Class: MuchKeys::Secret
- Inherits:
-
Object
- Object
- MuchKeys::Secret
- Defined in:
- lib/muchkeys/secret.rb
Constant Summary collapse
- CIPHER_SUITE =
"AES-256-CFB"
Class Method Summary collapse
- .auto_certificates_exist_for_key?(key) ⇒ Boolean
-
.certfile_name(key_name) ⇒ Object
turn a key_name into a SSL cert file name by convention.
- .decrypt_string(val, public_key, private_key) ⇒ Object
- .encrypt_string(val, public_key) ⇒ Object
- .is_secret?(key_name) ⇒ Boolean
-
.secrets_path_hint ⇒ Object
the path that clues MuchKeys that this path contains secrets.
Class Method Details
.auto_certificates_exist_for_key?(key) ⇒ Boolean
35 36 37 |
# File 'lib/muchkeys/secret.rb', line 35 def auto_certificates_exist_for_key?(key) file_exists?(secret_adapter.certfile_name(key)) end |
.certfile_name(key_name) ⇒ Object
turn a key_name into a SSL cert file name by convention
24 25 26 27 28 29 |
# File 'lib/muchkeys/secret.rb', line 24 def certfile_name(key_name) key_parts = key_name.match /(.*)\/#{secrets_path_hint}(.*)/ raise MuchKeys::InvalidKey, "#{key_name} doesn't look like a secret" if key_parts.nil? key_base = key_parts[1].gsub(/^git\//, "") MuchKeys.configuration.public_key || "#{ENV['HOME']}/.keys/#{key_base}.pem" end |
.decrypt_string(val, public_key, private_key) ⇒ Object
39 40 41 42 43 |
# File 'lib/muchkeys/secret.rb', line 39 def decrypt_string(val, public_key, private_key) cert = OpenSSL::X509::Certificate.new(read_ssl_key(public_key)) key = OpenSSL::PKey::RSA.new(read_ssl_key(private_key)) OpenSSL::PKCS7.new(val).decrypt(key, cert) end |
.encrypt_string(val, public_key) ⇒ Object
17 18 19 20 21 |
# File 'lib/muchkeys/secret.rb', line 17 def encrypt_string(val, public_key) cipher = OpenSSL::Cipher.new CIPHER_SUITE cert = OpenSSL::X509::Certificate.new File.read(public_key) OpenSSL::PKCS7::encrypt([cert], val, cipher, OpenSSL::PKCS7::BINARY) end |
.is_secret?(key_name) ⇒ Boolean
31 32 33 |
# File 'lib/muchkeys/secret.rb', line 31 def is_secret?(key_name) key_name.match(/\/#{secrets_path_hint}/) != nil end |
.secrets_path_hint ⇒ Object
the path that clues MuchKeys that this path contains secrets
13 14 15 |
# File 'lib/muchkeys/secret.rb', line 13 def secrets_path_hint MuchKeys.configuration.secrets_hint || "secrets/" end |