Class: HybridPlatformsConductor::Credentials
- Inherits:
-
Object
- Object
- HybridPlatformsConductor::Credentials
- Includes:
- LoggerHelpers
- Defined in:
- lib/hybrid_platforms_conductor/credentials.rb
Overview
Give a secured and harmonized way to access credentials for a given service. It makes sure to remove passwords from memory for hardened security (this way if a vulnerability allows an attacker to dump the memory it won’t get passwords). It gets credentials from the following sources:
-
Environment variables
-
Netrc file
Constant Summary
Constants included from LoggerHelpers
LoggerHelpers::LEVELS_MODIFIERS, LoggerHelpers::LEVELS_TO_STDERR
Class Method Summary collapse
-
.with_credentials_for(id, logger, logger_stderr, url: nil) ⇒ Object
Get access to credentials and make sure they are wiped out from memory when client code ends.
Instance Method Summary collapse
-
#clear_password ⇒ Object
Provide a helper to clear password from memory for security.
-
#initialize(id, url: nil, logger: Logger.new(STDOUT), logger_stderr: Logger.new(STDERR)) ⇒ Credentials
constructor
Constructor.
-
#password ⇒ Object
Get the associated password.
-
#user ⇒ Object
Get the associated user.
Methods included from LoggerHelpers
#err, #init_loggers, #log_component=, #log_debug?, #log_level=, #out, #section, #set_loggers_format, #stderr_device, #stderr_device=, #stderr_displayed?, #stdout_device, #stdout_device=, #stdout_displayed?, #stdouts_to_s, #with_progress_bar
Constructor Details
#initialize(id, url: nil, logger: Logger.new(STDOUT), logger_stderr: Logger.new(STDERR)) ⇒ Credentials
Constructor
- Parameters
-
id (Symbol): Credential ID
-
url (String or nil): The URL for which we want the credentials, or nil if not associated to a URL [default: nil]
-
logger (Logger): Logger to be used [default = Logger.new(STDOUT)]
-
logger_stderr (Logger): Logger to be used for stderr [default = Logger.new(STDERR)]
45 46 47 48 49 50 51 52 |
# File 'lib/hybrid_platforms_conductor/credentials.rb', line 45 def initialize(id, url: nil, logger: Logger.new(STDOUT), logger_stderr: Logger.new(STDERR)) init_loggers(logger, logger_stderr) @id = id @url = url @user = nil @password = nil @retrieved = false end |
Class Method Details
.with_credentials_for(id, logger, logger_stderr, url: nil) ⇒ Object
Get access to credentials and make sure they are wiped out from memory when client code ends. To ensure password safety, never store the password in a scope beyond the client code’s Proc.
- Parameters
-
id (Symbol): Credential ID
-
logger (Logger): Logger to be used
-
logger_stderr (Logger): Logger to be used for stderr
-
url (String or nil): The URL for which we want the credentials, or nil if not associated to a URL [default: nil]
-
Proc: Client code called with credentials provided
- Parameters
-
user (String or nil): User name, or nil if none
-
password (String or nil): Password, or nil if none. !!! Never store this password in a scope broader than the client code itself !!!
29 30 31 32 33 34 35 36 |
# File 'lib/hybrid_platforms_conductor/credentials.rb', line 29 def self.with_credentials_for(id, logger, logger_stderr, url: nil) credentials = Credentials.new(id, url: url, logger: logger, logger_stderr: logger_stderr) begin yield credentials.user, credentials.password ensure credentials.clear_password end end |
Instance Method Details
#clear_password ⇒ Object
Provide a helper to clear password from memory for security. To be used when the client knows it won’t use the password anymore.
56 57 58 59 |
# File 'lib/hybrid_platforms_conductor/credentials.rb', line 56 def clear_password @password.replace('gotyou!' * 100) unless @password.nil? GC.start end |
#password ⇒ Object
Get the associated password
- Result
-
String or nil: The password, or nil if none
74 75 76 77 |
# File 'lib/hybrid_platforms_conductor/credentials.rb', line 74 def password retrieve_credentials @password end |
#user ⇒ Object
Get the associated user
- Result
-
String or nil: The user name, or nil if none
65 66 67 68 |
# File 'lib/hybrid_platforms_conductor/credentials.rb', line 65 def user retrieve_credentials @user end |