class SafeDb::KeyPass

Constants

MINIMUM_PASSWORD_SIZE

Public Class Methods

assert_input_text_size(input_size, min_size) click to toggle source

– – Output an error message and then exit if the entered input – text size does not meet the minimum requirements. –

# File lib/utils/key.pass.rb, line 81
def self.assert_input_text_size input_size, min_size

  if( input_size < min_size  )

    puts
    puts "Input is too short. Please enter at least #{min_size} characters."
    puts

    exit

  end

end
assert_min_size(min_size) click to toggle source

– – Raise an exception if asked to collect text that is less – than 3 characters in length. –

# File lib/utils/key.pass.rb, line 69
def self.assert_min_size min_size

  min_length_msg = "\n\nCrypts with 2 (or less) characters open up exploitable holes.\n\n"
  raise ArgumentError.new min_length_msg if min_size < 3

end
assert_same_size_text(first_text, second_text) click to toggle source

– – Assert that the text entered the second time is exactly (case sensitive) – the same as the text entered the first time. –

# File lib/utils/key.pass.rb, line 100
def self.assert_same_size_text first_text, second_text
  
  unless( first_text.eql? second_text )

    puts
    puts "Those two passwords are not the same (in my book)!"
    puts

    exit

  end

end
password_from_shell(prompt_twice) click to toggle source

Collect something sensitive from the command line with a minimum length specified in the first parameter. This method can't know whether the information is a password, a pin number or whatever so it takes the integer minimum size at its word.

Question 5 to App Config | What is the Secret?

The client may need to acquire the secret if the answer to question 4 indicates the need to instantiate the keys and encrypt the application's plaintext database. The application should facilitate communication of the secret via

  • an environment variable

  • the system clipboard (cleared after reading)

  • a file whose path is a command parameter

  • a file in a pre-agreed location

  • a file in the present directory (with a pre-agreed name)

  • a URL from a parameter or pre-agreed

  • the shell's secure password reader

  • the DConf / GConf or GSettings configuration stores

  • a REST API

  • password managers like LastPass, KeePassX or 1Pass

  • the Amazon KMS (Key Management Store)

  • vaults from Ansible, Terraform and Kubernetes

  • credential managers like GitSecrets and Credstash

@param prompt_twice [Boolean] indicate whether the user should be

prompted twice. If true the prompt_2 text must be provided and
converse is also true. A true value asserts that both times the
user enters the same (case sensitive) string.

@return [String] the collected string text ( watch out for non-ascii chars) @raise [ArgumentError] if the minimum size is less than one

# File lib/utils/key.pass.rb, line 41
def self.password_from_shell prompt_twice

  require "io/console"

  assert_min_size MINIMUM_PASSWORD_SIZE

  sleep(1)
  puts "Enter Password:"
  first_secret = STDIN.noecho(&:gets).chomp

  assert_input_text_size first_secret.length, MINIMUM_PASSWORD_SIZE
  return first_secret unless prompt_twice

  sleep(1)
  puts "Re-enter Password:"
  check_secret = STDIN.noecho(&:gets).chomp

  assert_same_size_text first_secret, check_secret
  
  return first_secret

end