yaml_vault 0.6.0 → 1.0.0.beta

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d513c736945058b14e097674eb7f2a4743718a0b
-  data.tar.gz: 417af775003ec2105570ef50ce819303a2561d88
+  metadata.gz: 83380246e15ea67f6eb6dc297a36213af8bf79d2
+  data.tar.gz: c70bf3337dad0f1e1e2b79093028f2e59ee4b7b1
 SHA512:
-  metadata.gz: fce2b4f85b47332badef4c03882d86fb83cfac33ee9da92b376512de571272b5bf4580dfccee0bcbe42e359c98356a282197c1b0466e9bee1fdb39a358ba2b35
-  data.tar.gz: 8e8abd2ec36cb12797f110d95043f5a8947f1ebf74246da0b967779252ccfb781aa80128a9a91716f6455f26fa2debb4acfe176cfe874955c8e5f09942089016
+  metadata.gz: 516adae2c3ab2decc1770ccaf697ce85573a5105d866a52c7a48aee459fb234438e16c71e5bdc5024fa4d9d9a75dea56f135abeff42187d158beb71069d2567b
+  data.tar.gz: 96cd43b5bcaf4502cf22068a562a62925a1193fcaa85978c49fd0ea7633cacc919e14b90eb858624b61514fc9947c865cade3bd4a615bc00b11d1dc7e390f307

data/.dockerignore

@@ -0,0 +1,2 @@
+.bundle
+.git

data/Gemfile

@@ -2,3 +2,6 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in yaml_vault.gemspec
 gemspec
+
+gem "aws-sdk"
+gem "google-api-client"

data/README.md

@@ -3,6 +3,11 @@
 
 Yaml file encryption/decryption helper.
 
+## Breaking Change from 0.x to 1.0
+- Output YAML file keeps alias & anchor syntax & tag info. (But empty line is trimmed)
+- `--key` format is changed. (Need `$` as root document at first)
+- `--key` supports new formats. (Root Doc, Wildcard, Regexp, Quote)
+
 ## Encryption Algorithm
 
 yaml_vault uses ActiveSupport::MessageEncryptor.
@@ -32,22 +37,48 @@ Or install it yourself as:
 
 ```yml
 # secrets.yml
+
+default: &default
+  hoge: fuga
+  aaa: true
+  bbb: 2
+
 foo: bar
 
+complicated:
+  - 1
+  - ["hoge", "fuga"]
+  - [{key1: val1, key2: val2}, {key3: val3}]
+  - a:
+      b:
+        c: d
+        e: !ruby/range 1..10
+
+test:
+  <<: *default
+  hoge:
+    - 1
+    - 2
+    - 3
+
 vault:
   secret_data: "hogehoge"
   secrets:
+    - 0
     - 1
-    - 2
-    - "three"
+    - "two"
     - true
     - four: 4
+    - :five
+    - :a:
+        b: !ruby/range 1..10
+    - [{key1: val1, key2: val2}, {key3: val3}]
 ```
 
 yaml_vault encrypts values under `vault` key.
 
 ```
-% yaml_vault encrypt secrets.yml -o encrypted_secrets.yml
+% yaml_vault encrypt secrets.yml -o encrypted_secrets.yml"
 Enter passphrase: <enter your passphrase>
 ```
 
@@ -55,16 +86,43 @@ output is ...
 
 ```yml
 # encrypted_secrets.yml
----
-foo: bar
+
+default: &default
+  hoge: cTlEZkloUDlBS0F3VGdzL25PcXZRUT09LS1QdEFSZklJRlpGTWNVLzU5RC9IT2VnPT0=--f68324e76662ee92be4ff11faabf963bcba9b464d2a0af8cb505611755cf698c
+  aaa: RUNneXhXYnBVVVRod0o1aTN2ZkRRZz09LS1BYjBYQXp3OGI2dE9TMERKNVZGbzd3PT0=--81ca6f9320426bfb52e4318c209ebe9e1e0f7ff54567aed4dd6a0ae9d7dce22b
+  bbb: c2ExRXFpUXZKN1ltanRRUHpxMGduQT09LS1jWjVpbG9tTk9BRFdRc0QvbTBSVFBBPT0=--c63c47a104032b6aa4169ec58df5d2c4e0c5f38febbfb8f2167ae034fb93f488
+foo: cWs4SmFVN3NXMGNra2tMUS9Ucmx5Zz09LS1meElVMXp0MSs0UGtrbW1tcnFKTnBnPT0=--ce755376767167c71a389637080465884295be1094e203a5c5ef396c2f13b7a8
+complicated:
+- ejBlc09wejFITmRpOUVBWVduQmZiQT09LS12YzdZN1hselkzQWNIOWpYd3QrR0dRPT0=--1fa11f7719fb0ffc7ce50eda52b8813d8ca547c341e710c044f8282767a22cfb
+- ["ZHFlWjN3cUdMdFdFTDQwM2w0WW8xUT09LS1aOTNwU2NtQ0IvWHNYU1dJZGFCMUl3PT0=--b1ac20a6388d46e2e36bb50553cf89af673fbb4ff7ab83e96f0a315e806f5cd0",
+  "L0pBVHVMSXdlMEVQbTRKTGJKb2pOZz09LS1xTjRRbEs3SFpDK2szRlpDYTFuYlV3PT0=--d65702ec4880c52dfe074a12af02498e16b84452231ca2390205a752b19b4986"]
+- [{key1: dmNxVjI3c242YngwcHY4cGhJTmRZUT09LS1jYXh1LzdyTy9FK1VwVjVidkU1aUNBPT0=--b04624c5b3a7c5dfbdc5a69811cb5a194fbbd6da0d2266231d25d0bee9da3bf6,
+    key2: eHBOM0xlRmczRFl1UERRdCtzbGF3dz09LS1TTjdWdHlqVlIreUhtekE0VGpsVEt3PT0=--ccd53fcfc3d3f51f5b4a97f5b1508e77e9149b0100995e0588b289fde920aba7},
+  {key3: VHg2V2VHWjZCcHhHRWJZTHFXZGhUZz09LS1kTisvY3FZaDlaTEFjODNXeFQwTjFBPT0=--e6f809a272f4a7b347f4fcf28241cd51b1293310a1e7d372f19488c2c7a726e2}]
+- a:
+    b:
+      c: d254QmFnRFprMUJldDBkRjlVWUpMQT09LS1CTFhQUUQzWUw3K3FUQnJVWkFLRzdnPT0=--85522ae049be7808ae77b586c9e9e1af225b08c44becbe60ec1995f2f4b31668
+      e: enBYUkYrMkt1ZkdHd2JHbzAyNFo3czBpVmZRU0psaDNMalcyU2lKbEQvUT0tLVF5QSt6RXd2L0ptbHp0UVZCcm9LdXc9PQ==--06e9fa609a5a8f9f81997b314e54a91959088819b8a0f05fede68769d841ee3b
+test:
+  <<: *default
+  hoge:
+  - eERDbWVSeFhZNkJzNVFvSkRVMWFaZz09LS02WVFSamRDbmxEbXF4WExkSTFvUzl3PT0=--05bf3dcd005b32455409c70212d64452b0af3ec78471fa69760ad85dcd6147d4
+  - Y1BPRGZIQys0bTBJdFJuV21WSWJBUT09LS1xZFdQcmVpd3ltWnVSWEttcVZ1Z3VRPT0=--6c57387b420bc569494a0308e896d8426ec7b6a649a6a1f890e779bc792fc9a0
+  - anVLa2dXTWo1ckVVTlhQZG0vdVRHZz09LS04K3FIV2lsSUI5V01pR1ljS3lCWDVnPT0=--545a128c08152415ff27c35c89cb0ab1b5625530716ac8f8daf5f2e61fbe450c
 vault:
-  secret_data: SzZoOGlpcSs4UlBaQnhTYWx0YlN3NHk2QXhiZGYvVmpsc0c3ckllSlh1TT0tLU13ZERzRWsxaGc0Y090blNIdXVVMmc9PQ==--24b2af56d2563776ca316dbfa243333dd053fea1
+  secret_data: "NUR1aFdaMjMrSkI2MyswRC84UXJzWUprVXgvZnBmRXhBM0dqUWdpOTBMaz0tLUJ4NmtpeUQ3dG0rN080cDZMWmlwc1E9PQ==--7e812eabdc22af8e46db8a7b8f361deb6484d3aa8568d4bc95d6e73c00149c28"
   secrets:
-  - d3hHQVBMZXNsZVJxekdyQ3BjaVBmQT09LS1NQ0Nhckh2MmNraTB0M0U2czhoS1hBPT0=--9b0260204b381a85ba937ee2c056d841c8b85bae
-  - dnQzVHJxZ1FXNmFuOE5rQ3p5WFZtdz09LS12ZzlsMWhVNU5aMGdEVCtsK1Y5OWN3PT0=--d9dccae2b49e88331b32ffed072513aee7ffbc22
-  - VW5DSnA0a3hCSFJlVktVQUZFQkloQT09LS1qQndVOEt2WCtiRm9zeUN3Qm95NUJnPT0=--b4459fe0f110d8a4d64a704c5bebe4e8dc3b566f
-  - OENucHV3K2ZjSzlHTmdESEFJSHhVdz09LS15OUlRaCtlVHVmTDVFMFl2a2pXZkZBPT0=--00f630b1732e73678ebe918a386dd4152c5e9e99
-  - four: SXBLZjc0Y2YzRnNBR0FaVzU5SkF0QT09LS1YN3FseWZYcTJ4cEVzSUJmSExOdnNBPT0=--c8dda633ddaba2853161655ab807926f23ea8e59
+  - emExNlNIQ2tiNTliU1ZhU1FzUXBtQT09LS1pajcyYUU0bnlYSlorTEtFOEZyZVRRPT0=--c8483428c33401e99e55e7634ba468bcba219ab02034bb4ad80c89d639f52323
+  - NXJ4c2JId0xLWUk0dHY2NHJyVzNIdz09LS0vUnlpWGptaitmYUZ0bk4zY1I0YWVnPT0=--18f9764a068ba555c5261be70de469e0460ef14b8a1636f418bddcb0b7b4ffcf
+  - "WUFwWTEzK1lpOHJseGEwbGFmTEs4dz09LS1EK2xwNUFsSExQT2Zwa0p5QjFGbWJnPT0=--3f66ca21b4f1bae17d03233afc0ee80a1a42371244ac38ce71f284266bec3a95"
+  - dGd2d1k4MTFSMHp3cy9xZE9NaGpIUT09LS1GcWNKdisxMlRGTzBLV2Zjam9PRmZ3PT0=--1f19086e9908d4c5313c3abfab8f6c8697785273c14ab0a2f39634a57ac57e72
+  - four: QXlGUGsyYnB6dEtNWk9ia3MvR2duZz09LS1DWGprWVVIS2VkbjJrYnl0MkVmcUlBPT0=--0e426924db2fa7e577e4e4d7d62ce8f7e9390f14e72f90aca59be88df252b110
+  - dDAvZzdNampwUmsrY1Q3ME5VaWNkQT09LS13YUJQVm9kZXpFMlpxVTVPRDJ3RG1RPT0=--c53ab9535f06eef08e41dbf9fd1641421760309f381c37016ce27d17d6910f11
+  - :a:
+      b: NHgycERIaXlQaTR2V09weWFUbG9DZE1aQ3pTZ1h0OWo0VzJ4NkRMaDk5WT0tLWhMc21MUHJOQnowTHlnSnhxUkluNVE9PQ==--081f7b5f9bc982f7270454a8453b5fcf860bea9ed6f8454a0f8509b0cc2a8638
+  - [{key1: WHkwOEc5NVcvNm5IMTVNc24xWUtYdz09LS1GZGc0K2J2V3F5bW5iS29Vb1grcFNRPT0=--c453f9e814e4d62294d1d5d20b71db8825e8f94933ad8af157ca7860407e39c5,
+      key2: eUZlQlgzVTFFRjVKUjF3dTZ6RlRidz09LS1rUzRtN2VlS2ZmRDFuR3JCMkRMRTNRPT0=--d30ebbf61e5393d3502e71486379215c4ea95d3f4697faa209214dd23d64e1fd},
+    {key3: YStlVTBFZjZQQlVDWHhjMS85L052Zz09LS0rL2JtbUI2eFY2QVZsbG92OGM4Z2lnPT0=--ffc85954e68fdde7e03fdbaa715c43d624c2825e28439de3ce2d2fa0e9debe0b}]
 ```
 
 If use `--key` option.
@@ -90,12 +148,20 @@ vault:
   - four: 4
 ```
 
-`--key` option supports Symbol and Array.
+`--key` option supports following format.
+
+- `$` as root document
+- `*` as wildcard for array or map key
+- `/str/` as regexp to map key
+- `:<key_name>` as Symbol.
+- `[0]` as array key.
+- `'str'` as map key (inner single quote string).
+- `"str"` as map key (inner double quote string).
+- `other_string` as map key
 
-`:<key_name>` is symbol key.
-`[0]` is array key.
+`--key` must start with `$`.
 
-ex. `production.:slaves.[0].:password`
+ex. `$.production.:slaves.[0].*.:password`
 
 #### AWS KMS Encryption
 

data/exe/yaml_vault

@@ -7,7 +7,7 @@ require 'thor'
 class YamlVault::Cli < Thor
   include Thor::Actions
 
-  class_option :key, aliases: "-k", type: :string, banner: "KEYNAME (format: \"KEY1.INNER_KEY,KEY2\")", desc: "target key", default: "vault"
+  class_option :key, aliases: "-k", type: :string, banner: "KEYNAME (format: \"KEY1.INNER_KEY,KEY2\")", desc: "target key", default: "$"
   class_option :cryptor, type: :string, enum: %w(simple aws-kms gcp-kms), default: "simple"
 
   class_option :salt, aliases: "-s", type: :string
@@ -94,19 +94,10 @@ class YamlVault::Cli < Thor
   def target_keys
     if options[:key]
       options[:key].split(/,\s?/).map do |k|
-        k.split(".").map do |part|
-          case part
-          when /\A:(.*)\z/
-            $1.to_sym
-          when /\A\[(\d+)\]\z/
-            $1.to_i
-          else
-            part
-          end
-        end
+        YamlVault::KeyParser.parse(k)
       end
     else
-      ["vault"]
+      [["$"]]
     end
   end
 end

data/lib/yaml_vault/key_parser.rb

@@ -0,0 +1,35 @@
+require 'strscan'
+
+module YamlVault
+  class KeyParser
+    class InvalidPathFormat < StandardError; end
+
+    def self.parse(str)
+      new.parse(str)
+    end
+
+    def parse(str)
+      s = StringScanner.new(str)
+      path = []
+      until s.eos?
+        if token = s.scan(/'(.*?)'/)
+          path << s[1]
+        elsif token = s.scan(/"(.*?)"/)
+          path << s[1]
+        elsif token = s.scan(%r{/(.*?)/})
+          path << Regexp.new(s[1])
+        elsif token = s.scan(/\[(\d+)\]/)
+          path << s[1].to_i
+        elsif token = s.scan(/\./)
+          # noop
+        elsif token = s.scan(/[^\.]*/)
+          path << token
+        end
+      end
+
+      raise InvalidPathFormat.new("`$` must be at first") unless path.first == "$"
+
+      path
+    end
+  end
+end

data/lib/yaml_vault/version.rb

@@ -1,3 +1,3 @@
 module YamlVault
-  VERSION = "0.6.0"
+  VERSION = "1.0.0.beta"
 end

data/lib/yaml_vault/yaml_tree_builder.rb

@@ -0,0 +1,117 @@
+# frozen_string_literal: false
+require 'yaml'
+
+module YamlVault
+  class YAMLTreeBuilder < YAML::TreeBuilder
+    def initialize(target_paths, cryptor, mode)
+      super()
+
+      @path_stack = []
+      @target_paths = target_paths
+      @cryptor = cryptor
+      @mode = mode
+    end
+
+    def start_document(*)
+      result = super
+      @path_stack.push "$"
+      result
+    end
+
+    def end_document(*)
+      @path_stack.pop
+      super
+    end
+
+    def start_mapping(*)
+      if YAML::Nodes::Sequence === @last
+        current_path = @last.children.size
+        @path_stack << current_path
+      end
+
+      super
+    end
+
+    def end_mapping(*)
+      @path_stack.pop
+      super
+    end
+
+    def start_sequence(*)
+      if YAML::Nodes::Sequence === @last
+        current_path = @last.children.size
+        @path_stack << current_path
+      end
+
+      super
+    end
+
+    def end_sequence(*)
+      @path_stack.pop
+      super
+    end
+
+    def scalar(value, anchor, tag, plain, quoted, style)
+      result = super
+
+      case @last
+      when YAML::Nodes::Sequence
+        current_path = @last.children.size - 1
+        @path_stack << current_path
+      when YAML::Nodes::Mapping
+        if @last.children.size.odd?
+          @path_stack << value
+          return result
+        end
+      end
+
+      if match_path?
+        if @mode == :encrypt
+          if tag
+            result.value = @cryptor.encrypt("#{tag} #{value}")
+            result.tag = nil
+            result.plain = true
+          else
+            result.value = @cryptor.encrypt(value)
+          end
+        else
+          decrypted_value = @cryptor.decrypt(value)
+          if decrypted_value =~ /\A(!.*?)\s+(.*)\z/
+            result.tag = $1
+            result.plain = false
+            result.value = $2
+          else
+            result.value = decrypted_value
+          end
+        end
+      end
+
+      @path_stack.pop
+
+      result
+    end
+
+    def alias(anchor)
+      @path_stack.pop
+      super
+    end
+
+    private
+
+    def match_path?
+      @target_paths.any? do |target_path|
+        target_path.each_with_index.all? do |path, i|
+          if path == "*"
+            true
+          else
+            if path.is_a?(Regexp)
+              path.match(@path_stack[i])
+            else
+              path == @path_stack[i]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/yaml_vault.rb

@@ -3,6 +3,10 @@ require 'yaml'
 require 'base64'
 require 'erb'
 require 'active_support'
+require 'pp'
+
+require 'yaml_vault/key_parser'
+require 'yaml_vault/yaml_tree_builder'
 
 module YamlVault
   class Main
@@ -21,7 +25,7 @@ module YamlVault
       aws_kms_key_id: nil, aws_region: nil, aws_access_key_id: nil, aws_secret_access_key: nil,
       gcp_kms_resource_id: nil, gcp_credential_file: nil
     )
-      @data = YAML.load(yaml_content)
+      @yaml = yaml_content
       @keys = keys
 
       @passphrase = passphrase
@@ -44,15 +48,21 @@ module YamlVault
     end
 
     def encrypt
-      process_yaml do |data|
-        do_process(data, :encrypt)
-      end
+      parser = YAML::Parser.new(YamlVault::YAMLTreeBuilder.new(@keys, @cryptor, :encrypt))
+      parser.parse(@yaml).handler.root
     end
 
     def decrypt
-      process_yaml do |data|
-        do_process(data, :decrypt)
-      end
+      parser = YAML::Parser.new(YamlVault::YAMLTreeBuilder.new(@keys, @cryptor, :decrypt))
+      parser.parse(@yaml).handler.root
+    end
+
+    def encrypt_hash
+      encrypt.to_ruby[0]
+    end
+
+    def decrypt_hash
+      decrypt.to_ruby[0]
     end
 
     def encrypt_yaml
@@ -78,45 +88,6 @@ module YamlVault
       end
     end
 
-    def process_yaml
-      @keys.each do |key|
-        target = key.inject(@data) do |t, part|
-          t[part]
-        end
-
-        vault_data = yield target
-
-        target_parent = key[0..-2].inject(@data) do |t, part|
-          t[part]
-        end
-        target_parent[key[-1]] = vault_data
-      end
-      @data
-    end
-
-    def do_process(data, method)
-      case data
-      when Hash
-        data.each do |k, v|
-          if v.is_a?(Hash) || v.is_a?(Array)
-            do_process(v, method)
-          else
-            data[k] = @cryptor.send(method, v)
-          end
-        end
-      when Array
-        data.each_with_index do |v, i|
-          if v.is_a?(Hash) || v.is_a?(Array)
-            do_process(v, method)
-          else
-            data[i] = @cryptor.send(method, v)
-          end
-        end
-      else
-        @cryptor.send(method, data)
-      end
-    end
-
     module ValueCryptor
       class Simple
         def initialize(passphrase, sign_passphrase, salt, cipher, digest, key_size = 32, signature_key_size = 64)
@@ -141,7 +112,12 @@ module YamlVault
 
       class KMS
         def initialize(key_id, region: nil, aws_access_key_id: nil, aws_secret_access_key: nil)
-          require 'aws-sdk'
+          begin
+            require 'aws-sdk'
+          rescue LoadError
+            puts "Please install aws-sdk (>= 2.0)"
+            exit 1
+          end
           options = {}
           options[:region] = region if region
           options[:access_key_id] = aws_access_key_id if aws_access_key_id
@@ -164,8 +140,13 @@ module YamlVault
       class GCPKMS
         def initialize(resource_id, credential_file)
           raise "Need key resource id" unless resource_id
-          require 'googleauth'
-          require 'google/apis/cloudkms_v1'
+          begin
+            require 'googleauth'
+            require 'google/apis/cloudkms_v1'
+          rescue LoadError
+            puts "Please install google-api-client (>= 0.11.0)"
+            exit 1
+          end
 
           scope = [
             'https://www.googleapis.com/auth/cloud-platform'

data/yaml_vault.gemspec

@@ -19,9 +19,6 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_runtime_dependency "activesupport", ">= 4"
-  spec.add_runtime_dependency "aws-sdk", "~> 2.0"
-  spec.add_runtime_dependency "google-api-client", "~> 0.11"
-  spec.add_runtime_dependency "googleauth", "~> 0.4"
   spec.add_runtime_dependency "thor"
 
   spec.add_development_dependency "bundler", "~> 1.11"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: yaml_vault
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 1.0.0.beta
 platform: ruby
 authors:
 - joker1007
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-05-29 00:00:00.000000000 Z
+date: 2017-09-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -24,48 +24,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '4'
-- !ruby/object:Gem::Dependency
-  name: aws-sdk
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.0'
-- !ruby/object:Gem::Dependency
-  name: google-api-client
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.11'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.11'
-- !ruby/object:Gem::Dependency
-  name: googleauth
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.4'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.4'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -130,6 +88,7 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".dockerignore"
 - ".gitignore"
 - ".rspec"
 - ".travis.yml"
@@ -141,8 +100,10 @@ files:
 - bin/setup
 - exe/yaml_vault
 - lib/yaml_vault.rb
+- lib/yaml_vault/key_parser.rb
 - lib/yaml_vault/rails.rb
 - lib/yaml_vault/version.rb
+- lib/yaml_vault/yaml_tree_builder.rb
 - yaml_vault.gemspec
 homepage: https://github.com/joker1007/yaml_vault
 licenses: []
@@ -158,12 +119,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 2.6.12
 signing_key: 
 specification_version: 4
 summary: yaml encryption/decryption helper.