Class: SafeDb::KeyPass
- Inherits:
-
Object
- Object
- SafeDb::KeyPass
- Defined in:
- lib/utils/key.pass.rb
Class Method Summary collapse
-
.assert_input_text_size(input_size, min_size) ⇒ Object
– – Output an error message and then exit if the entered input – text size does not meet the minimum requirements.
-
.assert_min_size(min_size) ⇒ Object
– – Raise an exception if asked to collect text that is less – than 3 characters in length.
-
.assert_same_size_text(first_text, second_text) ⇒ Object
– – Assert that the text entered the second time is exactly (case sensitive) – the same as the text entered the first time.
-
.password_from_shell(prompt_twice) ⇒ String
Collect something sensitive from the command line
with a minimum length specified in the first parameter.
Class Method Details
.assert_input_text_size(input_size, min_size) ⇒ Object
– – Output an error message and then exit if the entered input – text size does not meet the minimum requirements. –
81 82 83 84 85 86 87 88 89 90 91 92 93 |
# File 'lib/utils/key.pass.rb', line 81 def self.assert_input_text_size input_size, min_size if( input_size < min_size ) puts puts "Input is too short. Please enter at least #{min_size} characters." puts exit end end |
.assert_min_size(min_size) ⇒ Object
– – Raise an exception if asked to collect text that is less – than 3 characters in length. –
69 70 71 72 73 74 |
# File 'lib/utils/key.pass.rb', line 69 def self.assert_min_size min_size min_length_msg = "\n\nCrypts with 2 (or less) characters open up exploitable holes.\n\n" raise ArgumentError.new min_length_msg if min_size < 3 end |
.assert_same_size_text(first_text, second_text) ⇒ Object
– – Assert that the text entered the second time is exactly (case sensitive) – the same as the text entered the first time. –
100 101 102 103 104 105 106 107 108 109 110 111 112 |
# File 'lib/utils/key.pass.rb', line 100 def self.assert_same_size_text first_text, second_text unless( first_text.eql? second_text ) puts puts "Those two passwords are not the same (in my book)!" puts exit end end |
.password_from_shell(prompt_twice) ⇒ String
Collect something sensitive from the command line
with a minimum length specified in the first parameter. This method can’t know whether the information is a password, a pin number or whatever so it takes the integer minimum size at its word.
Question 5 to App Config | What is the Secret?
The client may need to acquire the secret if the answer to question 4 indicates the need to instantiate the keys and encrypt the application’s plaintext database. The application should facilitate communication of the secret via
-
an environment variable
-
the system clipboard (cleared after reading)
-
a file whose path is a command parameter
-
a file in a pre-agreed location
-
a file in the present directory (with a pre-agreed name)
-
a URL from a parameter or pre-agreed
-
the shell’s secure password reader
-
the DConf / GConf or GSettings configuration stores
-
a REST API
-
password managers like LastPass, KeePassX or 1Pass
-
the Amazon KMS (Key Management Store)
-
vaults from Ansible, Terraform and Kubernetes
-
credential managers like GitSecrets and Credstash
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
# File 'lib/utils/key.pass.rb', line 41 def self.password_from_shell prompt_twice require "io/console" assert_min_size MINIMUM_PASSWORD_SIZE sleep(1) puts "Enter Password:" first_secret = STDIN.noecho(&:gets).chomp assert_input_text_size first_secret.length, MINIMUM_PASSWORD_SIZE return first_secret unless prompt_twice sleep(1) puts "Re-enter Password:" check_secret = STDIN.noecho(&:gets).chomp assert_same_size_text first_secret, check_secret return first_secret end |