Class: Muchkeys::Secret

Inherits:

Object

• Object
• Muchkeys::Secret

Defined in:

lib/muchkeys/secret.rb

Constant Summary

CIPHER_SUITE =

"AES-256-CFB"

Instance Attribute Summary

• #app_client ⇒ Object

  Returns the value of attribute app_client.

Instance Method Summary

• #auto_certificates_exist_for_key?(key) ⇒ Boolean
• #certfile_name(key_name) ⇒ Object

  turn a key_name into a SSL cert file name by convention.

• #decrypt_string(val, public_key = nil, private_key = nil) ⇒ Object
• #encrypt_string(val, public_key) ⇒ Object
• #initialize(app_client) ⇒ Secret constructor

  A new instance of Secret.

• #is_secret?(key_name) ⇒ Boolean
• #secrets_path_hint ⇒ Object

  the path that clues Muchkeys that this path contains secrets.

Constructor Details

#initialize(app_client) ⇒ Secret

Returns a new instance of Secret.

# File 'lib/muchkeys/secret.rb', line 12

def initialize(app_client)
  @app_client = app_client
end

Instance Attribute Details

#app_client ⇒ Object

Returns the value of attribute app_client.

# File 'lib/muchkeys/secret.rb', line 8

def app_client
  @app_client
end

Instance Method Details

#auto_certificates_exist_for_key?(key) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/muchkeys/secret.rb', line 41

def auto_certificates_exist_for_key?(key)
  file_exists?(certfile_name(key))
end

#certfile_name(key_name) ⇒ Object

turn a key_name into a SSL cert file name by convention

Raises:

• (Muchkeys::InvalidKey)

# File 'lib/muchkeys/secret.rb', line 28

def certfile_name(key_name)
  key_parts = key_name.match /(.*)\/#{secrets_path_hint}(.*)/
  # FIXME this already checked in the secretes validator, we don't need to
  # check it again
  raise Muchkeys::InvalidKey, "#{key_name} doesn't look like a secret" if key_parts.nil?
  key_base = key_parts[1].gsub(/^git\//, "")
  config.public_key || "#{ENV['HOME']}/.keys/#{key_base}.pem"
end

#decrypt_string(val, public_key = nil, private_key = nil) ⇒ Object

# File 'lib/muchkeys/secret.rb', line 45

def decrypt_string(val, public_key = nil, private_key = nil)
  cert = OpenSSL::X509::Certificate.new(read_ssl_key(public_key))
  key  = OpenSSL::PKey::RSA.new(read_ssl_key(private_key))
  OpenSSL::PKCS7.new(val).decrypt(key, cert)
end

#encrypt_string(val, public_key) ⇒ Object

# File 'lib/muchkeys/secret.rb', line 21

def encrypt_string(val, public_key)
  cipher = OpenSSL::Cipher.new CIPHER_SUITE
  cert   = OpenSSL::X509::Certificate.new File.read(public_key)
  OpenSSL::PKCS7::encrypt([cert], val, cipher, OpenSSL::PKCS7::BINARY)
end

#is_secret?(key_name) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/muchkeys/secret.rb', line 37

def is_secret?(key_name)
  key_name.match(/\/#{secrets_path_hint}/) != nil
end

#secrets_path_hint ⇒ Object

the path that clues Muchkeys that this path contains secrets

# File 'lib/muchkeys/secret.rb', line 17

def secrets_path_hint
  config.secrets_hint || "secrets"
end