Class: SafeDb::ToolBelt::Collect

Inherits:
Object
  • Object
show all
Defined in:
lib/modules/cryptology/collect.rb

Overview

This class will be refactored into an interface implemented by a set of plugins that will capture sensitive information from users from an Ubuntu, Windows, RHEL, CoreOS, iOS or CentOS command line interface.

An equivalent REST API will also be available for bringing in sensitive information in the most secure (but simple) manner.

Class Method Summary collapse

Class Method Details

.assert_input_text_size(input_size, min_size) ⇒ Object

– – Output an error message and then exit if the entered input – text size does not meet the minimum requirements. –



98
99
100
101
102
103
104
105
106
107
108
109
110
# File 'lib/modules/cryptology/collect.rb', line 98

def self.assert_input_text_size input_size, min_size

  if( input_size < min_size  )

    puts
    puts "Input is too short. Please enter at least #{min_size} characters."
    puts

    exit

  end

end

.assert_min_size(min_size) ⇒ Object

– – Raise an exception if asked to collect text that is less – than 3 characters in length. –



86
87
88
89
90
91
# File 'lib/modules/cryptology/collect.rb', line 86

def self.assert_min_size min_size

  min_length_msg = "\n\nCrypts with 2 (or less) characters open up exploitable holes.\n\n"
  raise ArgumentError.new min_length_msg if min_size < 3

end

.assert_same_size_text(first_text, second_text) ⇒ Object

– – Assert that the text entered the second time is exactly (case sensitive) – the same as the text entered the first time. –



117
118
119
120
121
122
123
124
125
126
127
128
129
# File 'lib/modules/cryptology/collect.rb', line 117

def self.assert_same_size_text first_text, second_text
  
  unless( first_text.eql? second_text )

    puts
    puts "Those two bits of text are not the same (in my book)!"
    puts

    exit

  end

end

.secret_text(min_size, prompt_twice, prompt_1, prompt_2 = nil) ⇒ String

Collect something sensitive from the command line with a minimum length specified in the first parameter. This method can’t know whether the information is a password, a pin number or whatever so it takes the integer minimum size at its word.

Question 5 to App Config | What is the Secret?

The client may need to acquire the secret if the answer to question 4 indicates the need to instantiate the keys and encrypt the application’s plaintext database. The application should facilitate communication of the secret via

  • an environment variable

  • the system clipboard (cleared after reading)

  • a file whose path is a command parameter

  • a file in a pre-agreed location

  • a file in the present directory (with a pre-agreed name)

  • a URL from a parameter or pre-agreed

  • the shell’s secure password reader

  • the DConf / GConf or GSettings configuration stores

  • a REST API

  • password managers like LastPass, KeePassX or 1Pass

  • the Amazon KMS (Key Management Store)

  • vaults from Ansible, Terraform and Kubernetes

  • credential managers like GitSecrets and Credstash

Parameters:

  • min_size (Integer)

    the minimum size of the collected secret whereby one (1) is the least we can expect. The maximum bound is not constrained here so will fall under what is allowed by the interface, be it a CLI, Rest API, Web UI or Mobile App.

  • prompt_twice (Boolean)

    indicate whether the user should be prompted twice. If true the prompt_2 text must be provided and converse is also true. A true value asserts that both times the user enters the same (case sensitive) string.

  • prompt_1 (String)

    the text (aide memoire) used to prompt the user

  • prompt_2 (String) (defaults to: nil)

    if the prompt twice boolean is TRUE, this second prompt (aide memoire) must be provided.

Returns:

  • (String)

    the collected string text ( watch out for non-ascii chars)

Raises:

  • (ArgumentError)

    if the minimum size is less than one



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# File 'lib/modules/cryptology/collect.rb', line 60

def self.secret_text min_size, prompt_twice, prompt_1, prompt_2=nil

  assert_min_size min_size

  sleep(1)
  puts "\n#{prompt_1} : "
  first_secret = STDIN.noecho(&:gets).chomp

  assert_input_text_size first_secret.length, min_size
  return first_secret unless prompt_twice

  sleep(1)
  puts "\n#{prompt_2} : "
  check_secret = STDIN.noecho(&:gets).chomp

  assert_same_size_text first_secret, check_secret
  
  return first_secret

end