Module: Garcon::Secret

Defined in:: lib/garcon/secret.rb

Overview

Creates a transient file with sensitive content, usefule when you have an excecutable that reads a password from a file but you do not wish to leave the password on the filesystem. When used in a block parameter the file is written and deleted when the block returns, optionally you can encrypt and decrypt your secret strings with salt, cipher and a splash of obfuscation.

Defined Under Namespace

Classes: Configuration

Class Method Summary collapse

.get(key) ⇒ String

Retrieve and decrypt a value at key from the stash.
.set(key, value) {|Block| ... } ⇒ String

Encrypt and store the given value with the given key, either with an an argument or block.
.tmp(key, *args) {|Block| ... } ⇒ Object

Creates the secrets file yields to the block, removes the secrets file when the block returns.
.valid?(key, file) ⇒ Boolean

Search a text file for a matching string.

Class Method Details

.get(key) ⇒ `String`

Retrieve and decrypt a value at key from the stash.

Raises:

(KeyError) —

If no such key found.



118
119
120

# File 'lib/garcon/secret.rb', line 118

def self.get(key)
  (Garcon.secret.stash[key]).decrypt
end

.set(key, value) {|Block| ... } ⇒ `String`

Encrypt and store the given value with the given key, either with an an argument or block. If a previous value was set it will be overwritten with the new value.

Yields:

(Block) —

Optionally specify a block that returns the value to set.



103
104
105

# File 'lib/garcon/secret.rb', line 103

def self.set(key, value)
  Garcon.secret.stash[key] = value.encrypt
end

.tmp(key, *args) {|Block| ... } ⇒ `Object`

Creates the secrets file yields to the block, removes the secrets file when the block returns

Examples:

secret.tmp { |file| shell_out!("open_sesame --passwd-file #{file}") }

Yields:

(Block) —

invokes the block

Yield Returns:

(Object) —

the result of evaluating the optional block

# File 'lib/garcon/secret.rb', line 135

def self.tmp(key, *args, &block)
  Garcon.secret.lock.synchronize do
    begin
      file = queue.pop
      atomic_write(file, get(key)) unless valid?(key, file)
      yield file if block_given?
    ensure
      File.unlink(file) if File.exist?(file)
    end
  end
end

.valid?(key, file) ⇒ `Boolean`

Search a text file for a matching string

# File 'lib/garcon/secret.rb', line 154

def self.valid?(key, file)
  Garcon.secret.lock.synchronize do
    return false unless File.exist?(file)
    File.open(file, &:readlines).map! do |line|
      return true if line.match(get(key))
    end
    false
  end
end