Class: Encrypt

Inherits:
EcoSystem show all
Defined in:
lib/opensecret/executors/encrypt/encrypt.rb

Overview

– – This simple [cipher] plugin encrypts either the inputted string or – file, using the configured public key and writes the cryptic material – to a file that is checked into a git repository. – – ———————– – Example Parameters – ———————– – – @todo change input from –name to –path => encrypt –path=dates/bithdays/wife.birthday – @todo change input from –name to –path => encrypt –path=dates/bithdays/wife.birthday – @todo change input from –name to –path => encrypt –path=dates/bithdays/wife.birthday – @todo change input from –name to –path => encrypt –path=dates/bithdays/wife.birthday – @todo change input from –name to –path => encrypt –path=dates/bithdays/wife.birthday – @todo change input from –name to –path => encrypt –path=dates/bithdays/wife.birthday – – –name=dates/birthdays (mandatory) – –file=/home/joe/laptop.key (optional) – – ——————————————— – Escaping - Prefer BACKSLASH to DOUBLE QUOTES – ——————————————— – – Sensitive keys and passwords usually contain non standard characters. – Now you can use either BACKSLASHES or DOUBLE QUOTES to escape them. – – Prefer backslash to double quotes. – – Why? Example1 = –text=wow!wow!wee Will FAIL – Example2 = –text=wow!wow!wee Will SUCCEED – Example3 = –text=in(doubt)here Will FAIL – Example4 = –text=“in(doubt)here” Will SUCCEED – Example5 = –text=“no!way” Will FAIL – Example6 = –text=“no!and(oh)my” SUCCEEDS BUT INCLUDES backslash – Example7 = –text=no!and(oh)my SUCCEEDS (NO backslash) – – Example 6 will succeed but the decrypted string will include the – backslash like => no!and(oh)my – – Example 7 is the best for when exclamation marks and soft quotes exist. – Decrypted string is => no!and(oh)my –

Instance Attribute Summary

Attributes inherited from EcoFaculty

#eco_id_str

Instance Method Summary collapse

Methods inherited from EcoSystem

#copy_b4_sync_worthwhile?, #execute_scripts, #inject_reusables, #overwrite_lines, #post_provisioning, #pre_provisioning, #provision, reusable_buckets, #s3_synchronize, #s3_upload, #sync_2s3_bucket

Methods inherited from EcoFaculty

#configure_aws_credentials, #db_fact_exists?, #e_fact, #eco_fact_exists?, #get_eco_fact, #instantiate_runtime, #plugin_fact, #plugin_fact_exists?, #plugin_src_dir, #provision, #read_block_facts, #read_properties, #replace_placeholders, #string_fact_exists?, #write_properties

Instance Method Details

#core_provisioningObject 



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
 
# File 'lib/opensecret/executors/encrypt/encrypt.rb', line 47

def core_provisioning

  log.info(ere) { "# ## ######### ########################################## ## #" }
  log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
  log.info(ere) { "# -- [encrypt] This plugin encrypts a file or string. --- -- #" }
  log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
  log.info(ere) { "# ## ######### ########################################## ## #" }

  plaintext_secret = ""

  if CmdLine.include? :file then
    plaintext_filepath = CmdLine.instance.key_values[:file]
    Throw.if_not_exists plaintext_filepath
    plaintext_secret = File.read plaintext_filepath
  else
    plaintext_secret = Crypto.collect_secret 3, @p[:prompt_1], @p[:prompt_2]
  end

  GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]

  public_key_text = File.read @p[:public_keypath]
  encryption_key = OpenSSL::PKey::RSA.new public_key_text
  binary_crypt_text = encryption_key.public_encrypt plaintext_secret
  crypt_material = Base64.encode64 binary_crypt_text

  FileUtils.mkdir_p @p[:crypt_dir_path]
  File.write @p[:crypt_filepath], crypt_material
  GitFlow.push @p[:local_gitrepo], @p[:crypt_filename], @c[:time][:stamp]

  log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
  log.info(ere) { "# ## ######### ########################################## ## #" }

end