Class: HandsomeFencer::CircleCI::Crypto

Inherits:

Object

• Object
• HandsomeFencer::CircleCI::Crypto

Defined in:

lib/handsome_fencer/circle_c_i/crypto.rb

Constant Summary

DeployKeyError =

Class.new(StandardError)

Instance Method Summary

• #decrypt(file) ⇒ Object
• #encrypt(file) ⇒ Object
• #expose(directory = nil, extension = nil) ⇒ Object
• #get_deploy_key ⇒ Object
• #ignore_sensitive_files ⇒ Object
• #initialize(options = {}) ⇒ Crypto constructor

  A new instance of Crypto.

• #obfuscate(directory = nil, extension = nil) ⇒ Object
• #read_deploy_key ⇒ Object
• #save_deploy_key ⇒ Object
• #source_files(directory = nil, extension = nil) ⇒ Object

Constructor Details

#initialize(options = {}) ⇒ Crypto

Returns a new instance of Crypto.

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 10

def initialize(options={})
  @cipher = OpenSSL::Cipher.new 'AES-128-CBC'
  @salt = '8 octets'
  @dkfile = 'docker/keys/' + options[:environment] + '.key'
  @deploy_key = (options[:environment] + '_key').upcase
  @pass_phrase = get_deploy_key
end

Instance Method Details

#decrypt(file) ⇒ Object

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 61

def decrypt(file)
  encrypted = Base64.decode64 File.read(file)
  @cipher.decrypt.pkcs5_keyivgen @pass_phrase, @salt
  decrypted = @cipher.update(encrypted) + @cipher.final
  decrypted_file = file.split('.enc').first
  write_to_file decrypted, decrypted_file
end

#encrypt(file) ⇒ Object

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 54

def encrypt(file)
  file = file
  @cipher.encrypt.pkcs5_keyivgen @pass_phrase, @salt
  encrypted = @cipher.update(File.read file) + @cipher.final
  write_to_file(Base64.encode64(encrypted), file + '.enc')
end

#expose(directory = nil, extension = nil) ⇒ Object

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 80

def expose(directory=nil, extension=nil)
  extension = extension || '.env.enc'
  directory = directory || 'docker'
  source_files(directory, extension).each { |file| decrypt(file) }
end

#get_deploy_key ⇒ Object

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 18

def get_deploy_key
  case
  when ENV[@deploy_key].nil? && !File.exist?(@dkfile)
    raise DeployKeyError, "No #{@deploy_key} set. Please generate using '$ handsome_fencer-circle_c_i generate_key :circle' or '$ export
      ENV[\"##{options[:evironment]}_KEY\"] = some-complicated-key'"
  when File.exist?(@dkfile)
    Base64.decode64(File.read(@dkfile))
  when !ENV[@deploy_key].nil?

    Base64.decode64(ENV[@deploy_key])
  end
end

#ignore_sensitive_files ⇒ Object

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 44

def ignore_sensitive_files
  if File.exist? '.gitignore'
    ["/#{dkfile}", "/.env/*"].each do |pattern|
      unless File.read('.gitignore').match pattern
        open('.gitignore', 'a') { |f| f << pattern }
      end
    end
  end
end

#obfuscate(directory = nil, extension = nil) ⇒ Object

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 73

def obfuscate(directory=nil, extension=nil)

  extension = extension || '.env'
  directory = directory || 'docker'
  source_files(directory, extension).each { |file| encrypt file }
end

#read_deploy_key ⇒ Object

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 31

def read_deploy_key
  File.exist?(dkfile) ? File.read(dkfile) : save_deploy_key
end

#save_deploy_key ⇒ Object

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 35

def save_deploy_key

  @new_key = @cipher.random_key

  write_to_file Base64.encode64(@new_key), dkfile
  # ignore_sensitive_files
  read_deploy_key
end

#source_files(directory = nil, extension = nil) ⇒ Object

# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 69

def source_files(directory=nil, extension=nil)
  Dir.glob(directory + "/**/*#{extension}")
end