yaml_vault 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (14) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +9 -0
  3. data/.rspec +2 -0
  4. data/.travis.yml +4 -0
  5. data/Gemfile +4 -0
  6. data/README.md +103 -0
  7. data/Rakefile +6 -0
  8. data/bin/console +14 -0
  9. data/bin/setup +8 -0
  10. data/exe/yaml_vault +41 -0
  11. data/lib/yaml_vault/version.rb +3 -0
  12. data/lib/yaml_vault.rb +78 -0
  13. data/yaml_vault.gemspec +27 -0
  14. metadata +126 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 40d3decc007bc319e9a1a735ccf599dd706ddc5c
4
+ data.tar.gz: 3f3c1c587bb2e0d9e401a5d9348f5904df040b63
5
+ SHA512:
6
+ metadata.gz: 23bf5c76edb6852b819c8e89cab6325b7ae77b88a4f729e4cb73f04cef470083318929993e9667fedc5aebfe61e8c594d126f4887f6182be0f8d048e6b7638f3
7
+ data.tar.gz: f01be0901bc36145ac4d05eecc704c72822c5c9e8a570c644064365aae0bf17f5fce6f6b09ab5ccaa6afbec5db0ed53c1cd023428e7a7ebde5a2e99fdc64256d
data/.gitignore ADDED
@@ -0,0 +1,9 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --format documentation
2
+ --color
data/.travis.yml ADDED
@@ -0,0 +1,4 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.3.0
4
+ before_install: gem install bundler -v 1.11.2
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in yaml_vault.gemspec
4
+ gemspec
data/README.md ADDED
@@ -0,0 +1,103 @@
1
+ # YamlVault
2
+
3
+ Yaml file encryption/decription helper.
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ ```ruby
10
+ gem 'yaml_vault'
11
+ ```
12
+
13
+ And then execute:
14
+
15
+ $ bundle
16
+
17
+ Or install it yourself as:
18
+
19
+ $ gem install yaml_vault
20
+
21
+ ## Usage
22
+
23
+ ### Encrypt
24
+
25
+ ```yml
26
+ # secrets.yml
27
+ foo: bar
28
+
29
+ vault:
30
+ secret_data: "hogehoge"
31
+ secrets:
32
+ - 1
33
+ - 2
34
+ - "three"
35
+ - true
36
+ - four: 4
37
+ ```
38
+
39
+ yaml_vault encrypts values under `vault` key.
40
+
41
+ ```
42
+ % yaml_vault encrypt secrets.yml -o encrypted_secrets.yml
43
+ Enter passphrase: <enter your passphrase>
44
+ ```
45
+
46
+ output is ...
47
+
48
+ ```yml
49
+ # encrypted_secrets.yml
50
+ ---
51
+ foo: bar
52
+ vault:
53
+ secret_data: SzZoOGlpcSs4UlBaQnhTYWx0YlN3NHk2QXhiZGYvVmpsc0c3ckllSlh1TT0tLU13ZERzRWsxaGc0Y090blNIdXVVMmc9PQ==--24b2af56d2563776ca316dbfa243333dd053fea1
54
+ secrets:
55
+ - d3hHQVBMZXNsZVJxekdyQ3BjaVBmQT09LS1NQ0Nhckh2MmNraTB0M0U2czhoS1hBPT0=--9b0260204b381a85ba937ee2c056d841c8b85bae
56
+ - dnQzVHJxZ1FXNmFuOE5rQ3p5WFZtdz09LS12ZzlsMWhVNU5aMGdEVCtsK1Y5OWN3PT0=--d9dccae2b49e88331b32ffed072513aee7ffbc22
57
+ - VW5DSnA0a3hCSFJlVktVQUZFQkloQT09LS1qQndVOEt2WCtiRm9zeUN3Qm95NUJnPT0=--b4459fe0f110d8a4d64a704c5bebe4e8dc3b566f
58
+ - OENucHV3K2ZjSzlHTmdESEFJSHhVdz09LS15OUlRaCtlVHVmTDVFMFl2a2pXZkZBPT0=--00f630b1732e73678ebe918a386dd4152c5e9e99
59
+ - four: SXBLZjc0Y2YzRnNBR0FaVzU5SkF0QT09LS1YN3FseWZYcTJ4cEVzSUJmSExOdnNBPT0=--c8dda633ddaba2853161655ab807926f23ea8e59
60
+ ```
61
+
62
+ If use `--key` option.
63
+
64
+ ```
65
+ % yaml_vault encrypt secrets.yml -o encrypted_secrets.yml -k vault.secret_data
66
+ Enter passphrase: <enter your passphrase>
67
+ ```
68
+
69
+ output is ...
70
+
71
+ ```yml
72
+ # encrypted_secrets.yml
73
+ ---
74
+ foo: bar
75
+ vault:
76
+ secret_data: SzZoOGlpcSs4UlBaQnhTYWx0YlN3NHk2QXhiZGYvVmpsc0c3ckllSlh1TT0tLU13ZERzRWsxaGc0Y090blNIdXVVMmc9PQ==--24b2af56d2563776ca316dbfa243333dd053fea1
77
+ secrets:
78
+ - 1
79
+ - 2
80
+ - "three"
81
+ - true
82
+ - four: 4
83
+ ```
84
+
85
+ ### Decrypt
86
+
87
+ ```
88
+ % yaml_vault decrypt encrypted_secrets.yml -o secrets.yml
89
+ Enter passphrase: <enter your passphrase>
90
+ ```
91
+
92
+ If `ENV["YAML_VAULT_PASSPHRASE"]`, use it as passphrase
93
+
94
+ ## Development
95
+
96
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment. Run `bundle exec yaml_vault` to use the gem in this directory, ignoring other installed copies of this gem.
97
+
98
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
99
+
100
+ ## Contributing
101
+
102
+ Bug reports and pull requests are welcome on GitHub at https://github.com/joker1007/yaml_vault.
103
+
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "yaml_vault"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
data/exe/yaml_vault ADDED
@@ -0,0 +1,41 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require 'yaml_vault'
4
+ require 'active_support/core_ext'
5
+ require 'thor'
6
+
7
+ class YamlVault::Cli < Thor
8
+ include Thor::Actions
9
+
10
+ desc "encrypt YAML_FILE", "Encrypt yaml file"
11
+ method_option :output, aliases: "-o", type: :string, required: true
12
+ method_option :key, aliases: "-k", type: :string, desc: "target key (format: \"KEY1.INNER_KEY,KEY2\")", default: "vault"
13
+ method_option :salt, aliases: "-s", type: :string
14
+ method_option :passphrase, aliases: "-p", type: :string
15
+ method_option :cipher, type: :string
16
+ def encrypt(yaml_file)
17
+ passphrase = ENV["YAML_VAULT_PASSPHRASE"] || options[:passphrase] || ask("Enter passphrase:", echo: false)
18
+ raise "Please input passphrase" if passphrase.blank?
19
+ keys = options[:key] ? options[:key].split(/,\s?/).map { |k| k.split(".") } : ["vault"]
20
+ encrypted_yaml = YamlVault.encrypt_yaml(passphrase, yaml_file, keys, salt: options[:salt], cipher: options[:cipher])
21
+ puts "encrypted #{yaml_file} -> #{options[:output]}"
22
+ File.open(options[:output], "w") { |f| f.write encrypted_yaml }
23
+ end
24
+
25
+ desc "decrypt YAML_FILE", "Decrypt yaml file"
26
+ method_option :output, aliases: "-o", type: :string, required: true
27
+ method_option :key, aliases: "-k", type: :string, desc: "target key (format: \"KEY1.INNER_KEY,KEY2\")", default: "vault"
28
+ method_option :salt, aliases: "-s", type: :string
29
+ method_option :passphrase, aliases: "-p", type: :string
30
+ method_option :cipher, type: :string
31
+ def decrypt(yaml_file)
32
+ passphrase = ENV["YAML_VAULT_PASSPHRASE"] || options[:passphrase] || ask("Enter passphrase:", echo: false)
33
+ raise "Please input passphrase" if passphrase.blank?
34
+ keys = options[:key] ? options[:key].split(/,\s?/).map { |k| k.split(".") } : ["vault"]
35
+ decrypted_yaml = YamlVault.decrypt_yaml(passphrase, yaml_file, keys, salt: options[:salt], cipher: options[:cipher])
36
+ puts "decrypted #{yaml_file} -> #{options[:output]}"
37
+ File.open(options[:output], "w") { |f| f.write decrypted_yaml }
38
+ end
39
+ end
40
+
41
+ YamlVault::Cli.start
data/lib/yaml_vault/version.rb ADDED
@@ -0,0 +1,3 @@
1
+ module YamlVault
2
+ VERSION = "0.1.0"
3
+ end
data/lib/yaml_vault.rb ADDED
@@ -0,0 +1,78 @@
1
+ require 'yaml_vault/version'
2
+ require 'yaml'
3
+ require 'erb'
4
+ require 'active_support'
5
+
6
+ module YamlVault
7
+ class << self
8
+ def encrypt_yaml(passphrase, yaml, keys, salt: nil, cipher: nil)
9
+ process_yaml(passphrase, yaml, keys, salt: salt.to_s, cipher: cipher) do |cryptor, data|
10
+ do_process(cryptor, data, :encrypt)
11
+ end
12
+ end
13
+
14
+ def decrypt_yaml(passphrase, yaml, keys, salt: nil, cipher: nil)
15
+ process_yaml(passphrase, yaml, keys, salt: salt.to_s, cipher: cipher) do |cryptor, data|
16
+ do_process(cryptor, data, :decrypt)
17
+ end
18
+ end
19
+
20
+ private
21
+
22
+ def process_yaml(passphrase, yaml, keys, salt:, cipher:)
23
+ cryptor = ValueCryptor.new(passphrase, salt, cipher)
24
+ data = YAML.load(ERB.new(File.read(yaml)).result)
25
+ keys.each do |key|
26
+ target = key.inject(data) do |t, part|
27
+ t[part]
28
+ end
29
+
30
+ vault_data = yield cryptor, target
31
+
32
+ target_parent = key[0..-2].inject(data) do |t, part|
33
+ t[part]
34
+ end
35
+ target_parent[key[-1]] = vault_data
36
+ end
37
+ data.to_yaml
38
+ end
39
+
40
+ def do_process(cryptor, data, method)
41
+ case data
42
+ when Hash
43
+ data.each do |k, v|
44
+ if v.is_a?(Hash) || v.is_a?(Array)
45
+ do_process(cryptor, v, method)
46
+ else
47
+ data[k] = cryptor.send(method, v)
48
+ end
49
+ end
50
+ when Array
51
+ data.each_with_index do |v, i|
52
+ if v.is_a?(Hash) || v.is_a?(Array)
53
+ do_process(cryptor, v, method)
54
+ else
55
+ data[i] = cryptor.send(method, v)
56
+ end
57
+ end
58
+ else
59
+ cryptor.send(method, data)
60
+ end
61
+ end
62
+ end
63
+
64
+ class ValueCryptor
65
+ def initialize(passphrase, salt, cipher)
66
+ key = ActiveSupport::KeyGenerator.new(passphrase, cipher: cipher || 'aes-256-cbc').generate_key(salt)
67
+ @cryptor = ActiveSupport::MessageEncryptor.new(key)
68
+ end
69
+
70
+ def encrypt(value)
71
+ @cryptor.encrypt_and_sign(value)
72
+ end
73
+
74
+ def decrypt(value)
75
+ @cryptor.decrypt_and_verify(value)
76
+ end
77
+ end
78
+ end
data/yaml_vault.gemspec ADDED
@@ -0,0 +1,27 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'yaml_vault/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "yaml_vault"
8
+ spec.version = YamlVault::VERSION
9
+ spec.authors = ["joker1007"]
10
+ spec.email = ["kakyoin.hierophant@gmail.com"]
11
+
12
+ spec.summary = %q{yaml encryption/decryption helper.}
13
+ spec.description = %q{yaml encryption/decryption helper.}
14
+ spec.homepage = "https://github.com/joker1007/yaml_vault"
15
+
16
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
17
+ spec.bindir = "exe"
18
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
19
+ spec.require_paths = ["lib"]
20
+
21
+ spec.add_runtime_dependency "activesupport", ">= 4"
22
+ spec.add_runtime_dependency "thor"
23
+
24
+ spec.add_development_dependency "bundler", "~> 1.11"
25
+ spec.add_development_dependency "rake", "~> 10.0"
26
+ spec.add_development_dependency "rspec", "~> 3.0"
27
+ end
metadata ADDED
@@ -0,0 +1,126 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: yaml_vault
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - joker1007
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2016-03-30 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: activesupport
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '4'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '4'
27
+ - !ruby/object:Gem::Dependency
28
+ name: thor
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: bundler
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '1.11'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '1.11'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rake
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '10.0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '10.0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rspec
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '3.0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '3.0'
83
+ description: yaml encryption/decryption helper.
84
+ email:
85
+ - kakyoin.hierophant@gmail.com
86
+ executables:
87
+ - yaml_vault
88
+ extensions: []
89
+ extra_rdoc_files: []
90
+ files:
91
+ - ".gitignore"
92
+ - ".rspec"
93
+ - ".travis.yml"
94
+ - Gemfile
95
+ - README.md
96
+ - Rakefile
97
+ - bin/console
98
+ - bin/setup
99
+ - exe/yaml_vault
100
+ - lib/yaml_vault.rb
101
+ - lib/yaml_vault/version.rb
102
+ - yaml_vault.gemspec
103
+ homepage: https://github.com/joker1007/yaml_vault
104
+ licenses: []
105
+ metadata: {}
106
+ post_install_message:
107
+ rdoc_options: []
108
+ require_paths:
109
+ - lib
110
+ required_ruby_version: !ruby/object:Gem::Requirement
111
+ requirements:
112
+ - - ">="
113
+ - !ruby/object:Gem::Version
114
+ version: '0'
115
+ required_rubygems_version: !ruby/object:Gem::Requirement
116
+ requirements:
117
+ - - ">="
118
+ - !ruby/object:Gem::Version
119
+ version: '0'
120
+ requirements: []
121
+ rubyforge_project:
122
+ rubygems_version: 2.5.1
123
+ signing_key:
124
+ specification_version: 4
125
+ summary: yaml encryption/decryption helper.
126
+ test_files: []