Class: Muchkeys::Secret
- Inherits:
-
Object
- Object
- Muchkeys::Secret
- Defined in:
- lib/muchkeys/secret.rb
Constant Summary collapse
- CIPHER_SUITE =
"AES-256-CFB"
Instance Attribute Summary collapse
-
#app_client ⇒ Object
Returns the value of attribute app_client.
Instance Method Summary collapse
- #auto_certificates_exist_for_key?(key) ⇒ Boolean
-
#certfile_name(key_name) ⇒ Object
turn a key_name into a SSL cert file name by convention.
- #decrypt_string(val, public_key = nil, private_key = nil) ⇒ Object
- #encrypt_string(val, public_key) ⇒ Object
-
#initialize(app_client) ⇒ Secret
constructor
A new instance of Secret.
- #is_secret?(key_name) ⇒ Boolean
-
#secrets_path_hint ⇒ Object
the path that clues Muchkeys that this path contains secrets.
Constructor Details
#initialize(app_client) ⇒ Secret
Returns a new instance of Secret.
12 13 14 |
# File 'lib/muchkeys/secret.rb', line 12 def initialize(app_client) @app_client = app_client end |
Instance Attribute Details
#app_client ⇒ Object
Returns the value of attribute app_client.
8 9 10 |
# File 'lib/muchkeys/secret.rb', line 8 def app_client @app_client end |
Instance Method Details
#auto_certificates_exist_for_key?(key) ⇒ Boolean
41 42 43 |
# File 'lib/muchkeys/secret.rb', line 41 def auto_certificates_exist_for_key?(key) file_exists?(certfile_name(key)) end |
#certfile_name(key_name) ⇒ Object
turn a key_name into a SSL cert file name by convention
28 29 30 31 32 33 34 35 |
# File 'lib/muchkeys/secret.rb', line 28 def certfile_name(key_name) key_parts = key_name.match /(.*)\/#{secrets_path_hint}(.*)/ # FIXME this already checked in the secretes validator, we don't need to # check it again raise Muchkeys::InvalidKey, "#{key_name} doesn't look like a secret" if key_parts.nil? key_base = key_parts[1].gsub(/^git\//, "") config.public_key || "#{ENV['HOME']}/.keys/#{key_base}.pem" end |
#decrypt_string(val, public_key = nil, private_key = nil) ⇒ Object
45 46 47 48 49 |
# File 'lib/muchkeys/secret.rb', line 45 def decrypt_string(val, public_key = nil, private_key = nil) cert = OpenSSL::X509::Certificate.new(read_ssl_key(public_key)) key = OpenSSL::PKey::RSA.new(read_ssl_key(private_key)) OpenSSL::PKCS7.new(val).decrypt(key, cert) end |
#encrypt_string(val, public_key) ⇒ Object
21 22 23 24 25 |
# File 'lib/muchkeys/secret.rb', line 21 def encrypt_string(val, public_key) cipher = OpenSSL::Cipher.new CIPHER_SUITE cert = OpenSSL::X509::Certificate.new File.read(public_key) OpenSSL::PKCS7::encrypt([cert], val, cipher, OpenSSL::PKCS7::BINARY) end |
#is_secret?(key_name) ⇒ Boolean
37 38 39 |
# File 'lib/muchkeys/secret.rb', line 37 def is_secret?(key_name) key_name.match(/\/#{secrets_path_hint}/) != nil end |
#secrets_path_hint ⇒ Object
the path that clues Muchkeys that this path contains secrets
17 18 19 |
# File 'lib/muchkeys/secret.rb', line 17 def secrets_path_hint config.secrets_hint || "secrets" end |