Class: SecretManager

Inherits:
FileManager show all
Defined in:
lib/team-secrets/secret_manager.rb

Instance Attribute Summary collapse

Attributes inherited from FileManager

#data

Instance Method Summary collapse

Methods inherited from FileManager

#loadFile, #writeFile

Constructor Details

#initialize(master_key = nil) ⇒ SecretManager

Returns a new instance of SecretManager.



8
9
10
11
12
 
# File 'lib/team-secrets/secret_manager.rb', line 8

def initialize(master_key = nil)
    @@working_dir = Dir.pwd
    @@master_key = master_key unless master_key.nil?
    @data = @data || []
end

Instance Attribute Details

#master_keyObject

Returns the value of attribute master_key.



6
7
8
 
# File 'lib/team-secrets/secret_manager.rb', line 6

def master_key
  @master_key
end

#working_dirObject

Returns the value of attribute working_dir.



6
7
8
 
# File 'lib/team-secrets/secret_manager.rb', line 6

def working_dir
  @working_dir
end

Instance Method Details

#add(secret_name, secret, account = nil, tags = [], notes = nil) ⇒ Object

Add a secret



23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/team-secrets/secret_manager.rb', line 23

def add(secret_name, secret,  = nil, tags = [], notes = nil)
    unless find(secret_name, tags, false).empty?
        raise 'Secret already exists with these tags'
    end

    tags = [tags] unless tags.is_a? Array

    secret_data = {
        name: secret_name,
        tags: tags,
        account: , # like the user name or email, if applicable
        secret: @@master_key.class.bin_to_hex( @@master_key.encryptSecret(secret) ),
        notes: notes,
        added: Time.now
    }

    @data.push secret_data
end

#find(secret_name, tags = [], decrypt = true) ⇒ Object

Search for a secret, must have all tags given



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'lib/team-secrets/secret_manager.rb', line 60

def find(secret_name, tags = [], decrypt = true)
    tags = [tags] unless tags.is_a? Array

    return_data = []
    @data.each do |secret_data|
        if (secret_data[:name] == secret_name)
            next unless tags.empty? || (tags - secret_data[:tags]).empty?
            # If no tags or secret has all tags

            this_secret = secret_data.dup
            if decrypt
                this_secret[:secret] = @@master_key.decryptSecret(@@master_key.class.hex_to_bin this_secret[:secret])
            end

            return_data.push(this_secret)
        end
    end
    return_data
end

#getAll(tags = []) ⇒ Object

Get all decrypted secrets



103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
# File 'lib/team-secrets/secret_manager.rb', line 103

def getAll(tags = [])
    tags = [tags] unless tags.is_a? Array
    return_data = []

    @data.each do |secret_data|
        if (tags.empty? || (tags - secret_data[:tags]).empty?) # If no tags or secret has all tags
            return_data.push(
                name: secret_data[:name],
                tags: secret_data[:tags] || [],
                account: secret_data[:account],
                secret: @@master_key.decryptSecret(@@master_key.class.hex_to_bin secret_data[:secret])
            )
        end
    end

    return_data
end

#getSecret(secret_name, tags = []) ⇒ Object

Get decrypted secret, array of secrets if mutliple matches



81
82
83
84
85
86
87
 
# File 'lib/team-secrets/secret_manager.rb', line 81

def getSecret(secret_name, tags = [])
    res = find(secret_name, tags)
    return nil if res.empty?
    res = res.map {|x| x[:secret]}
    return res[0] if res.length == 1
    res
end

#remove(secret_name, tags = []) ⇒ Object

Remove a secret, must have all tags given



43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/team-secrets/secret_manager.rb', line 43

def remove(secret_name, tags = [])
    tags = [tags] unless tags.is_a? Array
    removed = 0

    @data.keep_if do |secret_data|
        if (secret_data[:name] == secret_name) && (tags.empty? || (tags - secret_data[:tags]).empty?)
            removed += 1
            false
        else
            true
        end
    end

    removed
end

#rotateMasterKey(new_master_key) ⇒ Object

Change the encryption key for all secrets



90
91
92
93
94
95
96
97
98
99
100
 
# File 'lib/team-secrets/secret_manager.rb', line 90

def rotateMasterKey(new_master_key)
    @data = @data.map do |secret_data|
        secret = secret_data[:secret]
        plain_text = @@master_key.decryptSecret( @@master_key.class.hex_to_bin secret )
        secret = @@master_key.class.bin_to_hex( new_master_key.encryptSecret(plain_text) )
        secret_data[:secret] = secret
        secret_data
    end

    @@master_key = new_master_key
end