class Veil::CredentialCollection::Base
Attributes
credentials[R]
decryptor[R]
encryptor[R]
hasher[R]
version[R]
Public Class Methods
create(hash = {})
click to toggle source
# File lib/veil/credential_collection/base.rb, line 10 def create(hash = {}) new(hash) end
new(opts = {})
click to toggle source
# File lib/veil/credential_collection/base.rb, line 21 def initialize(opts = {}) @hasher = Veil::Hasher.create(opts[:hasher] || {}) @decryptor, @encryptor = Veil::Cipher.create(opts[:cipher] || {}) @credentials = expand_credentials_hash(decryptor.decrypt(opts[:credentials]) || {}) @version = opts[:version] || 1 end
Public Instance Methods
add(*args)
click to toggle source
Add a new credential to the credentials
@param [Hash] args
# File lib/veil/credential_collection/base.rb, line 109 def add(*args) params = { name: nil, group: nil, length: 128, value: nil, force: false } case args.length when 1 # add('foo') params[:name] = args.first when 2 if args.all? { |a| a.is_a?(String) } # add('my_app', 'foo') params[:group], params[:name] = args elsif args[1].is_a?(Hash) # add('my_app', value: 'something') # add('foo', length: 50) params[:name] = args.first params.merge!(args[1]) end when 3 # add('my_app', 'foo', value: 'something') # add('my_app', 'foo', length: 50) params[:group], params[:name] = args[0], args[1] params.merge!(args[2]) else raise ArgumentError, "wrong number of arguments (given #{args.length}, expected 1-3)" end add_from_params(params) end
Also aliased as: <<
add_from_file(filepath, *args)
click to toggle source
Add the contents of a file as a credential after verifying that the file can be read. Usage: add_from_file(filename, "secretname") add_from_file(filename, "groupname", "secretname") Anything added from file will automatically be frozen.
`add`'s options are not supported.
# File lib/veil/credential_collection/base.rb, line 147 def add_from_file(filepath, *args) unless File.readable?(filepath) raise Veil::FileNotReadable.new("Cannot read #{filepath}") end add(*args, value: File.read(filepath), frozen: true) end
credentials_as_hash()
click to toggle source
# File lib/veil/credential_collection/base.rb, line 179 def credentials_as_hash hash = Hash.new credentials.each do |cred_or_group_name, cred_or_group_attrs| if cred_or_group_attrs.is_a?(Hash) cred_or_group_attrs.each do |name, cred| hash[cred_or_group_name] ||= Hash.new hash[cred_or_group_name][name] = cred.to_hash end else hash[cred_or_group_name] = cred_or_group_attrs.to_hash end end hash end
credentials_for_export()
click to toggle source
# File lib/veil/credential_collection/base.rb, line 196 def credentials_for_export hash = Hash.new credentials.each do |namespace, cred_or_creds| if cred_or_creds.is_a?(Veil::Credential) hash[namespace] = cred_or_creds.value else hash[namespace] = {} cred_or_creds.each { |name, cred| hash[namespace][name] = cred.value } end end hash end
Also aliased as: legacy_credentials_hash
exist?(*args)
click to toggle source
Check to see if a given credential has been added.
# File lib/veil/credential_collection/base.rb, line 97 def exist?(*args) get(*args) true rescue Veil::GroupNotFound, Veil::CredentialNotFound false end
get(*args)
click to toggle source
Retrieves a credential from the credential store:
get(name) get(group, name)
# File lib/veil/credential_collection/base.rb, line 61 def get(*args) case args.length when 1 cred_name = args[0] c = credentials[cred_name] if c.nil? raise Veil::CredentialNotFound, "Credential '#{cred_name}' not found." else c.value end when 2 group_name = args[0] cred_name = args[1] g = credentials[group_name] if g.nil? raise Veil::GroupNotFound, "Credential group '#{group_name}' not found." else c = g[cred_name] if c.nil? raise Veil::CredentialNotFound, "Credential '#{cred_name}' not found in group '#{group_name}'." else c.value end end else raise ArgumentError, "wrong number of arguments (given #{args.length}, expected 1 or 2)" end end
Also aliased as: get_credential
remove(group_or_cred, cred = nil)
click to toggle source
# File lib/veil/credential_collection/base.rb, line 155 def remove(group_or_cred, cred = nil) if group_or_cred && cred && credentials.key?(group_or_cred) credentials[group_or_cred].delete(cred) else credentials.delete(group_or_cred) end end
Also aliased as: delete
rotate(group_or_cred, cred = nil)
click to toggle source
# File lib/veil/credential_collection/base.rb, line 43 def rotate(group_or_cred, cred = nil) if cred && credentials.key?(group_or_cred) && credentials[group_or_cred].key?(cred) credentials[group_or_cred][cred].rotate(hasher) elsif credentials.key?(group_or_cred) if credentials[group_or_cred].is_a?(Hash) credentials[group_or_cred].each { |_s, c| c.rotate(hasher) } else credentials[group_or_cred].rotate(hasher) end end end
rotate_credentials()
click to toggle source
# File lib/veil/credential_collection/base.rb, line 169 def rotate_credentials credentials.each do |cred_or_group_name, cred_or_group| if cred_or_group.is_a?(Veil::Credential) cred_or_group.rotate(hasher) else cred_or_group.each { |_group, cred| cred.rotate(hasher) } end end end
rotate_hasher()
click to toggle source
# File lib/veil/credential_collection/base.rb, line 164 def rotate_hasher @hasher = Veil::Hasher.create rotate_credentials end
save()
click to toggle source
# File lib/veil/credential_collection/base.rb, line 39 def save raise "Save has not been implemented for this class" end
to_hash()
click to toggle source
# File lib/veil/credential_collection/base.rb, line 28 def to_hash { type: self.class.name, version: version, hasher: hasher.to_h, cipher: encryptor.to_h, credentials: encryptor.encrypt(credentials_as_hash.to_json) } end
Also aliased as: to_h
Private Instance Methods
add_from_params(params)
click to toggle source
# File lib/veil/credential_collection/base.rb, line 214 def add_from_params(params) params[:name] = params[:name].to_s if params[:value] params[:length] = params[:value].length else params[:value] = hasher.encrypt(params[:group], params[:name], 0) end # Set frozen to true if force has been set and frozen hasn't otherwise been set params[:frozen] ||= (params[:force] && params[:frozen].nil?) v = Veil::Credential.new(params) if params[:group] credentials[params[:group]] ||= {} return credentials[params[:group]][params[:name]] if credentials[params[:group]].key?(params[:name]) && !params[:force] credentials[params[:group]][params[:name]] = v else return credentials[params[:name]] if credentials.key?(params[:name]) && !params[:force] credentials[params[:name]] = v end end
expand_credentials_hash(creds_hash)
click to toggle source
# File lib/veil/credential_collection/base.rb, line 241 def expand_credentials_hash(creds_hash) expanded = Hash.new creds_hash.each do |cred_or_group_name, cred_or_group_attrs| if cred_or_group_attrs.key?(:type) && cred_or_group_attrs[:type] == "Veil::Credential" expanded[cred_or_group_name.to_s] = Veil::Credential.create(cred_or_group_attrs) else cred_or_group_attrs.each do |name, opts| expanded[cred_or_group_name.to_s] ||= Hash.new expanded[cred_or_group_name.to_s][name.to_s] = Veil::Credential.create(opts) end end end expanded end
import_credentials_hash(hash)
click to toggle source
# File lib/veil/credential_collection/base.rb, line 258 def import_credentials_hash(hash) hash.each do |namespace, creds_hash| credentials[namespace.to_s] ||= Hash.new creds_hash.each do |cred, value| credentials[namespace.to_s][cred.to_s] = Veil::Credential.new( name: cred.to_s, value: value, length: value.length ) end end end