Class: HandsomeFencer::CircleCI::Crypto
- Inherits:
-
Object
- Object
- HandsomeFencer::CircleCI::Crypto
- Defined in:
- lib/handsome_fencer/circle_c_i/crypto.rb
Constant Summary collapse
- DeployKeyError =
Class.new(StandardError)
Instance Method Summary collapse
- #decrypt(file) ⇒ Object
- #encrypt(file) ⇒ Object
- #expose(directory = nil, extension = nil) ⇒ Object
- #get_deploy_key ⇒ Object
- #ignore_sensitive_files ⇒ Object
-
#initialize(options = {}) ⇒ Crypto
constructor
A new instance of Crypto.
- #obfuscate(directory = nil, extension = nil) ⇒ Object
- #read_deploy_key ⇒ Object
- #save_deploy_key ⇒ Object
- #source_files(directory = nil, extension = nil) ⇒ Object
Constructor Details
#initialize(options = {}) ⇒ Crypto
Returns a new instance of Crypto.
10 11 12 13 14 15 16 |
# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 10 def initialize(={}) @cipher = OpenSSL::Cipher.new 'AES-128-CBC' @salt = '8 octets' @dkfile = 'docker/keys/' + [:environment] + '.key' @deploy_key = ([:environment] + '_key').upcase @pass_phrase = get_deploy_key end |
Instance Method Details
#decrypt(file) ⇒ Object
61 62 63 64 65 66 67 |
# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 61 def decrypt(file) encrypted = Base64.decode64 File.read(file) @cipher.decrypt.pkcs5_keyivgen @pass_phrase, @salt decrypted = @cipher.update(encrypted) + @cipher.final decrypted_file = file.split('.enc').first write_to_file decrypted, decrypted_file end |
#encrypt(file) ⇒ Object
54 55 56 57 58 59 |
# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 54 def encrypt(file) file = file @cipher.encrypt.pkcs5_keyivgen @pass_phrase, @salt encrypted = @cipher.update(File.read file) + @cipher.final write_to_file(Base64.encode64(encrypted), file + '.enc') end |
#expose(directory = nil, extension = nil) ⇒ Object
80 81 82 83 84 |
# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 80 def expose(directory=nil, extension=nil) extension = extension || '.env.enc' directory = directory || 'docker' source_files(directory, extension).each { |file| decrypt(file) } end |
#get_deploy_key ⇒ Object
18 19 20 21 22 23 24 25 26 27 28 29 |
# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 18 def get_deploy_key case when ENV[@deploy_key].nil? && !File.exist?(@dkfile) raise DeployKeyError, "No #{@deploy_key} set. Please generate using '$ handsome_fencer-circle_c_i generate_key :circle' or '$ export ENV[\"##{[:evironment]}_KEY\"] = some-complicated-key'" when File.exist?(@dkfile) Base64.decode64(File.read(@dkfile)) when !ENV[@deploy_key].nil? Base64.decode64(ENV[@deploy_key]) end end |
#ignore_sensitive_files ⇒ Object
44 45 46 47 48 49 50 51 52 |
# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 44 def ignore_sensitive_files if File.exist? '.gitignore' ["/#{dkfile}", "/.env/*"].each do |pattern| unless File.read('.gitignore').match pattern open('.gitignore', 'a') { |f| f << pattern } end end end end |
#obfuscate(directory = nil, extension = nil) ⇒ Object
73 74 75 76 77 78 |
# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 73 def obfuscate(directory=nil, extension=nil) extension = extension || '.env' directory = directory || 'docker' source_files(directory, extension).each { |file| encrypt file } end |
#read_deploy_key ⇒ Object
31 32 33 |
# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 31 def read_deploy_key File.exist?(dkfile) ? File.read(dkfile) : save_deploy_key end |
#save_deploy_key ⇒ Object
35 36 37 38 39 40 41 42 |
# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 35 def save_deploy_key @new_key = @cipher.random_key write_to_file Base64.encode64(@new_key), dkfile # ignore_sensitive_files read_deploy_key end |
#source_files(directory = nil, extension = nil) ⇒ Object
69 70 71 |
# File 'lib/handsome_fencer/circle_c_i/crypto.rb', line 69 def source_files(directory=nil, extension=nil) Dir.glob(directory + "/**/*#{extension}") end |