class Envault::Core

Attributes

cryptor[RW]
logger[RW]
prefix[RW]

Public Class Methods

new(config: nil, profile: nil, prefix: nil, debug: false) click to toggle source
# File lib/envault/core.rb, line 11
def initialize(config: nil, profile: nil, prefix: nil, debug: false)
  @logger = Logger.new(STDOUT)
  @logger.level = debug ? Logger::DEBUG : Logger::INFO
  profile = get_profile(config, profile)
  @cryptor = if profile[:provider] == 'kms'
    Cryptor::Kms.new(profile)
  else
    Cryptor::Simple.new(profile)
  end
  @prefix = prefix || profile[:prefix] || DEFAULT_ENV_PREFIX
end

Public Instance Methods

decrypt_process(hash) click to toggle source
# File lib/envault/core.rb, line 49
def decrypt_process(hash)
  cipher_keys = get_cipher_keys(hash)
  decrypted = hash.map do |k, v|
    if cipher_keys.include?(k)
      decrypt_value(k.gsub(/^#{@prefix}/, ''), v)
    else
      [k, v]
    end
  end
  Hash[decrypted]
end
decrypt_value(key, value) click to toggle source
# File lib/envault/core.rb, line 61
def decrypt_value(key, value)
  [key, @cryptor.decrypt(value)]
end
decrypt_yaml(path) click to toggle source
# File lib/envault/core.rb, line 44
def decrypt_yaml(path)
  hash = YAML.load_file(path)
  decrypt_process(hash)
end
encrypt_process(hash, keys = nil) click to toggle source
# File lib/envault/core.rb, line 28
def encrypt_process(hash, keys = nil)
  cipher_keys = get_cipher_keys(hash, keys)
  encrypted = hash.map do |k, v|
    if cipher_keys.include?(k)
      encrypt_value(@prefix + k, v)
    else
      [k, v]
    end
  end
  Hash[encrypted]
end
encrypt_value(key, value) click to toggle source
# File lib/envault/core.rb, line 40
def encrypt_value(key, value)
  [key, @cryptor.encrypt(value)]
end
encrypt_yaml(path, keys = nil) click to toggle source
# File lib/envault/core.rb, line 23
def encrypt_yaml(path, keys = nil)
  hash = YAML.load_file(path)
  encrypt_process(hash, keys)
end
get_cipher_keys(hash, keys = ["^ click to toggle source
# File lib/envault/core.rb, line 65
def get_cipher_keys(hash, keys = ["^#{@prefix}.*"])
  all_keys = hash.keys
  if keys
    regexps = []
    keys.each do |key|
      regexps << Regexp.new(key)
    end
    results = regexps.map do |regexp|
      all_keys.select do |key|
        regexp =~ key
      end
    end
    results.flatten
  else
    all_keys
  end
end
load(path = DEFAULT_SOURCE_FILE) click to toggle source
# File lib/envault/core.rb, line 83
def load(path = DEFAULT_SOURCE_FILE)
  hash = decrypt_yaml(path)

  Tempfile.create("dotenv-vault") do |f|
    Formatter.write_escape_yaml(f.path, hash)
    Dotenv.load(f.path)
  end
end

Private Instance Methods

get_cryptor(passphrase, sign_passphrase, salt) click to toggle source
# File lib/envault/core.rb, line 94
def get_cryptor(passphrase, sign_passphrase, salt)
  key = ActiveSupport::KeyGenerator.new(passphrase).generate_key(salt, 32)
  signature_key = ActiveSupport::KeyGenerator.new(sign_passphrase).generate_key(salt, 32) if sign_passphrase

  if signature_key
    ActiveSupport::MessageEncryptor.new(key, signature_key, cipher: DEFAULT_CIPHER, digest: DEFAULT_DIGEST)
  else
    ActiveSupport::MessageEncryptor.new(key, cipher: DEFAULT_CIPHER, digest: DEFAULT_DIGEST)
  end
end
get_profile(config_path, profile_name) click to toggle source
# File lib/envault/core.rb, line 105
def get_profile(config_path, profile_name)
  return get_profile_form_env unless config_path
  config = YAML.load_file(config_path)
  return get_profile_form_env unless config
  profile = config[profile_name]
  unless profile
    raise %Q{invalid profile [#{profile_name}].}
  end
  if profile['provider'] == 'kms'
    {
      provider: profile['provider'],
      key_id: profile['key_id'],
      prefix: profile['prefix']
    }
  else
    {
      passphrase: profile['passphrase'],
      sign_passphrase: profile['sign_passphrase'],
      salt: profile['salt'],
      prefix: profile['prefix']
    }
  end
end
get_profile_form_env() click to toggle source
# File lib/envault/core.rb, line 129
def get_profile_form_env
  {
    passphrase: ENV['ENVAULT_PASSPHRASE'],
    sign_passphrase: ENV['ENVAULT_SIGN_PASSPHRASE'],
    salt: ENV['ENVAULT_SALT'],
    prefix: ENV['ENVAULT_PREFIX']
  }
end