EjsonWrapper

Wraps the EJSON go program to safely execute it and parse the resulting JSON.

Installation

Add this line to your application's Gemfile:

gem 'ejson_wrapper'

And then execute:

$ bundle

Or install it yourself as:

$ gem install ejson_wrapper

Usage

Decrypting EJSON files

From Ruby:

# Private key is in /opt/ejson/keys
EJSONWrapper.decrypt('myfile.ejson')
=> { :my_api_key => 'secret' }

# Private key is in /alternate/key/dir
EJSONWrapper.decrypt('myfile.ejson', key_dir: 'alternate/key/dir')
=> { :my_api_key => 'secret' }

# Private key is in memory
EJSONWrapper.decrypt('myfile.ejson', private_key: 'be8597abaa68bbfa23193624b1ed5e2cd6b9a8015e722138b23ecd3c90239b2d')
=> { :my_api_key => 'secret' }

# Private key is stored inside the ejson file itself as _private_key_enc (encrypted with KMS & Base64 encoded)
EJSONWrapper.decrypt('myfile.ejson', use_kms: true, region: 'ap-southeast-2')
=> { :my_api_key => 'secret' }

Command line:

# decrypt all
$ ejson_wrapper decrypt --file file.ejson --region us-east-1
{
  "datadog_api_token": "[datadog_api_token]"
}

# decrypt & extract a specific secret
$ ejson_wrapper decrypt --file file.ejson --region us-east-1 --secret datadog_api_token
[datadog_api_token]

Generating EJSON files

$ ejson_wrapper generate --region ap-southeast-2 --kms-key-id [key_id] --file file.ejson
Generated EJSON file file.ejson

$ cat file.ejson
{
  "_public_key": "[public_key]",
  "_private_key_enc":"[encrypted_private_key]"
}

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/envato/ejson_wrapper.