Class: MuchKeys::Secret

Inherits:
Object
  • Object
show all
Defined in:
lib/muchkeys/secret.rb

Constant Summary collapse

CIPHER_SUITE = 
"AES-256-CFB"

Class Method Summary collapse

Class Method Details

.auto_certificates_exist_for_key?(key) ⇒ Boolean

Returns:

  • (Boolean) 


35
36
37
 
# File 'lib/muchkeys/secret.rb', line 35

def auto_certificates_exist_for_key?(key)
  file_exists?(secret_adapter.certfile_name(key))
end

.certfile_name(key_name) ⇒ Object

turn a key_name into a SSL cert file name by convention

Raises:



24
25
26
27
28
29
 
# File 'lib/muchkeys/secret.rb', line 24

def certfile_name(key_name)
  key_parts = key_name.match /(.*)\/#{secrets_path_hint}(.*)/
  raise MuchKeys::InvalidKey, "#{key_name} doesn't look like a secret" if key_parts.nil?
  key_base = key_parts[1].gsub(/^git\//, "")
  MuchKeys.configuration.public_key || "#{ENV['HOME']}/.keys/#{key_base}.pem"
end

.decrypt_string(val, public_key, private_key) ⇒ Object 



39
40
41
42
43
 
# File 'lib/muchkeys/secret.rb', line 39

def decrypt_string(val, public_key, private_key)
  cert = OpenSSL::X509::Certificate.new(read_ssl_key(public_key))
  key  = OpenSSL::PKey::RSA.new(read_ssl_key(private_key))
  OpenSSL::PKCS7.new(val).decrypt(key, cert)
end

.encrypt_string(val, public_key) ⇒ Object 



17
18
19
20
21
 
# File 'lib/muchkeys/secret.rb', line 17

def encrypt_string(val, public_key)
  cipher = OpenSSL::Cipher.new CIPHER_SUITE
  cert   = OpenSSL::X509::Certificate.new File.read(public_key)
  OpenSSL::PKCS7::encrypt([cert], val, cipher, OpenSSL::PKCS7::BINARY)
end

.is_secret?(key_name) ⇒ Boolean

Returns:

  • (Boolean) 


31
32
33
 
# File 'lib/muchkeys/secret.rb', line 31

def is_secret?(key_name)
  key_name.match(/\/#{secrets_path_hint}/) != nil
end

.secrets_path_hintObject

the path that clues MuchKeys that this path contains secrets



13
14
15
 
# File 'lib/muchkeys/secret.rb', line 13

def secrets_path_hint
  MuchKeys.configuration.secrets_hint || "secrets/"
end