module Garcon::Secret
Creates a transient file with sensitive content, usefule when you have an excecutable that reads a password from a file but you do not wish to leave the password on the filesystem. When used in a block parameter the file is written and deleted when the block returns, optionally you can encrypt and decrypt your secret strings with salt, cipher and a splash of obfuscation.
Public Class Methods
Retrieve and decrypt a value at key from the stash.
@param key [Symbol, String]
String or symbol representing the key.
@raise [KeyError]
If no such key found.
@return [String]
Unencrypted value.
# File lib/garcon/secret.rb, line 118 def self.get(key) (Garcon.secret.stash[key]).decrypt end
Encrypt and store the given value with the given key, either with an an argument or block. If a previous value was set it will be overwritten with the new value.
@param key [Symbol, String]
String or symbol representing the key.
@param value [Object]
Any object that represents the value.
@yield [Block]
Optionally specify a block that returns the value to set.
@return [String]
The encrypted value.
# File lib/garcon/secret.rb, line 103 def self.set(key, value) Garcon.secret.stash[key] = value.encrypt end
Creates the secrets file yields to the block, removes the secrets file when the block returns
@example
secret.tmp { |file| shell_out!("open_sesame --passwd-file #{file}") }
@yield [Block]
invokes the block
@yieldreturn [Object]
the result of evaluating the optional block
@api public
# File lib/garcon/secret.rb, line 135 def self.tmp(key, *args, &block) Garcon.secret.lock.synchronize do begin file = queue.pop atomic_write(file, get(key)) unless valid?(key, file) yield file if block_given? ensure File.unlink(file) if File.exist?(file) end end end
Search a text file for a matching string
@return [Boolean]
True if the file is present and a match was found, otherwise returns false if file does not exist and/or does not contain a match
@api public
# File lib/garcon/secret.rb, line 154 def self.valid?(key, file) Garcon.secret.lock.synchronize do return false unless File.exist?(file) File.open(file, &:readlines).map! do |line| return true if line.match(get(key)) end false end end