Secret Keeper¶ ↑
Keep all your secret files within openssl
Install¶ ↑
from console
gem install secret-keeper
with bundler, write follwing line in your Gemfile
gem 'secret-keeper', require: false
Usage¶ ↑
setup files need to be encrypted in config/secret-keeper.yml
# config/secret-keeper.yml example development: ev_name: SECRET_KEEPER cipher: AES-256-CBC tasks: - encrypt_from: example/database.yml encrypt_to: example/database.yml.enc # decrypt_from: example/database.yml.enc # decrypt_to: example/database.yml - encrypt_from: example/secrets_from_other_source.yml encrypt_to: example/secrets.yml.enc # decrypt_from: example/secrets.yml.enc decrypt_to: example/secrets.yml
using environment variable SECRET_KEEPER to be your key of cipher
$> SECRET_KEEPER=[YOUR-CIPHER-KEY-HERE] irb
require on demand
irb> require 'secret-keeper'
encrypt files based on your tasks defined in config/secret-keeper.yml
irb> SecretKeeper.encrypt_files # Encrypting... # * example/database.yml --> example/database.yml.enc, ok # * example/secrets.yml --> example/secrets.yml.enc, ok # Done!
decrypt files based on your tasks defined in config/secret-keeper.yml
irb> SecretKeeper.decrypt_files # Decrypting... # * example/database.yml.enc --> example/database.yml, ok # * example/secrets.yml.enc --> example/secrets.yml, ok # Done!
decrypt files and remove production configs
irb> production? = true irb> SecretKeeper.decrypt_files(production?) # Decrypting... (production config removed) # * example/database.yml.enc --> example/database.yml, ok # * example/secrets.yml.enc --> example/secrets.yml, ok # Done!
Available Ciphers¶ ↑
irb> require 'openssl' irb> OpenSSL::Cipher.ciphers