yaml_vault 1.1.3 → 1.3.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c5acc1523b3bc454d4a73628874710b40427a6dd75ad476786597a30033b95d6
4
- data.tar.gz: b8dce922143c7eb87977c0c84bf6148c9eba014887bdd40a726e8ed32f1e0034
3
+ metadata.gz: e89611f7bd2e7ca8692e1b689c0087babeec416a2350d1513e35b05d3c1e6758
4
+ data.tar.gz: 0b10d6e6dca3dfd371cb6dc19b1131ffd046d32b8718d02acea57f058559ee4b
5
5
  SHA512:
6
- metadata.gz: 5d94c3dfbb3be2dd235989e88e5a639a32f56a638392e09b93f5601c392445550a226e7bf919721f4ce585a35f2fa31af29f83c4dcc6e8b0ce83e870f8fa15ef
7
- data.tar.gz: 6c3a2897d5a265de39fb12b730ee7bba29152604b769ee5cba085712c47a7ae4dda7c3140537bbadc45ec9c9ecf23ea699ca53a3ec0a8497e531b9467d9c1722
6
+ metadata.gz: 735ba23c5e3c063da8f3fb98ad73486bb0bff7ee99d83fdc7a26875dbd9b53ff4666f0cf6cb2d8ecb7687f690b960c877e1dd2ceb10ef319b91dce07a003170c
7
+ data.tar.gz: 422238e47e86038790fe12aa481d20b832e7f6a8eb66996db8c3df304d493835202003cfd3a4ecd330265ef27425cf8d4a3e7c7964148de723f8c3974b060cc5
@@ -0,0 +1,27 @@
1
+ name: RSpec
2
+
3
+ on:
4
+ push:
5
+ branches: [ master ]
6
+ pull_request:
7
+
8
+ jobs:
9
+ test:
10
+
11
+ runs-on: ubuntu-latest
12
+ strategy:
13
+ matrix:
14
+ ruby-version: ['2.7', '3.0', '3.1']
15
+
16
+ steps:
17
+ - uses: actions/checkout@v2
18
+ - name: Set up Ruby
19
+ # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
20
+ # change this to (see https://github.com/ruby/setup-ruby#versioning):
21
+ # uses: ruby/setup-ruby@v1
22
+ uses: ruby/setup-ruby@v1.110.0
23
+ with:
24
+ ruby-version: ${{ matrix.ruby-version }}
25
+ bundler-cache: true # runs 'bundle install' and caches installed gems automatically
26
+ - name: Run tests
27
+ run: bundle exec rake
data/.gitignore CHANGED
@@ -9,3 +9,4 @@
9
9
  /tmp/
10
10
 
11
11
  .envrc
12
+ .idea
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # YamlVault
2
2
  [![Gem Version](https://badge.fury.io/rb/yaml_vault.svg)](https://badge.fury.io/rb/yaml_vault)
3
- [![Build Status](https://travis-ci.org/joker1007/yaml_vault.svg?branch=master)](https://travis-ci.org/joker1007/yaml_vault)
3
+ [![RSpec](https://github.com/joker1007/yaml_vault/actions/workflows/rspec.yml/badge.svg)](https://github.com/joker1007/yaml_vault/actions/workflows/rspec.yml)
4
4
 
5
5
  Yaml file encryption/decryption helper.
6
6
 
@@ -180,6 +180,18 @@ vault:
180
180
 
181
181
  ex. `$.production.:slaves.[0].*.:password`
182
182
 
183
+ You can also use the `--prefix` and `--suffix` options to format the encrypted value. i.e by providing `--prefix "ENC(" --suffix ")"` you can get the following output from the above example:
184
+
185
+ ```yml
186
+ # encrypted_secrets.yml
187
+
188
+ default: &default
189
+ ...
190
+ vault:
191
+ secret_data: ENC(SzZoOGlpcSs4UlBaQnhTYWx0YlN3NHk2QXhiZGYvVmpsc0c3ckllSlh1TT0tLU13ZERzRWsxaGc0Y090blNIdXVVMmc9PQ==--24b2af56d2563776ca316dbfa243333dd053fea1)
192
+ ...
193
+ ```
194
+
183
195
  #### AWS KMS Encryption
184
196
 
185
197
  Max encryptable size is 4096 bytes. (value size as encoded by Base64)
@@ -215,6 +227,8 @@ Enter passphrase: <enter your passphrase>
215
227
 
216
228
  If `ENV["YAML_VAULT_PASSPHRASE"]`, use it as passphrase
217
229
 
230
+ Note to pass the same `--suffix` and `--prefix` if the yaml was encrypted using these options.
231
+
218
232
  #### AWS KMS Decryption
219
233
 
220
234
  ```
data/exe/yaml_vault CHANGED
@@ -8,6 +8,8 @@ class YamlVault::Cli < Thor
8
8
  include Thor::Actions
9
9
 
10
10
  class_option :key, aliases: "-k", type: :string, banner: "KEYNAME (format: \"KEY1.INNER_KEY,KEY2\")", desc: "target key", default: "$"
11
+ class_option :prefix, type: :string, banner: "PREFIX", desc: "prefix string to add to the encrypted value"
12
+ class_option :suffix, type: :string, banner: "SUFFIX", desc: "suffix string to add to the encrypted value"
11
13
  class_option :cryptor, type: :string, enum: %w(simple aws-kms gcp-kms), default: "simple"
12
14
 
13
15
  class_option :salt, aliases: "-s", type: :string
@@ -34,6 +36,8 @@ class YamlVault::Cli < Thor
34
36
  yaml_file,
35
37
  target_keys,
36
38
  options[:cryptor],
39
+ options[:prefix],
40
+ options[:suffix],
37
41
  passphrase: passphrase,
38
42
  sign_passphrase: sign_passphrase,
39
43
  salt: options[:salt], cipher: options[:cipher], key_len: options[:key_len],
@@ -58,6 +62,8 @@ class YamlVault::Cli < Thor
58
62
  yaml_file,
59
63
  target_keys,
60
64
  options[:cryptor],
65
+ options[:prefix],
66
+ options[:suffix],
61
67
  passphrase: passphrase,
62
68
  sign_passphrase: sign_passphrase,
63
69
  salt: options[:salt], cipher: options[:cipher], digest: options[:digest],
@@ -23,7 +23,7 @@ module YamlVault
23
23
  # Fallback to config.secret_key_base if secrets.secret_key_base isn't set
24
24
  secrets.secret_key_base ||= config.secret_key_base
25
25
  # Fallback to config.secret_token if secrets.secret_token isn't set
26
- secrets.secret_token ||= config.secret_token
26
+ secrets.secret_token ||= config&.secret_token if config.respond_to?(:secret_token)
27
27
 
28
28
  secrets
29
29
  end
@@ -1,3 +1,3 @@
1
1
  module YamlVault
2
- VERSION = "1.1.3"
2
+ VERSION = "1.3.2"
3
3
  end
@@ -0,0 +1,21 @@
1
+ module YamlVault
2
+ module YAMLCompat
3
+ refine YAML.singleton_class do
4
+ def load(yaml, **kw)
5
+ if YAML.respond_to?(:unsafe_load)
6
+ YAML.unsafe_load(yaml, **kw)
7
+ else
8
+ super(yaml, **kw)
9
+ end
10
+ end
11
+
12
+ def load_file(filename, **kw)
13
+ if YAML.respond_to?(:unsafe_load_file)
14
+ YAML.unsafe_load_file(filename, **kw)
15
+ else
16
+ super(filename, **kw)
17
+ end
18
+ end
19
+ end
20
+ end
21
+ end
@@ -3,11 +3,13 @@ require 'yaml'
3
3
 
4
4
  module YamlVault
5
5
  class YAMLTreeBuilder < YAML::TreeBuilder
6
- def initialize(target_paths, cryptor, mode)
6
+ def initialize(target_paths, prefix, suffix, cryptor, mode)
7
7
  super()
8
8
 
9
9
  @path_stack = []
10
10
  @target_paths = target_paths
11
+ @prefix = prefix
12
+ @suffix = suffix
11
13
  @cryptor = cryptor
12
14
  @mode = mode
13
15
  end
@@ -74,7 +76,9 @@ module YamlVault
74
76
  else
75
77
  result.value = @cryptor.encrypt(value)
76
78
  end
79
+ result.value = add_prefix_and_suffix(result.value)
77
80
  else
81
+ value = remove_prefix_and_suffix(value)
78
82
  decrypted_value = @cryptor.decrypt(value).to_s
79
83
  if decrypted_value =~ /\A(!.*?)\s+(.*)\z/
80
84
  result.tag = $1
@@ -100,6 +104,20 @@ module YamlVault
100
104
 
101
105
  private
102
106
 
107
+ def add_prefix_and_suffix(value)
108
+ return "#{@prefix}#{value}#{@suffix}"
109
+ end
110
+
111
+ def remove_prefix_and_suffix(value)
112
+ if @prefix != nil && value.start_with?(@prefix)
113
+ value = value.delete_prefix(@prefix)
114
+ end
115
+ if @suffix != nil && value.end_with?(@suffix)
116
+ value = value.delete_suffix(@suffix)
117
+ end
118
+ value
119
+ end
120
+
103
121
  def match_path?
104
122
  @target_paths.any? do |target_path|
105
123
  target_path.each_with_index.all? do |path, i|
data/lib/yaml_vault.rb CHANGED
@@ -7,26 +7,30 @@ require 'pp'
7
7
 
8
8
  require 'yaml_vault/key_parser'
9
9
  require 'yaml_vault/yaml_tree_builder'
10
+ require 'yaml_vault/yaml_compat'
10
11
 
11
12
  module YamlVault
13
+ using YamlVault::YAMLCompat
12
14
  class Main
13
15
  class << self
14
- def from_file(filename, keys, cryptor_name = nil, **options)
16
+ def from_file(filename, keys, cryptor_name = nil, prefix = nil, suffix = nil, **options)
15
17
  yaml_content = ERB.new(File.read(filename)).result
16
- new(yaml_content, keys, cryptor_name, **options)
18
+ new(yaml_content, keys, cryptor_name, prefix, suffix, **options)
17
19
  end
18
20
 
19
21
  alias :from_content :new
20
22
  end
21
23
 
22
24
  def initialize(
23
- yaml_content, keys, cryptor_name = nil,
25
+ yaml_content, keys, cryptor_name = nil, prefix = nil, suffix = nil,
24
26
  passphrase: nil, sign_passphrase: nil, salt: nil, cipher: "aes-256-cbc", key_len: 32, signature_key_len: 64, digest: "SHA256",
25
27
  aws_kms_key_id: nil, aws_region: nil, aws_access_key_id: nil, aws_secret_access_key: nil, aws_profile: nil,
26
28
  gcp_kms_resource_id: nil, gcp_credential_file: nil
27
29
  )
28
30
  @yaml = yaml_content
29
31
  @keys = keys
32
+ @prefix = prefix
33
+ @suffix = suffix
30
34
 
31
35
  @passphrase = passphrase
32
36
  @sign_passphrase = sign_passphrase
@@ -49,12 +53,12 @@ module YamlVault
49
53
  end
50
54
 
51
55
  def encrypt
52
- parser = YAML::Parser.new(YamlVault::YAMLTreeBuilder.new(@keys, @cryptor, :encrypt))
56
+ parser = YAML::Parser.new(YamlVault::YAMLTreeBuilder.new(@keys, @prefix, @suffix, @cryptor, :encrypt))
53
57
  parser.parse(@yaml).handler.root
54
58
  end
55
59
 
56
60
  def decrypt
57
- parser = YAML::Parser.new(YamlVault::YAMLTreeBuilder.new(@keys, @cryptor, :decrypt))
61
+ parser = YAML::Parser.new(YamlVault::YAMLTreeBuilder.new(@keys, @prefix, @suffix, @cryptor, :decrypt))
58
62
  parser.parse(@yaml).handler.root
59
63
  end
60
64
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: yaml_vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.3
4
+ version: 1.3.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - joker1007
8
- autorequire:
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-07-10 00:00:00.000000000 Z
11
+ date: 2022-06-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -89,6 +89,7 @@ extensions: []
89
89
  extra_rdoc_files: []
90
90
  files:
91
91
  - ".dockerignore"
92
+ - ".github/workflows/rspec.yml"
92
93
  - ".gitignore"
93
94
  - ".rspec"
94
95
  - ".travis.yml"
@@ -104,13 +105,14 @@ files:
104
105
  - lib/yaml_vault/key_parser.rb
105
106
  - lib/yaml_vault/rails.rb
106
107
  - lib/yaml_vault/version.rb
108
+ - lib/yaml_vault/yaml_compat.rb
107
109
  - lib/yaml_vault/yaml_tree_builder.rb
108
110
  - yaml_vault.gemspec
109
111
  homepage: https://github.com/joker1007/yaml_vault
110
112
  licenses:
111
113
  - MIT
112
114
  metadata: {}
113
- post_install_message:
115
+ post_install_message:
114
116
  rdoc_options: []
115
117
  require_paths:
116
118
  - lib
@@ -125,8 +127,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
125
127
  - !ruby/object:Gem::Version
126
128
  version: '0'
127
129
  requirements: []
128
- rubygems_version: 3.0.3
129
- signing_key:
130
+ rubygems_version: 3.3.3
131
+ signing_key:
130
132
  specification_version: 4
131
133
  summary: yaml encryption/decryption helper.
132
134
  test_files: []