Georg-g](https://github.com/geor-g)
+* Support expire in vault (#71) - Thank you [Steffy Fort](https://github.com/fe80)
+* Syntax improvements (#70) - Thank you [Steffy Fort](https://github.com/fe80)
+* Add SCRAM-SHA-256 postgres support (#69) - Thank you [Steffy Fort](https://github.com/fe80)
+* Support destroying and entry to properly clean up in vault (#68) - Thank you [Steffy Fort](https://github.com/fe80)
+* Support search with vault backend (#67) - Thank you [Steffy Fort](https://github.com/fe80)
+* Add wireguard format (#65) - Thank you [Jonas Genannt](https://github.com/hggh)
+* Expand search path for sample config - Thank you [Anarcat](https://github.com/anarcat)
+
+## to 0.4.0
+
+* Add vault backend (#61) - Thank you [Steffy Fort](https://github.com/fe80)
+* Add sshkey format similar to the OpenSSL - Thank you [Raphaël Rondeau](https://github.com/rrondeau)
+* format/x509 allow to render 'publickeyonly' (#62) - Thank you [Thomas Weißschuh](https://github.com/t-8ch)
+* Add a method to search for keys and list all formats of a key (#49) - Thank you - [Steffy Fort](https://github.com/fe80)
+* Proper return code on cli (#57) - Thank you [Steffy Fort](https://github.com/fe80)
+* expand search path for sample config file to fix autopkgtest (#64) - Thank you  [anarcat](https://github.com/anarcat)
+* drop support for ruby < 2.7 & update dependencies
+* skip self-signed cert verification test on newer openssl version (#63)
+* Fix reseting passwords when using SSL encryption (#52)
+
 ## to 0.3.0
 
 * Add open method to be able to immediately close a trocla store after using it - thanks martinpfeiffer

data/Gemfile

@@ -1,50 +1,24 @@
-source "http://rubygems.org"
+source 'http://rubygems.org'
 # Add dependencies required to use your gem here.
 # Example:
 #   gem "activesupport", ">= 2.3.5"
 
-if RUBY_VERSION.to_f <= 2.2
-  gem 'rack', '< 2.0'
-end
-
-if RUBY_VERSION.to_f < 2.1
-  gem 'nokogiri', '< 1.7'
-end
-
-if RUBY_VERSION.to_f > 1.8
-  gem "moneta"
-  gem "highline"
-else
-  gem "moneta", "~> 0.7.20"
-  gem "highline", "~> 1.6.2"
-  gem 'rake', '< 11'
-  gem 'git', '< 1.3'
-end
+gem 'highline', '~> 2.0.0'
+gem 'moneta', '~> 1.4.0'
 
 if defined?(RUBY_ENGINE) && (RUBY_ENGINE == 'jruby')
   gem 'jruby-openssl'
 end
-gem "bcrypt"
+gem 'bcrypt'
+gem 'openssl'
+gem 'sshkey'
 
 # Add dependencies to develop your gem here.
 # Include everything needed to run rake, tests, features, etc.
 group :development do
-  if RUBY_VERSION.to_f > 1.8
-    gem "rspec"
-    gem "rdoc"
-    if RUBY_VERSION.to_f < 2.2
-      gem 'jeweler', '< 2.2'
-    else
-      gem "jeweler"
-    end
-    if RUBY_VERSION.to_f < 2.0
-      gem 'public_suffix', '~> 1.4.6'
-    end
-  else
-    gem "rspec", "~> 2.4"
-    gem "rdoc", "~> 3.8"
-    gem "jeweler", "~> 1.6"
-    gem "addressable", "~> 2.3.8"
-  end
+  gem 'addressable'
+  gem 'jeweler'
+  gem 'rdoc'
+  gem 'rspec'
   gem 'rspec-pending_for'
 end

data/README.md

@@ -24,7 +24,7 @@ retrieve (by deleting) the plain password and send it to the user. Puppet
 will still simply retrieve the hashed password that is stored in trocla,
 while the plain password is not anymore stored on the server.
 
-Be default trocla uses moneta to store the passwords and can use any kind of
+By default trocla uses moneta to store the passwords and can use any kind of
 key/value based storage supported by moneta for trocla. By default it uses a
 simple yaml file.
 However, since version 0.2.0 trocla also supports a pluggable storage backend
@@ -165,8 +165,9 @@ options to work properly. These are documented here:
 
 ### pgsql
 
-Password hashes for PostgreSQL servers. Requires the option `username` to be set
-to the username to which the password will be assigned.
+Password hashes for PostgreSQL servers. Since postgesql 10 you can use the sha256 hash, you have two options:
+* Create a ssh256 hash password with option `encode: sha256` (default value)
+* Create a md5 hash, the username is require for the salt key, with option  `encode: md5` and `username: your_user`
 
 ### bcrypt
 
@@ -212,8 +213,36 @@ Additional options are:
 
 Output render options are:
 
-    certonly If set to true the x509 format will return only the certificate
-    keyonly  If set to true the x509 format will return only the private key
+    certonly       If set to true the x509 format will return only the certificate
+    keyonly        If set to true the x509 format will return only the private key
+    publickeyonly  If set to true the x509 format will return only the public key
+
+### sshkey
+
+This format generate a ssh keypair
+
+Additional options are:
+
+    type        The ssh key type (rsa, dsa). Default: rsa
+    bits        Specifies the number of bits in the key to create. Default: 2048
+    comment     Specifies a comment.
+    passphrase  Specifies a passphrase.
+
+Output render options are:
+
+    pubonly     If set to true the sshkey format will return only the ssh public key
+    privonly    If set to true the sshkey format will return only the ssh private key
+
+### wireguard
+
+This format generate a keypair for WireGuard.
+
+The format requires the wg binary from WireGuard userland utilities.
+
+Output render options are:
+
+    pubonly     If set to true the wireguard format will return only the public key
+    privonly    If set to true the wireguard format will return only the private key
 
 ## Installation
 
@@ -256,6 +285,7 @@ Such a store is a simple class that implements Trocla::Store and at the moment t
 
 * Moneta - the default store using [moneta](https://rubygems.org/gems/moneta) to delegate storing the values
 * Memory - simple inmemory backend. Mainly used for testing.
+* Vault - modern secrets storage by HashiCorp, require the ruby gem [vault](https://github.com/hashicorp/vault-ruby)
 
 The backend is chosen based on the `store` configuration option. If it is a symbol, we expect it to be a store that we ship with trocla. Otherwise, we assume it to be a fully qualified ruby class name, that inherits from Trocla::Store. If trocla should load an additional library to be able to find your custom store class, you can set `store_require` to whatever should be passed to a ruby require statement.
 
@@ -272,6 +302,8 @@ We expect storage backends to implement support for the `expires` option, so tha
 
 New backends should be tested using the provided shared example.
 
+> **WARNING**: Vault backend use metadatas. It's set if an option is define. `expire` is automaticly change to `delete_version_after`, and you can use an interger or [format string](https://www.vaultproject.io/api-docs/secret/kv/kv-v2#parameters)
+
 #### Moneta backends
 
 Trocla uses moneta as its default storage backend and hence can store your passwords in any of moneta's supported backends. By default it uses the yaml backend, which is configured as followed:
@@ -298,6 +330,33 @@ store_options:
 
 These examples are by no way complete, moneta has much more to offer. Please have a look at [moneta's documentation](https://github.com/minad/moneta/blob/master/README.md) for further information.
 
+#### Vault backend
+
+[Vault](https://www.vaultproject.io/) is a modern secret storage supported by HashiCorp, which works with a REST API. You can create multiple storage engine.
+
+To use vault with trocla you need to create a kv (key/value) storage engine on the vault side. Trocla can use [v1](https://www.vaultproject.io/docs/secrets/kv/kv-v1) and [v2](https://www.vaultproject.io/docs/secrets/kv/kv-v2) API endpoints, but it's recommended to use the v2 (native hash object, history, acl...).
+
+You need to install the `vault` gem to be able to use the vault backend, which is not included in the default dependencies for trocla.
+
+With vault storage, the terminology changes:
+* `mount`, this is the name of your kv engine
+* `key`, this is the biggest change. As usual with trocla, the key is a simple string. With the vault kv engine, the key map to a path, so you can have a key like `my/path/key` for structured your data
+* `secret`, is the data content of your key. This is a simple hash with key (format) and value (the secret content of your format)
+
+The trocla mapping works the same way as with a moneta or file backend.
+
+The `store_options` are a dynamic argument for initializer [Vault::Client](https://github.com/hashicorp/vault-ruby/blob/master/lib/vault/client.rb) class (except `:mount`, used to defined the kv name). You can define only one kv mount.
+
+```YAML
+store: :vault
+store_options:
+  :mount: kv
+  :token: s.Tok3n
+  :address: https://vault.local
+```
+
+With Vault when you delete a key, you don't delete all key content. The metadatas, like history, are still here and the endpoint are not delete. If you prefere to destroy all key content you can add `:destroy: true` in the `store_options:` hash.
+
 ### Backend encryption
 
 By default trocla does not encrypt anything it stores. You might want to let Trocla encrypt all your passwords, at the moment the only supported way is SSL.

data/bin/trocla

@@ -43,25 +43,25 @@ OptionParser.new do |opts|
     options[:ask_password] = false
     options[:password] = pass
   end
-
 end.parse!
 
 def create(options)
-  [ Trocla.new(options.delete(:config_file)).password(
+  [Trocla.new(options.delete(:config_file)).password(
     options.delete(:trocla_key),
     options.delete(:trocla_format),
-    options.merge(YAML.load(options.delete(:other_options).shift.to_s)||{})
-  ) , 0 ]
+    options.merge(YAML.safe_load(options.delete(:other_options).shift.to_s) || {})
+  ), 0]
 end
 
 def get(options)
   res = Trocla.new(options.delete(:config_file)).get_password(
     options.delete(:trocla_key),
     options.delete(:trocla_format),
-    options.merge(YAML.load(options.delete(:other_options).shift.to_s)||{})
+    options.merge(YAML.safe_load(options.delete(:other_options).shift.to_s) || {})
   )
-  [ res, res.nil? ? 1 : 0 ]
+  [res, res.nil? ? 1 : 0]
 end
+
 def set(options)
   if options.delete(:ask_password)
     require 'highline/import'
@@ -69,7 +69,7 @@ def set(options)
     pwd2 = ask('Repeat password: ') { |q| q.echo = 'x' }.to_s
     unless password == pwd2
       STDERR.puts 'Passwords did not match, exiting!'
-      return [ nil, 1 ]
+      return [nil, 1]
     end
   else
     password = options.delete(:password) || STDIN.read.chomp
@@ -78,35 +78,52 @@ def set(options)
   no_format = options.delete('no_format')
   trocla = Trocla.new(options.delete(:config_file))
   value = if no_format
-    password
-  else
-    trocla.formats(format).format(password, (YAML.load(options.delete(:other_options).shift.to_s)||{}))
-  end
+            password
+          else
+            trocla.formats(format).format(password, (YAML.safe_load(options.delete(:other_options).shift.to_s) || {}))
+          end
   trocla.set_password(
     options.delete(:trocla_key),
     format,
     value
   )
-  [ '', 0 ]
+  ['', 0]
 end
 
 def reset(options)
-  [ Trocla.new(options.delete(:config_file)).reset_password(
+  [Trocla.new(options.delete(:config_file)).reset_password(
     options.delete(:trocla_key),
     options.delete(:trocla_format),
-    options.merge(YAML.load(options.delete(:other_options).shift.to_s)||{})
-  ), 0 ]
+    options.merge(YAML.safe_load(options.delete(:other_options).shift.to_s) || {})
+  ), 0]
 end
 
 def delete(options)
-  [ Trocla.new(options.delete(:config_file)).delete_password(
+  res = Trocla.new(options.delete(:config_file)).delete_password(
     options.delete(:trocla_key),
     options.delete(:trocla_format)
-  ), 0 ]
+  )
+  [res, res.nil? ? 1 : 0]
 end
 
 def formats(options)
-  "Available formats: #{Trocla::Formats.all.join(', ')}"
+  key = (options.delete(:trocla_key) || '')
+  if key.empty?
+    "Available formats: #{Trocla::Formats.all.join(', ')}"
+  else
+    res = Trocla.new(options.delete(:config_file)).available_format(
+      key,
+      options.merge(YAML.safe_load(options.delete(:other_options).shift.to_s) || {})
+    )
+    [res.nil? ? res : res.join(', '), res.nil? ? 1 : 0]
+  end
+end
+
+def search(options)
+  res = Trocla.new(options.delete(:config_file)).search_key(
+    options.delete(:trocla_key)
+  )
+  [res.nil? ? res : res.join("\n"), res.nil? ? 1 : 0]
 end
 
 def check_format(format_name)
@@ -119,30 +136,30 @@ def check_format(format_name)
   end
 end
 
-actions=['create','get','set','reset','delete', 'formats' ]
+actions = ['create', 'get', 'set', 'reset', 'delete', 'formats', 'search']
 
 if (action=ARGV.shift) && actions.include?(action)
-    options[:trocla_key] = ARGV.shift
-    options[:trocla_format] = ARGV.shift
-    options[:other_options] = ARGV
-    check_format(options[:trocla_format]) unless ['delete','formats'].include?(action)
-    begin
-      result, excode = send(action,options)
-      if result
-        puts result.is_a?(String) ? result : result.inspect
-      end
-    rescue Exception => e
-      unless e.message == 'exit'
-        STDERR.puts "Action failed with the following message: #{e.message}"
-        STDERR.puts '(See full trace by running task with --trace)'
-      end
-      raise e if options[:trace]
-      exit 1
+  options[:trocla_key] = ARGV.shift
+  options[:trocla_format] = ARGV.shift
+  options[:other_options] = ARGV
+  check_format(options[:trocla_format]) unless ['delete','formats','search'].include?(action)
+  begin
+    result, excode = send(action, options)
+    if result
+      puts result.is_a?(String) ? result : result.inspect
     end
-    exit excode.nil? ? 0 : excode
-else
-    STDERR.puts "Please supply one of the following actions: #{actions.join(', ')}"
-    STDERR.puts "Use #{$0} --help to get a list of options for these actions"
+  rescue Exception => e
+    unless e.message == 'exit'
+      STDERR.puts "Action failed with the following message: #{e.message}"
+      STDERR.puts '(See full trace by running task with --trace)'
+    end
+    raise e if options[:trace]
+
     exit 1
+  end
+  exit excode.nil? ? 0 : excode
+else
+  STDERR.puts "Please supply one of the following actions: #{actions.join(', ')}"
+  STDERR.puts "Use #{$0} --help to get a list of options for these actions"
+  exit 1
 end
-

data/lib/VERSION

@@ -1,4 +1,4 @@
 major:0
-minor:3
+minor:5
 patch:0
 build:

data/lib/trocla/default_config.yaml

@@ -7,9 +7,9 @@ store_options:
 
 encryption: :none
 options:
-    random: true
-    length: 16
-    charset: default
+  random: true
+  length: 16
+  charset: default
 
 profiles:
   rootpw:
@@ -44,4 +44,3 @@ profiles:
     days: 2
     # 1 day
     expires: 86400
-

data/lib/trocla/encryptions/none.rb

@@ -7,4 +7,3 @@ class Trocla::Encryptions::None < Trocla::Encryptions::Base
     value
   end
 end
-

data/lib/trocla/encryptions/ssl.rb

@@ -5,7 +5,7 @@ class Trocla::Encryptions::Ssl < Trocla::Encryptions::Base
   def encrypt(value)
     ciphertext = ''
     value.scan(/.{0,#{chunksize}}/m).each do |chunk|
-      ciphertext += Base64.encode64(public_key.public_encrypt(chunk)).gsub("\n",'')+"\n" if chunk
+      ciphertext += Base64.encode64(public_key.public_encrypt(chunk)).gsub("\n", '') + "\n" if chunk
     end
     ciphertext
   end
@@ -21,21 +21,21 @@ class Trocla::Encryptions::Ssl < Trocla::Encryptions::Base
   private
 
   def chunksize
-      public_key.n.num_bytes - 11
+    public_key.n.num_bytes - 11
   end
 
   def private_key
-      @private_key ||= begin
-        file = require_option(:private_key)
-        OpenSSL::PKey::RSA.new(File.read(file), nil)
-      end
+    @private_key ||= begin
+      file = require_option(:private_key)
+      OpenSSL::PKey::RSA.new(File.read(file), nil)
+    end
   end
 
   def public_key
-      @public_key ||= begin
-        file = require_option(:public_key)
-        OpenSSL::PKey::RSA.new(File.read(file), nil)
-      end
+    @public_key ||= begin
+      file = require_option(:public_key)
+      OpenSSL::PKey::RSA.new(File.read(file), nil)
+    end
   end
 
   def option(key)
@@ -45,7 +45,7 @@ class Trocla::Encryptions::Ssl < Trocla::Encryptions::Base
   def require_option(key)
     val = option(key)
     raise "Config error: 'ssl_options' => :#{key} is not defined" if val.nil?
+
     val
   end
 end
-

data/lib/trocla/encryptions.rb

@@ -1,18 +1,24 @@
-class Trocla::Encryptions
+# frozen_string_literal: true
 
+# Trocla::Encryptions
+class Trocla::Encryptions
+  # Base
   class Base
     attr_reader :trocla, :config
+
     def initialize(config, trocla)
       @trocla = trocla
       @config = config
     end
 
-    def encrypt(value)
+    def encrypt(_)
       raise NoMethodError.new("#{self.class.name} needs to implement 'encrypt()'")
+
     end
 
-    def decrypt(value)
+    def decrypt(_)
       raise NoMethodError.new("#{self.class.name} needs to implement 'decrypt()'")
+
     end
   end
 
@@ -22,7 +28,7 @@ class Trocla::Encryptions
     end
 
     def all
-      Dir[ path '*' ].collect do |enc|
+      Dir[path '*'].collect do |enc|
         File.basename(enc, '.rb').downcase
       end
     end
@@ -32,10 +38,11 @@ class Trocla::Encryptions
     end
 
     private
+
     def encryptions
       @@encryptions ||= Hash.new do |hash, encryption|
         encryption = encryption.to_s.downcase
-        if File.exists?( path encryption )
+        if File.exist?(path encryption)
           require "trocla/encryptions/#{encryption}"
           class_name = "Trocla::Encryptions::#{encryption.capitalize}"
           hash[encryption] = (eval class_name)

data/lib/trocla/formats/bcrypt.rb

@@ -1,7 +1,7 @@
 class Trocla::Formats::Bcrypt < Trocla::Formats::Base
   expensive true
   require 'bcrypt'
-  def format(plain_password,options={})
-    BCrypt::Password.create(plain_password, :cost => options['cost']||BCrypt::Engine.cost).to_s
+  def format(plain_password, options = {})
+    BCrypt::Password.create(plain_password, :cost => options['cost'] || BCrypt::Engine.cost).to_s
   end
 end

data/lib/trocla/formats/md5crypt.rb

@@ -1,6 +1,6 @@
 # salted crypt
 class Trocla::Formats::Md5crypt < Trocla::Formats::Base
-  def format(plain_password,options={})
-     plain_password.crypt('$1$' << Trocla::Util.salt << '$')
+  def format(plain_password, options = {})
+    plain_password.crypt('$1$' << Trocla::Util.salt << '$')
   end
 end

data/lib/trocla/formats/mysql.rb

@@ -1,6 +1,6 @@
 class Trocla::Formats::Mysql < Trocla::Formats::Base
   require 'digest/sha1'
-  def format(plain_password,options={})
-    "*" + Digest::SHA1.hexdigest(Digest::SHA1.digest(plain_password)).upcase
+  def format(plain_password, options = {})
+    '*' + Digest::SHA1.hexdigest(Digest::SHA1.digest(plain_password)).upcase
   end
 end

data/lib/trocla/formats/pgsql.rb

@@ -1,7 +1,54 @@
 class Trocla::Formats::Pgsql < Trocla::Formats::Base
   require 'digest/md5'
-  def format(plain_password,options={})
-    raise "You need pass the username as an option to use this format" unless options['username'] 
-    "md5" + Digest::MD5.hexdigest(plain_password + options['username'])
+  require 'openssl'
+  require 'base64'
+  def format(plain_password, options = {})
+    encode = (options['encode'] || 'sha256')
+    case encode
+    when 'md5'
+      raise 'You need pass the username as an option to use this format' unless options['username']
+
+      'md5' + Digest::MD5.hexdigest(plain_password + options['username'])
+    when 'sha256'
+      pg_sha256(plain_password)
+    else
+      raise 'Unkmow encode %s for pgsql password' % [encode]
+    end
+  end
+
+  private
+
+  def pg_sha256(password)
+    salt = OpenSSL::Random.random_bytes(16)
+    digest = digest_key(password, salt)
+    'SCRAM-SHA-256$%s:%s$%s:%s' % [
+      '4096',
+      Base64.strict_encode64(salt),
+      Base64.strict_encode64(client_key(digest)),
+      Base64.strict_encode64(server_key(digest))
+    ]
+  end
+
+  def digest_key(password, salt)
+    OpenSSL::KDF.pbkdf2_hmac(
+      password,
+      salt: salt,
+      iterations: 4096,
+      length: 32,
+      hash: OpenSSL::Digest::SHA256.new
+    )
+  end
+
+  def client_key(digest_key)
+    hmac = OpenSSL::HMAC.new(digest_key, OpenSSL::Digest::SHA256.new)
+    hmac << 'Client Key'
+    hmac.digest
+    OpenSSL::Digest.new('SHA256').digest hmac.digest
+  end
+
+  def server_key(digest_key)
+    hmac = OpenSSL::HMAC.new(digest_key, OpenSSL::Digest::SHA256.new)
+    hmac << 'Server Key'
+    hmac.digest
   end
 end

data/lib/trocla/formats/plain.rb

@@ -1,7 +1,5 @@
 class Trocla::Formats::Plain < Trocla::Formats::Base
-  
-  def format(plain_password,options={})
+  def format(plain_password, options = {})
     plain_password
   end
-  
 end

data/lib/trocla/formats/sha1.rb

@@ -1,7 +1,7 @@
 class Trocla::Formats::Sha1 < Trocla::Formats::Base
   require 'digest/sha1'
   require 'base64'
-  def format(plain_password,options={})
+  def format(plain_password, options = {})
     '{SHA}' + Base64.encode64(Digest::SHA1.digest(plain_password))
   end
 end

data/lib/trocla/formats/sha256crypt.rb

@@ -1,6 +1,6 @@
 # salted crypt
 class Trocla::Formats::Sha256crypt < Trocla::Formats::Base
-  def format(plain_password,options={})
-     plain_password.crypt('$5$' << Trocla::Util.salt << '$')
+  def format(plain_password, options = {})
+    plain_password.crypt('$5$' << Trocla::Util.salt << '$')
   end
 end

data/lib/trocla/formats/sha512crypt.rb

@@ -1,6 +1,6 @@
 # salted crypt
 class Trocla::Formats::Sha512crypt < Trocla::Formats::Base
-  def format(plain_password,options={})
-     plain_password.crypt('$6$' << Trocla::Util.salt << '$')
+  def format(plain_password, options = {})
+    plain_password.crypt('$6$' << Trocla::Util.salt << '$')
   end
 end