lib/symmetric_encryption/cli.rb in symmetric-encryption-4.0.0 vs lib/symmetric_encryption/cli.rb in symmetric-encryption-4.0.1
- old
+ new
@@ -6,19 +6,19 @@
:decrypt, :random_password, :new_keys, :generate, :environment,
:keystore, :re_encrypt, :version, :output_file_name, :compress,
:environments, :cipher_name, :rolling_deploy, :rotate_keys, :rotate_kek, :prompt, :show_version,
:cleanup_keys, :activate_key, :migrate
- KEYSTORES = [:heroku, :environment, :file]
+ KEYSTORES = %i[heroku environment file].freeze
def self.run!(argv)
new(argv).run!
end
def initialize(argv)
@version = current_version
- @environment = ENV['RACK_ENV'] || ENV['RAILS_ENV'] || 'development'
+ @environment = ENV['SYMMETRIC_ENCRYPTION_ENV'] || ENV['RACK_ENV'] || ENV['RAILS_ENV'] || 'development'
@config_file_path = File.expand_path(ENV['SYMMETRIC_ENCRYPTION_CONFIG'] || 'config/symmetric-encryption.yml')
@app_name = 'symmetric-encryption'
@key_path = '/etc/symmetric-encryption'
@cipher_name = 'aes-256-cbc'
@rolling_deploy = false
@@ -26,11 +26,11 @@
@show_version = false
@keystore = :file
if argv.empty?
puts parser
- exit -10
+ exit(-10)
end
parser.parse!(argv)
end
def run!
@@ -69,21 +69,21 @@
end
end
def parser
@parser ||= OptionParser.new do |opts|
- opts.banner = <<BANNER
-Symmetric Encryption v#{VERSION}
+ opts.banner = <<~BANNER
+ Symmetric Encryption v#{VERSION}
- For more information, see: https://rocketjob.github.io/symmetric-encryption/
+ For more information, see: https://rocketjob.github.io/symmetric-encryption/
- Note:
- It is recommended to backup the current configuration file, or place it in version control before running
- the configuration manipulation commands below.
+ Note:
+ It is recommended to backup the current configuration file, or place it in version control before running
+ the configuration manipulation commands below.
-symmetric-encryption [options]
-BANNER
+ symmetric-encryption [options]
+ BANNER
opts.on '-e', '--encrypt [FILE_NAME]', 'Encrypt a file, or read from stdin if no file name is supplied.' do |file_name|
@encrypt = file_name || STDIN
end
@@ -101,11 +101,11 @@
opts.on '-z', '--compress', 'Compress encrypted output file.' do
@compress = true
end
- opts.on '-E', '--env ENVIRONMENT', "Environment to use in the config file. Default: RACK_ENV || RAILS_ENV || 'development'" do |environment|
+ opts.on '-E', '--env ENVIRONMENT', "Environment to use in the config file. Default: SYMMETRIC_ENCRYPTION_ENV || RACK_ENV || RAILS_ENV || 'development'" do |environment|
@environment = environment
end
opts.on '-c', '--config CONFIG_FILE_PATH', 'File name & path to the Symmetric Encryption configuration file. Default: config/symmetric-encryption.yml or Env var: `SYMMETRIC_ENCRYPTION_CONFIG`' do |path|
@config_file_path = path
@@ -114,11 +114,11 @@
opts.on '-m', '--migrate', 'Migrate configuration file to new format.' do
@migrate = true
end
opts.on '-r', '--re-encrypt [PATTERN]', 'ReEncrypt all files matching the pattern. Default: "**/*.{yml,rb}"' do |pattern|
- @re_encrypt = pattern || "**/*.{yml,rb}"
+ @re_encrypt = pattern || '**/*.{yml,rb}'
end
opts.on '-n', '--new-password [SIZE]', 'Generate a new random password using only characters that are URL-safe base64. Default size is 22.' do |size|
@random_password = (size || 22).to_i
end
@@ -137,15 +137,15 @@
opts.on '-a', '--app-name NAME', 'Application name to use when generating a new configuration. Default: symmetric-encryption' do |name|
@app_name = name
end
- opts.on '-S', '--environments ENVIRONMENTS', "Comma separated list of environments for which to generate the config file. Default: development,test,release,production" do |environments|
+ opts.on '-S', '--environments ENVIRONMENTS', 'Comma separated list of environments for which to generate the config file. Default: development,test,release,production' do |environments|
@environments = environments.split(',').collect(&:strip).collect(&:to_sym)
end
- opts.on '-C', '--cipher-name NAME', "Name of the cipher to use when generating a new config file, or when rotating keys. Default: aes-256-cbc" do |name|
+ opts.on '-C', '--cipher-name NAME', 'Name of the cipher to use when generating a new config file, or when rotating keys. Default: aes-256-cbc' do |name|
@cipher_name = name
end
opts.on '-R', '--rotate-keys', 'Generates a new encryption key version, encryption key files, and updates the configuration file.' do
@rotate_keys = true
@@ -165,11 +165,11 @@
opts.on '-X', '--cleanup-keys', 'Removes all encryption keys, except the one with the highest version from the configuration file.' do
@cleanup_keys = true
end
- opts.on '-V', '--key-version NUMBER', "Encryption key version to use when encrypting or re-encrypting. Default: (Current global version)." do |number|
+ opts.on '-V', '--key-version NUMBER', 'Encryption key version to use when encrypting or re-encrypting. Default: (Current global version).' do |number|
@version = number.to_i
end
opts.on '-L', '--ciphers', 'List available OpenSSL ciphers.' do
puts "OpenSSL v#{OpenSSL::VERSION}. Available Ciphers:"
@@ -183,11 +183,10 @@
opts.on('-h', '--help', 'Prints this help.') do
puts opts
exit
end
-
end
end
private
@@ -197,28 +196,28 @@
Config.load!(file_name: config_file_path, env: environment)
end
def generate_new_config
config_file_does_not_exist!
- self.environments ||= %i(development test release production)
- cfg =
+ self.environments ||= %i[development test release production]
+ cfg =
if keystore == :file
SymmetricEncryption::Keystore::File.new_config(
key_path: key_path,
app_name: app_name,
environments: environments,
cipher_name: cipher_name
)
- elsif [:heroku, :environment].include?(keystore)
+ elsif %i[heroku environment].include?(keystore)
SymmetricEncryption::Keystore::Environment.new_config(
app_name: app_name,
environments: environments,
cipher_name: cipher_name
)
else
puts "Invalid keystore option: #{keystore}, must be one of #{KEYSTORES.join(', ')}"
- exit -3
+ exit(-3)
end
Config.write_file(config_file_path, cfg)
puts "New configuration file created at: #{config_file_path}"
end
@@ -244,30 +243,28 @@
def run_cleanup_keys
config = Config.read_file(config_file_path)
config.each_pair do |env, cfg|
next if environments && !environments.include?(env.to_sym)
- if ciphers = cfg[:ciphers]
- highest = ciphers.max_by { |i| i[:version] }
- ciphers.clear
- ciphers << highest
- end
+ next unless ciphers = cfg[:ciphers]
+ highest = ciphers.max_by { |i| i[:version] }
+ ciphers.clear
+ ciphers << highest
end
Config.write_file(config_file_path, config)
puts "Removed all but the key with the highest version in: #{config_file_path}"
end
def run_activate_key
config = Config.read_file(config_file_path)
config.each_pair do |env, cfg|
next if environments && !environments.include?(env.to_sym)
- if ciphers = cfg[:ciphers]
- highest = ciphers.max_by { |i| i[:version] }
- ciphers.delete(highest)
- ciphers.unshift(highest)
- end
+ next unless ciphers = cfg[:ciphers]
+ highest = ciphers.max_by { |i| i[:version] }
+ ciphers.delete(highest)
+ ciphers.unshift(highest)
end
Config.write_file(config_file_path, config)
puts "Activated the keys with the highest versions in: #{config_file_path}"
end
@@ -307,13 +304,11 @@
while value1 != value2
value1 = HighLine.new.ask('Enter the value to encrypt:') { |q| q.echo = '*' }
value2 = HighLine.new.ask('Re-enter the value to encrypt:') { |q| q.echo = '*' }
- if value1 != value2
- puts('Values do not match, please try again')
- end
+ puts('Values do not match, please try again') if value1 != value2
end
encrypted = SymmetricEncryption.cipher(version).encrypt(value1, compress: compress)
output_file_name ? File.open(output_file_name, 'wb') { |f| f << encrypted } : puts("\n\nEncrypted: #{encrypted}\n\n")
end
@@ -334,10 +329,9 @@
# Ensure that the config file does not already exist before generating a new one.
def config_file_does_not_exist!
return unless File.exist?(config_file_path)
puts "\nConfiguration file already exists, please move or rename: #{config_file_path}\n\n"
- exit -1
+ exit(-1)
end
-
end
end