trocla 0.3.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 0fe321c3e5f61203499ad978f32fef9b9617bf54
-  data.tar.gz: 276a6191e0342e7d26c185a06b383f357483b300
+SHA256:
+  metadata.gz: 18cb6a02ca556208840b6370287987e72fc18e01e199b7fe1b5b72c463a91ee4
+  data.tar.gz: d2f8068ab15baf1a5cbbfd3370543ff03ad2f2c1baf564ba43f824589920fcf6
 SHA512:
-  metadata.gz: cda445d5bab3d8b96a56990b2b9e447869a44e02bb4f28ca9d29ffce8578aa1e1cb4d5dedb7bec0e0102cc42416fed6361f1c9ea276c2b9fa2b1b7e1ab99698a
-  data.tar.gz: a59f1905c9877eda6ff3614b84f50e6598c75be420ba78c4e324f0b5c6c72584efda35a711477c35571aeac804de4e8f6ff1a3de80e3f2f220a825ce0d52056d
+  metadata.gz: a5829218248d2d9f7f4f3ddfc5bca4f35f8839871fd18074ede34f9281eae086a79c858987285da7839b5699961b417244fc5d86a696b355a8fd4c96d0145bf8
+  data.tar.gz: fc4c6e7ce2cf53009ee3db4f8791b820dca9c696223567fac1367cc3e80b8558a2b5d430f6a255d0f7e07403f9be06ee3e895310971303dc571be6a82d908404

data/.travis.yml

@@ -2,10 +2,5 @@ language: ruby
 sudo: false
 rvm:
   - jruby
-  - jruby-18mode
-  - jruby-19mode
-  - 2.4.0
-  - 2.2.0
-  - 2.0.0
-  - 1.9.3
-  - 1.8.7
+  - 2.7.0
+  - 3.0.0

data/CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## to 0.4.0
+
+* Add vault backend (#61) - Thank you [Steffy Fort](https://github.com/fe80)
+* Add sshkey format similar to the OpenSSL - Thank you [Raphaël Rondeau](https://github.com/rrondeau)
+* format/x509 allow to render 'publickeyonly' (#62) - Thank you [Thomas Weißschuh](https://github.com/t-8ch)
+* Add a method to search for keys and list all formats of a key (#49) - Thank you - [Steffy Fort](https://github.com/fe80)
+* Proper return code on cli (#57) - Thank you [Steffy Fort](https://github.com/fe80)
+* expand search path for sample config file to fix autopkgtest (#64) - Thank you  [anarcat](https://github.com/anarcat)
+* drop support for ruby < 2.7 & update dependencies
+* skip self-signed cert verification test on newer openssl version (#63)
+* Fix reseting passwords when using SSL encryption (#52)
+
 ## to 0.3.0
 
 * Add open method to be able to immediately close a trocla store after using it - thanks martinpfeiffer

data/Gemfile

@@ -3,48 +3,21 @@ source "http://rubygems.org"
 # Example:
 #   gem "activesupport", ">= 2.3.5"
 
-if RUBY_VERSION.to_f <= 2.2
-  gem 'rack', '< 2.0'
-end
-
-if RUBY_VERSION.to_f < 2.1
-  gem 'nokogiri', '< 1.7'
-end
-
-if RUBY_VERSION.to_f > 1.8
-  gem "moneta"
-  gem "highline"
-else
-  gem "moneta", "~> 0.7.20"
-  gem "highline", "~> 1.6.2"
-  gem 'rake', '< 11'
-  gem 'git', '< 1.3'
-end
+gem "moneta", "~> 1.4.0"
+gem "highline", "~> 2.0.0"
 
 if defined?(RUBY_ENGINE) && (RUBY_ENGINE == 'jruby')
   gem 'jruby-openssl'
 end
 gem "bcrypt"
+gem "sshkey"
 
 # Add dependencies to develop your gem here.
 # Include everything needed to run rake, tests, features, etc.
 group :development do
-  if RUBY_VERSION.to_f > 1.8
-    gem "rspec"
-    gem "rdoc"
-    if RUBY_VERSION.to_f < 2.2
-      gem 'jeweler', '< 2.2'
-    else
-      gem "jeweler"
-    end
-    if RUBY_VERSION.to_f < 2.0
-      gem 'public_suffix', '~> 1.4.6'
-    end
-  else
-    gem "rspec", "~> 2.4"
-    gem "rdoc", "~> 3.8"
-    gem "jeweler", "~> 1.6"
-    gem "addressable", "~> 2.3.8"
-  end
+  gem "rspec"
+  gem "rdoc"
+  gem "jeweler"
+  gem "addressable"
   gem 'rspec-pending_for'
 end

data/README.md

@@ -24,7 +24,7 @@ retrieve (by deleting) the plain password and send it to the user. Puppet
 will still simply retrieve the hashed password that is stored in trocla,
 while the plain password is not anymore stored on the server.
 
-Be default trocla uses moneta to store the passwords and can use any kind of
+By default trocla uses moneta to store the passwords and can use any kind of
 key/value based storage supported by moneta for trocla. By default it uses a
 simple yaml file.
 However, since version 0.2.0 trocla also supports a pluggable storage backend
@@ -212,8 +212,25 @@ Additional options are:
 
 Output render options are:
 
-    certonly If set to true the x509 format will return only the certificate
-    keyonly  If set to true the x509 format will return only the private key
+    certonly       If set to true the x509 format will return only the certificate
+    keyonly        If set to true the x509 format will return only the private key
+    publickeyonly  If set to true the x509 format will return only the public key
+
+### sshkey
+
+This format generate a ssh keypair
+
+Additional options are:
+
+    type        The ssh key type (rsa, dsa). Default: rsa
+    bits        Specifies the number of bits in the key to create. Default: 2048
+    comment     Specifies a comment.
+    passphrase  Specifies a passphrase.
+
+Output render options are:
+
+    pubonly     If set to true the sshkey format will return only the ssh public key
+    privonly    If set to true the sshkey format will return only the ssh private key
 
 ## Installation
 
@@ -256,6 +273,7 @@ Such a store is a simple class that implements Trocla::Store and at the moment t
 
 * Moneta - the default store using [moneta](https://rubygems.org/gems/moneta) to delegate storing the values
 * Memory - simple inmemory backend. Mainly used for testing.
+* Vault - modern secrets storage by HashiCorp, require the ruby gem [vault](https://github.com/hashicorp/vault-ruby)
 
 The backend is chosen based on the `store` configuration option. If it is a symbol, we expect it to be a store that we ship with trocla. Otherwise, we assume it to be a fully qualified ruby class name, that inherits from Trocla::Store. If trocla should load an additional library to be able to find your custom store class, you can set `store_require` to whatever should be passed to a ruby require statement.
 
@@ -298,6 +316,31 @@ store_options:
 
 These examples are by no way complete, moneta has much more to offer. Please have a look at [moneta's documentation](https://github.com/minad/moneta/blob/master/README.md) for further information.
 
+#### Vault backend
+
+[Vault](https://www.vaultproject.io/) is a modern secret storage supported by HashiCorp, which works with a REST API. You can create multiple storage engine.
+
+To use vault with trocla you need to create a kv (key/value) storage engine on the vault side. Trocla can use [v1](https://www.vaultproject.io/docs/secrets/kv/kv-v1) and [v2](https://www.vaultproject.io/docs/secrets/kv/kv-v2) API endpoints, but it's recommended to use the v2 (native hash object, history, acl...).
+
+You need to install the `vault` gem to be able to use the vault backend, which is not included in the default dependencies for trocla.
+
+With vault storage, the terminology changes:
+* `mount`, this is the name of your kv engine
+* `key`, this is the biggest change. As usual with trocla, the key is a simple string. With the vault kv engine, the key map to a path, so you can have a key like `my/path/key` for structured your data
+* `secret`, is the data content of your key. This is a simple hash with key (format) and value (the secret content of your format)
+
+The trocla mapping works the same way as with a moneta or file backend.
+
+The `store_options` are a dynamic argument for initializer [Vault::Client](https://github.com/hashicorp/vault-ruby/blob/master/lib/vault/client.rb) class (except `:mount`, used to defined the kv name). You can define only one kv mount.
+
+```YAML
+store: :vault
+store_options:
+  :mount: kv
+  :token: s.Tok3n
+  :address: https://vault.local
+```
+
 ### Backend encryption
 
 By default trocla does not encrypt anything it stores. You might want to let Trocla encrypt all your passwords, at the moment the only supported way is SSL.

data/bin/trocla

@@ -99,14 +99,31 @@ def reset(options)
 end
 
 def delete(options)
-  [ Trocla.new(options.delete(:config_file)).delete_password(
+  res = Trocla.new(options.delete(:config_file)).delete_password(
     options.delete(:trocla_key),
     options.delete(:trocla_format)
-  ), 0 ]
+  )
+  [ res, res.nil? ? 1 : 0 ]
 end
 
 def formats(options)
-  "Available formats: #{Trocla::Formats.all.join(', ')}"
+  key = (options.delete(:trocla_key) || '' )
+  if key.empty?
+    "Available formats: #{Trocla::Formats.all.join(', ')}"
+  else
+    res = Trocla.new(options.delete(:config_file)).available_format(
+      key,
+      options.merge(YAML.load(options.delete(:other_options).shift.to_s)||{})
+    )
+    [ res.nil? ? res : res.join(', '), res.nil? ? 1 : 0 ]
+  end
+end
+
+def search(options)
+  res = Trocla.new(options.delete(:config_file)).search_key(
+    options.delete(:trocla_key)
+  )
+  [ res.nil? ? res : res.join("\n"), res.nil? ? 1 : 0 ]
 end
 
 def check_format(format_name)
@@ -119,13 +136,13 @@ def check_format(format_name)
   end
 end
 
-actions=['create','get','set','reset','delete', 'formats' ]
+actions=['create','get','set','reset','delete','formats','search']
 
 if (action=ARGV.shift) && actions.include?(action)
     options[:trocla_key] = ARGV.shift
     options[:trocla_format] = ARGV.shift
     options[:other_options] = ARGV
-    check_format(options[:trocla_format]) unless ['delete','formats'].include?(action)
+    check_format(options[:trocla_format]) unless ['delete','formats','search'].include?(action)
     begin
       result, excode = send(action,options)
       if result

data/lib/VERSION

@@ -1,4 +1,4 @@
 major:0
-minor:3
+minor:4
 patch:0
 build:

data/lib/trocla.rb

@@ -62,7 +62,7 @@ class Trocla
   end
 
   def reset_password(key,format,options={})
-    set_password(key,format,nil,options)
+    delete_password(key,format)
     password(key,format,options)
   end
 
@@ -82,6 +82,14 @@ class Trocla
     render(format,password,options)
   end
 
+  def available_format(key, options={})
+    render(false,store.formats(key),options)
+  end
+
+  def search_key(key, options={})
+    render(false,store.search(key),options)
+  end
+
   def formats(format)
     (@format_cache||={})[format] ||= Trocla::Formats[format].new(self)
   end

data/lib/trocla/formats/sshkey.rb

@@ -0,0 +1,46 @@
+require 'sshkey'
+
+class Trocla::Formats::Sshkey < Trocla::Formats::Base
+
+  expensive true
+
+  def format(plain_password,options={})
+
+    if plain_password.match(/-----BEGIN RSA PRIVATE KEY-----.*-----END RSA PRIVATE KEY/m)
+      # Import, validate ssh key
+      begin
+        sshkey = ::SSHKey.new(plain_password)
+      rescue Exception => e
+        raise "SSH key import failed: #{e.message}"
+      end
+      return sshkey.private_key + sshkey.ssh_public_key
+    end
+
+    type = options['type'] || 'rsa'
+    bits = options['bits'] || 2048
+
+    begin
+      sshkey = ::SSHKey.generate(
+        type:       type,
+        bits:       bits,
+        comment:    options['comment'],
+        passphrase: options['passphrase']
+      )
+    rescue Exception => e
+      raise "SSH key creation failed: #{e.message}"
+    end
+
+    sshkey.private_key + sshkey.ssh_public_key
+  end
+
+  def render(output,render_options={})
+    if render_options['privonly']
+      ::SSHKey.new(output).private_key
+    elsif render_options['pubonly']
+      ::SSHKey.new(output).ssh_public_key
+    else
+      super(output,render_options)
+    end
+  end
+
+end

data/lib/trocla/formats/x509.rb

@@ -97,6 +97,8 @@ class Trocla::Formats::X509 < Trocla::Formats::Base
       OpenSSL::PKey::RSA.new(output).to_pem
     elsif render_options['certonly']
       OpenSSL::X509::Certificate.new(output).to_pem
+    elsif render_options['publickeyonly']
+      OpenSSL::PKey::RSA.new(output).public_key.to_pem
     else
       super(output,render_options)
     end

data/lib/trocla/store.rb

@@ -50,6 +50,16 @@ class Trocla::Store
     format.nil? ? (delete_all(key)||{}) : delete_format(key,format)
   end
 
+  # returns all formats for a key
+  def formats(key)
+    raise 'not implemented'
+  end
+
+  # def searches for a key
+  def search(key)
+    raise 'not implemented'
+  end
+
   private
   # sets a new plain value
   # *must* invalidate all

data/lib/trocla/stores/memory.rb

@@ -19,6 +19,15 @@ class Trocla::Stores::Memory < Trocla::Store
     set_expires(key,options['expires'])
   end
 
+  def formats(key)
+    memory[key].empty? ? nil : memory[key].keys
+  end
+
+  def search(key)
+    r = memory.keys.grep(/#{key}/)
+    r.empty? ? nil : r
+  end
+
   private
   def set_plain(key,value,options)
     memory[key] = { 'plain' => value }

data/lib/trocla/stores/moneta.rb

@@ -18,6 +18,17 @@ class Trocla::Stores::Moneta < Trocla::Store
     moneta.fetch(key, {})[format]
   end
 
+  def formats(key)
+    r = moneta.fetch(key)
+    r.nil? ? nil : r.keys
+  end
+
+  def search(key)
+    raise 'The search option is not available for any adapter other than Sequel or YAML' unless store_config['adapter'] == :Sequel || store_config['adapter'] == :YAML
+    r = search_keys(key)
+    r.empty? ? nil : r
+  end
+
   private
   def set_plain(key,value,options)
     h = { 'plain' => value }
@@ -55,4 +66,19 @@ class Trocla::Stores::Moneta < Trocla::Store
     end
     res
   end
+  def search_keys(key)
+    _moneta = Moneta.new(store_config['adapter'], (store_config['adapter_options']||{}).merge({ :expires => false }))
+    a = []
+    if store_config['adapter'] == :Sequel
+      keys = _moneta.adapter.backend[:trocla].select_order_map {from_base64(:k)}
+    elsif store_config['adapter'] == :YAML
+      keys = _moneta.adapter.backend.transaction(true) { _moneta.adapter.backend.roots }
+    end
+    _moneta.close
+    regexp = Regexp.new("#{key}")
+    keys.each do |k|
+      a << k if regexp.match(k)
+    end
+    a
+  end
 end

data/lib/trocla/stores/vault.rb

@@ -0,0 +1,50 @@
+# the default vault based store
+class Trocla::Stores::Vault < Trocla::Store
+  attr_reader :vault, :mount
+  def initialize(config,trocla)
+    super(config,trocla)
+    require 'vault'
+    @mount = (config.delete(:mount) || 'kv')
+    # load expire support by default
+    @vault = Vault::Client.new(config)
+  end
+
+  def close
+  end
+
+  def get(key,format)
+    read(key)[format.to_sym]
+  end
+
+  def formats(key)
+    read(key).keys
+  end
+
+  private
+  def read(key)
+    k = vault.kv(mount).read(key)
+    k.nil? ? {} : k.data
+  end
+
+  def write(key, value)
+    vault.kv(mount).write(key, value)
+  end
+
+  def set_plain(key,value,options)
+    set_format(key,'plain',value,options)
+  end
+
+  def set_format(key,format,value,options)
+    write(key, read(key).merge({format.to_sym => value}))
+  end
+
+  def delete_all(key)
+    vault.kv(mount).delete(key)
+  end
+
+  def delete_format(key,format)
+    old = read(key)
+    write(key, old.reject { |k,v| k == format.to_sym })
+    old[format.to_sym]
+  end
+end

data/spec/spec_helper.rb

@@ -1,5 +1,6 @@
 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 $LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'jruby' if Object.const_defined?(:RUBY_ENGINE) and RUBY_ENGINE == 'jruby'
 require 'rspec'
 require 'rspec/pending_for'
 require 'yaml'
@@ -35,6 +36,11 @@ RSpec.shared_examples "encryption_basics" do
       expect(@trocla.get_password('some_pass', 'plain')).to eql('super secret')
     end
 
+    it "resets passwords" do
+      @trocla.set_password('some_pass', 'plain', 'super secret')
+      expect(@trocla.reset_password('some_pass', 'plain')).not_to eql('super secret')
+    end
+
   end
   describe 'deleting' do
     it "plain" do
@@ -225,7 +231,13 @@ RSpec.shared_examples 'store_validation' do |store|
 end
 
 def default_config
-  @default_config ||= YAML.load(File.read(File.expand_path(base_dir+'/lib/trocla/default_config.yaml')))
+  @default_config ||=  begin
+    config_path = [
+      File.expand_path(base_dir+'/lib/trocla/default_config.yaml'),
+      File.expand_path(File.dirname($LOADED_FEATURES.grep(/trocla.rb/)[0])+'/trocla/default_config.yaml'),
+    ].find { |p| File.exists?(p) }
+    YAML.load(File.read(config_path))
+  end
 end
 
 def test_config

data/spec/trocla/formats/sshkey_spec.rb

@@ -0,0 +1,52 @@
+require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
+
+describe "Trocla::Format::Sshkey" do
+
+  before(:each) do
+    expect_any_instance_of(Trocla).to receive(:read_config).and_return(test_config)
+    @trocla = Trocla.new
+  end
+
+  let(:sshkey_options) do
+    {
+      'type'    => 'rsa',
+      'bits'    => 4096,
+      'comment' => 'My ssh key'
+    }
+  end
+
+  describe "sshkey" do
+    it "is able to create an ssh keypair without options" do
+      sshkey = @trocla.password('my_ssh_keypair', 'sshkey', {})
+      expect(sshkey).to start_with('-----BEGIN RSA PRIVATE KEY-----')
+      expect(sshkey).to match(/ssh-/)
+    end
+
+    it "is able to create an ssh keypair with options" do
+      sshkey = @trocla.password('my_ssh_keypair', 'sshkey', sshkey_options)
+      expect(sshkey).to start_with('-----BEGIN RSA PRIVATE KEY-----')
+      expect(sshkey).to match(/ssh-/)
+      expect(sshkey).to end_with('My ssh key')
+    end
+
+    it 'supports fetching only the priv key' do
+      sshkey = @trocla.password('my_ssh_keypair', 'sshkey', { 'render' => {'privonly' => true }})
+      expect(sshkey).to start_with('-----BEGIN RSA PRIVATE KEY-----')
+      expect(sshkey).not_to match(/ssh-/)
+    end
+
+    it 'supports fetching only the pub key' do
+      sshkey = @trocla.password('my_ssh_keypair', 'sshkey', { 'render' => {'pubonly' => true }})
+      expect(sshkey).to start_with('ssh-rsa')
+      expect(sshkey).not_to match(/-----BEGIN RSA PRIVATE KEY-----/)
+    end
+
+    it "is able to create an ssh keypair with a passphrase" do
+      sshkey = @trocla.password('my_ssh_keypair', 'sshkey', { 'passphrase' => 'spec' })
+      expect(sshkey).to start_with('-----BEGIN RSA PRIVATE KEY-----')
+      expect(sshkey).to match(/ssh-/)
+    end
+
+  end
+
+end

data/spec/trocla/formats/x509_spec.rb

@@ -44,7 +44,9 @@ describe "Trocla::Format::X509" do
       expect(cert.public_key.n.num_bytes * 8).to eq(4096)
       expect((Date.parse(cert.not_after.localtime.to_s) - Date.today).to_i).to eq(365)
       # it's a self signed cert and NOT a CA
-      expect(verify(cert,cert)).to be false
+      # Change of behavior on openssl side: https://github.com/openssl/openssl/issues/15146
+      validates_self_even_if_no_ca = Gem::Version.new(%x{openssl version}.split(' ')[1]) > Gem::Version.new('1.1.1g')
+      expect(verify(cert,cert)).to be validates_self_even_if_no_ca
 
       v = cert.extensions.find{|e| e.oid == 'basicConstraints' }.value
       expect(v).to eq('CA:FALSE')
@@ -136,6 +138,11 @@ describe "Trocla::Format::X509" do
       expect(cert_str).not_to match(/-----BEGIN CERTIFICATE-----/)
       expect(cert_str).to match(/-----BEGIN RSA PRIVATE KEY-----/)
     end
+    it 'supports fetching only the publickey' do
+      pkey_str = @trocla.password('mycert', 'x509', cert_options.merge('render' => {'publickeyonly' => true }))
+      expect(pkey_str).not_to match(/-----BEGIN CERTIFICATE-----/)
+      expect(pkey_str).to match(/-----BEGIN PUBLIC KEY-----/)
+    end
     it 'supports fetching only the cert' do
       cert_str = @trocla.password('mycert', 'x509', cert_options.merge('render' => {'certonly' => true }))
       expect(cert_str).to match(/-----BEGIN CERTIFICATE-----/)

data/spec/trocla_spec.rb

@@ -1,3 +1,4 @@
+# -- encoding : utf-8 --
 require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
 
 describe "Trocla" do
@@ -99,6 +100,11 @@ describe "Trocla" do
         expect(@trocla.get_password('set_test2','md5crypt')).to eq(md5crypt)
         expect(@trocla.get_password('set_test2','plain')).to eq(plain)
       end
+
+      it 'is able to set password with umlauts and other UTF-8 charcters' do
+        expect(myumlaut = @trocla.set_password('set_test_umlaut','plain','Tütü')).to eql('Tütü')
+        expect(@trocla.get_password('set_test_umlaut','plain','Tütü')).to eql('Tütü')
+      end
     end
 
     describe "reset_password" do
@@ -120,6 +126,40 @@ describe "Trocla" do
       end
     end
 
+    describe "search_key" do
+      it "search a specific key" do
+        keys = ['search_key','search_key1','key_search','key_search2']
+        keys.each do |k|
+          @trocla.password(k,'plain')
+        end
+        expect(@trocla.search_key('search_key1').length).to eq(1)
+      end
+      it "ensure search regex is ok" do
+        keys = ['search_key2','search_key3','key_search2','key_search4']
+        keys.each do |k|
+          @trocla.password(k,'plain')
+        end
+        expect(@trocla.search_key('key').length).to eq(4)
+        expect(@trocla.search_key('^search').length).to eq(2)
+        expect(@trocla.search_key('ch.*3').length).to eq(1)
+        expect(@trocla.search_key('ch.*[3-4]$').length).to eq(2)
+        expect(@trocla.search_key('ch.*1')).to be_nil
+      end
+    end
+
+    describe "list_format" do
+      it "list available formats for key" do
+        formats = ['plain','mysql']
+        formats.each do |f|
+          @trocla.password('list_key',f)
+        end
+        expect(@trocla.available_format('list_key')).to eq(formats)
+      end
+      it "no return if key doesn't exist" do
+        expect(@trocla.available_format('list_key1')).to be_nil
+      end
+    end
+
     describe "delete_password" do
       it "deletes all passwords if no format is given" do
         expect(@trocla.password('delete_test1','mysql')).not_to be_nil

data/trocla.gemspec

@@ -2,16 +2,16 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: trocla 0.3.0 ruby lib
+# stub: trocla 0.4.0 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "trocla".freeze
-  s.version = "0.3.0"
+  s.version = "0.4.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib".freeze]
   s.authors = ["mh".freeze]
-  s.date = "2017-08-04"
+  s.date = "2021-05-11"
   s.description = "Trocla helps you to generate random passwords and to store them in various formats (plain, MD5, bcrypt) for later retrival.".freeze
   s.email = "mh+trocla@immerda.ch".freeze
   s.executables = ["trocla".freeze]
@@ -46,17 +46,20 @@ Gem::Specification.new do |s|
     "lib/trocla/formats/sha256crypt.rb",
     "lib/trocla/formats/sha512crypt.rb",
     "lib/trocla/formats/ssha.rb",
+    "lib/trocla/formats/sshkey.rb",
     "lib/trocla/formats/x509.rb",
     "lib/trocla/store.rb",
     "lib/trocla/stores.rb",
     "lib/trocla/stores/memory.rb",
     "lib/trocla/stores/moneta.rb",
+    "lib/trocla/stores/vault.rb",
     "lib/trocla/util.rb",
     "lib/trocla/version.rb",
     "spec/data/.keep",
     "spec/spec_helper.rb",
     "spec/trocla/encryptions/none_spec.rb",
     "spec/trocla/encryptions/ssl_spec.rb",
+    "spec/trocla/formats/sshkey_spec.rb",
     "spec/trocla/formats/x509_spec.rb",
     "spec/trocla/store/memory_spec.rb",
     "spec/trocla/store/moneta_spec.rb",
@@ -66,36 +69,32 @@ Gem::Specification.new do |s|
   ]
   s.homepage = "https://tech.immerda.ch/2011/12/trocla-get-hashed-passwords-out-of-puppet-manifests/".freeze
   s.licenses = ["GPLv3".freeze]
-  s.rubygems_version = "2.6.11".freeze
+  s.rubygems_version = "3.1.2".freeze
   s.summary = "Trocla a simple password generator and storage".freeze
 
   if s.respond_to? :specification_version then
     s.specification_version = 4
+  end
 
-    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<moneta>.freeze, [">= 0"])
-      s.add_runtime_dependency(%q<highline>.freeze, [">= 0"])
-      s.add_runtime_dependency(%q<bcrypt>.freeze, [">= 0"])
-      s.add_development_dependency(%q<rspec>.freeze, [">= 0"])
-      s.add_development_dependency(%q<rdoc>.freeze, [">= 0"])
-      s.add_development_dependency(%q<jeweler>.freeze, [">= 0"])
-      s.add_development_dependency(%q<rspec-pending_for>.freeze, [">= 0"])
-    else
-      s.add_dependency(%q<moneta>.freeze, [">= 0"])
-      s.add_dependency(%q<highline>.freeze, [">= 0"])
-      s.add_dependency(%q<bcrypt>.freeze, [">= 0"])
-      s.add_dependency(%q<rspec>.freeze, [">= 0"])
-      s.add_dependency(%q<rdoc>.freeze, [">= 0"])
-      s.add_dependency(%q<jeweler>.freeze, [">= 0"])
-      s.add_dependency(%q<rspec-pending_for>.freeze, [">= 0"])
-    end
+  if s.respond_to? :add_runtime_dependency then
+    s.add_runtime_dependency(%q<moneta>.freeze, ["~> 1.4.0"])
+    s.add_runtime_dependency(%q<highline>.freeze, ["~> 2.0.0"])
+    s.add_runtime_dependency(%q<bcrypt>.freeze, [">= 0"])
+    s.add_runtime_dependency(%q<sshkey>.freeze, [">= 0"])
+    s.add_development_dependency(%q<rspec>.freeze, [">= 0"])
+    s.add_development_dependency(%q<rdoc>.freeze, [">= 0"])
+    s.add_development_dependency(%q<jeweler>.freeze, [">= 0"])
+    s.add_development_dependency(%q<addressable>.freeze, [">= 0"])
+    s.add_development_dependency(%q<rspec-pending_for>.freeze, [">= 0"])
   else
-    s.add_dependency(%q<moneta>.freeze, [">= 0"])
-    s.add_dependency(%q<highline>.freeze, [">= 0"])
+    s.add_dependency(%q<moneta>.freeze, ["~> 1.4.0"])
+    s.add_dependency(%q<highline>.freeze, ["~> 2.0.0"])
     s.add_dependency(%q<bcrypt>.freeze, [">= 0"])
+    s.add_dependency(%q<sshkey>.freeze, [">= 0"])
     s.add_dependency(%q<rspec>.freeze, [">= 0"])
     s.add_dependency(%q<rdoc>.freeze, [">= 0"])
     s.add_dependency(%q<jeweler>.freeze, [">= 0"])
+    s.add_dependency(%q<addressable>.freeze, [">= 0"])
     s.add_dependency(%q<rspec-pending_for>.freeze, [">= 0"])
   end
 end

metadata

@@ -1,31 +1,45 @@
 --- !ruby/object:Gem::Specification
 name: trocla
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - mh
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-08-04 00:00:00.000000000 Z
+date: 2021-05-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: moneta
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.4.0
 - !ruby/object:Gem::Dependency
   name: highline
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+- !ruby/object:Gem::Dependency
+  name: bcrypt
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -39,7 +53,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: bcrypt
+  name: sshkey
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -94,6 +108,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: addressable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec-pending_for
   requirement: !ruby/object:Gem::Requirement
@@ -144,17 +172,20 @@ files:
 - lib/trocla/formats/sha256crypt.rb
 - lib/trocla/formats/sha512crypt.rb
 - lib/trocla/formats/ssha.rb
+- lib/trocla/formats/sshkey.rb
 - lib/trocla/formats/x509.rb
 - lib/trocla/store.rb
 - lib/trocla/stores.rb
 - lib/trocla/stores/memory.rb
 - lib/trocla/stores/moneta.rb
+- lib/trocla/stores/vault.rb
 - lib/trocla/util.rb
 - lib/trocla/version.rb
 - spec/data/.keep
 - spec/spec_helper.rb
 - spec/trocla/encryptions/none_spec.rb
 - spec/trocla/encryptions/ssl_spec.rb
+- spec/trocla/formats/sshkey_spec.rb
 - spec/trocla/formats/x509_spec.rb
 - spec/trocla/store/memory_spec.rb
 - spec/trocla/store/moneta_spec.rb
@@ -165,7 +196,7 @@ homepage: https://tech.immerda.ch/2011/12/trocla-get-hashed-passwords-out-of-pup
 licenses:
 - GPLv3
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -180,9 +211,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.11
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Trocla a simple password generator and storage
 test_files: []