class Envault::Core
Attributes
cryptor[RW]
logger[RW]
prefix[RW]
Public Class Methods
new(config: nil, profile: nil, prefix: nil, debug: false)
click to toggle source
# File lib/envault/core.rb, line 11 def initialize(config: nil, profile: nil, prefix: nil, debug: false) @logger = Logger.new(STDOUT) @logger.level = debug ? Logger::DEBUG : Logger::INFO profile = get_profile(config, profile) @cryptor = if profile[:provider] == 'kms' Cryptor::Kms.new(profile) else Cryptor::Simple.new(profile) end @prefix = prefix || profile[:prefix] || DEFAULT_ENV_PREFIX end
Public Instance Methods
decrypt_process(hash)
click to toggle source
# File lib/envault/core.rb, line 49 def decrypt_process(hash) cipher_keys = get_cipher_keys(hash) decrypted = hash.map do |k, v| if cipher_keys.include?(k) decrypt_value(k.gsub(/^#{@prefix}/, ''), v) else [k, v] end end Hash[decrypted] end
decrypt_value(key, value)
click to toggle source
# File lib/envault/core.rb, line 61 def decrypt_value(key, value) [key, @cryptor.decrypt(value)] end
decrypt_yaml(path)
click to toggle source
# File lib/envault/core.rb, line 44 def decrypt_yaml(path) hash = YAML.load_file(path) decrypt_process(hash) end
encrypt_process(hash, keys = nil)
click to toggle source
# File lib/envault/core.rb, line 28 def encrypt_process(hash, keys = nil) cipher_keys = get_cipher_keys(hash, keys) encrypted = hash.map do |k, v| if cipher_keys.include?(k) encrypt_value(@prefix + k, v) else [k, v] end end Hash[encrypted] end
encrypt_value(key, value)
click to toggle source
# File lib/envault/core.rb, line 40 def encrypt_value(key, value) [key, @cryptor.encrypt(value)] end
encrypt_yaml(path, keys = nil)
click to toggle source
# File lib/envault/core.rb, line 23 def encrypt_yaml(path, keys = nil) hash = YAML.load_file(path) encrypt_process(hash, keys) end
get_cipher_keys(hash, keys = ["^
click to toggle source
# File lib/envault/core.rb, line 65 def get_cipher_keys(hash, keys = ["^#{@prefix}.*"]) all_keys = hash.keys if keys regexps = [] keys.each do |key| regexps << Regexp.new(key) end results = regexps.map do |regexp| all_keys.select do |key| regexp =~ key end end results.flatten else all_keys end end
load(path = DEFAULT_SOURCE_FILE)
click to toggle source
# File lib/envault/core.rb, line 83 def load(path = DEFAULT_SOURCE_FILE) hash = decrypt_yaml(path) Tempfile.create("dotenv-vault") do |f| Formatter.write_escape_yaml(f.path, hash) Dotenv.load(f.path) end end
Private Instance Methods
get_cryptor(passphrase, sign_passphrase, salt)
click to toggle source
# File lib/envault/core.rb, line 94 def get_cryptor(passphrase, sign_passphrase, salt) key = ActiveSupport::KeyGenerator.new(passphrase).generate_key(salt, 32) signature_key = ActiveSupport::KeyGenerator.new(sign_passphrase).generate_key(salt, 32) if sign_passphrase if signature_key ActiveSupport::MessageEncryptor.new(key, signature_key, cipher: DEFAULT_CIPHER, digest: DEFAULT_DIGEST) else ActiveSupport::MessageEncryptor.new(key, cipher: DEFAULT_CIPHER, digest: DEFAULT_DIGEST) end end
get_profile(config_path, profile_name)
click to toggle source
# File lib/envault/core.rb, line 105 def get_profile(config_path, profile_name) return get_profile_form_env unless config_path config = YAML.load_file(config_path) return get_profile_form_env unless config profile = config[profile_name] unless profile raise %Q{invalid profile [#{profile_name}].} end if profile['provider'] == 'kms' { provider: profile['provider'], key_id: profile['key_id'], prefix: profile['prefix'] } else { passphrase: profile['passphrase'], sign_passphrase: profile['sign_passphrase'], salt: profile['salt'], prefix: profile['prefix'] } end end
get_profile_form_env()
click to toggle source
# File lib/envault/core.rb, line 129 def get_profile_form_env { passphrase: ENV['ENVAULT_PASSPHRASE'], sign_passphrase: ENV['ENVAULT_SIGN_PASSPHRASE'], salt: ENV['ENVAULT_SALT'], prefix: ENV['ENVAULT_PREFIX'] } end