module Garcon::Secret

Creates a transient file with sensitive content, usefule when you have an excecutable that reads a password from a file but you do not wish to leave the password on the filesystem. When used in a block parameter the file is written and deleted when the block returns, optionally you can encrypt and decrypt your secret strings with salt, cipher and a splash of obfuscation.

Public Class Methods

get(key) click to toggle source

Retrieve and decrypt a value at key from the stash.

@param key [Symbol, String]

String or symbol representing the key.

@raise [KeyError]

If no such key found.

@return [String]

Unencrypted value.
# File lib/garcon/secret.rb, line 118
def self.get(key)
  (Garcon.secret.stash[key]).decrypt
end
set(key, value) click to toggle source

Encrypt and store the given value with the given key, either with an an argument or block. If a previous value was set it will be overwritten with the new value.

@param key [Symbol, String]

String or symbol representing the key.

@param value [Object]

Any object that represents the value.

@yield [Block]

Optionally specify a block that returns the value to set.

@return [String]

The encrypted value.
# File lib/garcon/secret.rb, line 103
def self.set(key, value)
  Garcon.secret.stash[key] = value.encrypt
end
tmp(key, *args) { |file| ... } click to toggle source

Creates the secrets file yields to the block, removes the secrets file when the block returns

@example

secret.tmp { |file| shell_out!("open_sesame --passwd-file #{file}") }

@yield [Block]

invokes the block

@yieldreturn [Object]

the result of evaluating the optional block

@api public

# File lib/garcon/secret.rb, line 135
def self.tmp(key, *args, &block)
  Garcon.secret.lock.synchronize do
    begin
      file = queue.pop
      atomic_write(file, get(key)) unless valid?(key, file)
      yield file if block_given?
    ensure
      File.unlink(file) if File.exist?(file)
    end
  end
end
valid?(key, file) click to toggle source

Search a text file for a matching string

@return [Boolean]

True if the file is present and a match was found, otherwise returns
false if file does not exist and/or does not contain a match

@api public

# File lib/garcon/secret.rb, line 154
def self.valid?(key, file)
  Garcon.secret.lock.synchronize do
    return false unless File.exist?(file)
    File.open(file, &:readlines).map! do |line|
      return true if line.match(get(key))
    end
    false
  end
end