Class: KryptosSecret

Inherits:

Object

• Object
• KryptosSecret

Defined in:

lib/kryptos/secret.rb

Instance Method Summary

• #check_gitignore ⇒ Object
• #clandestine_operations ⇒ Object
• #cleartext_path ⇒ Object
• #decrypt_secrets ⇒ Object
• #encrypt_secrets ⇒ Object
• #encrypted_path ⇒ Object
• #gitignore_path ⇒ Object
• #initialize ⇒ KryptosSecret constructor

  A new instance of KryptosSecret.

• #key_path ⇒ Object
• #relative_cleartext_path ⇒ Object
• #relative_key_path ⇒ Object
• #secret ⇒ Object

Constructor Details

#initialize ⇒ KryptosSecret

Returns a new instance of KryptosSecret.

# File 'lib/kryptos/secret.rb', line 3

def initialize
end

Instance Method Details

#check_gitignore ⇒ Object

# File 'lib/kryptos/secret.rb', line 46

def check_gitignore
  return unless Rails.env.development?
  ignores = IO.read(gitignore_path)
  raise "gitignore must ignore #{relative_cleartext_path}" unless ignores =~ /^#{relative_cleartext_path}$/
  raise "gitignore must ignore #{relative_key_path}" unless ignores =~ /^#{relative_key_path}$/
end

#clandestine_operations ⇒ Object

# File 'lib/kryptos/secret.rb', line 34

def clandestine_operations
  raise "#{relative_key_path} does not exist" unless File.exists? key_path
  check_gitignore
  if File.exists? cleartext_path
    # If the encrypted version is out of date, regenerate it
    enc_mtime = File.exists?(encrypted_path) && File.mtime(encrypted_path)
    encrypt_secrets if !enc_mtime || enc_mtime < File.mtime(cleartext_path)
  else
    decrypt_secrets
  end
end

#cleartext_path ⇒ Object

# File 'lib/kryptos/secret.rb', line 18

def cleartext_path
  "#{Rails.root}/#{relative_cleartext_path}"
end

#decrypt_secrets ⇒ Object

# File 'lib/kryptos/secret.rb', line 60

def decrypt_secrets
  Rails.logger.info "kryptos decrypt_secrets"
  cipher = Gibberish::AES.new(secret)
  IO.write(cleartext_path, cipher.decrypt(IO.read(encrypted_path)))
  prev_time = File.mtime(encrypted_path)
  File.utime(prev_time, prev_time, cleartext_path)    # avoid round-trip
end

#encrypt_secrets ⇒ Object

# File 'lib/kryptos/secret.rb', line 53

def encrypt_secrets
  return unless Rails.env.development?
  Rails.logger.info "kryptos encrypt_secrets"
  cipher = Gibberish::AES.new(secret)
  IO.write(encrypted_path, cipher.encrypt(IO.read(cleartext_path)))
end

#encrypted_path ⇒ Object

# File 'lib/kryptos/secret.rb', line 22

def encrypted_path
  "#{cleartext_path}.enc"
end

#gitignore_path ⇒ Object

# File 'lib/kryptos/secret.rb', line 6

def gitignore_path
  "#{Rails.root}/.gitignore"
end

#key_path ⇒ Object

# File 'lib/kryptos/secret.rb', line 26

def key_path
  "#{Rails.root}/#{relative_key_path}"
end

#relative_cleartext_path ⇒ Object

# File 'lib/kryptos/secret.rb', line 10

def relative_cleartext_path
  "config/secrets.yml"
end

#relative_key_path ⇒ Object

# File 'lib/kryptos/secret.rb', line 14

def relative_key_path
  "config/kryptos.key"
end

#secret ⇒ Object

# File 'lib/kryptos/secret.rb', line 30

def secret
  @secret ||= IO.read(key_path).strip
end