Class: HandsomeFencer::CircleCI::Crypto

Inherits:

Object

• Object
• HandsomeFencer::CircleCI::Crypto

Defined in:

lib/handsome_fencer/circle_c_i/crypto.rb

Constant Summary

DeployKeyError =

Class.new(StandardError)

Instance Method Summary

• #decrypt(file) ⇒ Object
• #encrypt(file) ⇒ Object
• #expose(directory = nil, extension = nil) ⇒ Object
• #get_deploy_key ⇒ Object
• #ignore_sensitive_files ⇒ Object
• #initialize(options = {}) ⇒ Crypto constructor

  A new instance of Crypto.

• #obfuscate(directory = nil, extension = nil) ⇒ Object
• #read_deploy_key ⇒ Object
• #save_deploy_key ⇒ Object
• #source_files(directory = nil, extension = nil) ⇒ Object

Constructor Details

#initialize(options = {}) ⇒ Crypto

Returns a new instance of Crypto.

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 10

def initialize(options={})
  @cipher = OpenSSL::Cipher.new 'AES-128-CBC'
  @salt = '8 octets'
  @dkfile = options[:dkfile] ? ('.circleci/' + options[:dkfile] + '.key') : dkfile
  @pass_phrase = get_deploy_key
end

Instance Method Details

#decrypt(file) ⇒ Object

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 58

def decrypt(file)
  encrypted = Base64.decode64 File.read(file)
  @cipher.decrypt.pkcs5_keyivgen @pass_phrase, @salt
  decrypted = @cipher.update(encrypted) + @cipher.final
  decrypted_file = file.split('.enc').first
  write_to_file decrypted, decrypted_file
end

#encrypt(file) ⇒ Object

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 51

def encrypt(file)
  file = file
  @cipher.encrypt.pkcs5_keyivgen @pass_phrase, @salt
  encrypted = @cipher.update(File.read file) + @cipher.final
  write_to_file(Base64.encode64(encrypted), file + '.enc')
end

#expose(directory = nil, extension = nil) ⇒ Object

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 76

def expose(directory=nil, extension=nil)
  extension = extension || '.env.enc'
  directory = directory || '.circleci'
  source_files(directory, extension).each { |file| decrypt(file) }
end

#get_deploy_key ⇒ Object

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 17

def get_deploy_key
  case
  when ENV['DEPLOY_KEY'].nil? && !File.exist?(@dkfile)
    raise DeployKeyError, "No deploy key set. Please generate a deploy key using '$ bin/rails generate handsome_fencer:circle_c_i:deploy_key' or set it using '$ export ENV['DEPLOY_KEY'] = some-complicated-key'"
  when File.exist?(@dkfile)
    Base64.decode64(File.read(@dkfile))
  when !ENV['DEPLOY_KEY'].nil?
    Base64.decode64(ENV['DEPLOY_KEY'])
  end
end

#ignore_sensitive_files ⇒ Object

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 41

def ignore_sensitive_files
  if File.exist? '.gitignore'
    ["/#{dkfile}", "/.env/*"].each do |pattern|
      unless File.read('.gitignore').match pattern
        open('.gitignore', 'a') { |f| f << pattern }
      end
    end
  end
end

#obfuscate(directory = nil, extension = nil) ⇒ Object

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 70

def obfuscate(directory=nil, extension=nil)
  extension = extension || '.env'
  directory = directory || '.circleci'
  source_files(directory, extension).each { |file| encrypt file }
end

#read_deploy_key ⇒ Object

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 28

def read_deploy_key
  File.exist?(dkfile) ? File.read(dkfile) : save_deploy_key
end

#save_deploy_key ⇒ Object

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 32

def save_deploy_key

  @new_key = @cipher.random_key

  write_to_file Base64.encode64(@new_key), dkfile
  # ignore_sensitive_files
  read_deploy_key
end

#source_files(directory = nil, extension = nil) ⇒ Object

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 66

def source_files(directory=nil, extension=nil)
  Dir.glob(directory + "/**/*#{extension}")
end