lib/symmetric_encryption/cli.rb in symmetric-encryption-4.3.1 vs lib/symmetric_encryption/cli.rb in symmetric-encryption-4.3.2
- old
+ new
@@ -1,7 +1,7 @@
-require 'optparse'
-require 'fileutils'
+require "optparse"
+require "fileutils"
module SymmetricEncryption
class CLI
attr_reader :key_path, :app_name, :encrypt, :config_file_path,
:decrypt, :random_password, :new_keys, :generate, :environment,
:keystore, :re_encrypt, :version, :output_file_name, :compress,
@@ -14,15 +14,15 @@
new(argv).run!
end
def initialize(argv)
@version = current_version
- @environment = ENV['SYMMETRIC_ENCRYPTION_ENV'] || ENV['RACK_ENV'] || ENV['RAILS_ENV'] || 'development'
- @config_file_path = File.expand_path(ENV['SYMMETRIC_ENCRYPTION_CONFIG'] || 'config/symmetric-encryption.yml')
- @app_name = 'symmetric-encryption'
+ @environment = ENV["SYMMETRIC_ENCRYPTION_ENV"] || ENV["RACK_ENV"] || ENV["RAILS_ENV"] || "development"
+ @config_file_path = File.expand_path(ENV["SYMMETRIC_ENCRYPTION_CONFIG"] || "config/symmetric-encryption.yml")
+ @app_name = "symmetric-encryption"
@key_path = "#{ENV['HOME']}/.symmetric-encryption"
- @cipher_name = 'aes-256-cbc'
+ @cipher_name = "aes-256-cbc"
@rolling_deploy = false
@prompt = false
@show_version = false
@keystore = :file
@@ -32,11 +32,11 @@
end
parser.parse!(argv)
end
def run!
- raise(ArgumentError, 'Cannot cleanup keys and rotate keys at the same time') if cleanup_keys && rotate_keys
+ raise(ArgumentError, "Cannot cleanup keys and rotate keys at the same time") if cleanup_keys && rotate_keys
if show_version
puts "Symmetric Encryption v#{VERSION}"
puts "OpenSSL v#{OpenSSL::VERSION}"
puts "Environment: #{environment}"
@@ -68,11 +68,11 @@
puts parser
end
end
def parser
- @parser ||= OptionParser.new do |opts|
+ @parser ||= OptionParser.new do |opts|
opts.banner = <<~BANNER
Symmetric Encryption v#{VERSION}
For more information, see: https://rocketjob.github.io/symmetric-encryption/
@@ -81,117 +81,117 @@
the configuration manipulation commands below.
symmetric-encryption [options]
BANNER
- opts.on '-e', '--encrypt [FILE_NAME]', 'Encrypt a file, or read from stdin if no file name is supplied.' do |file_name|
+ opts.on "-e", "--encrypt [FILE_NAME]", "Encrypt a file, or read from stdin if no file name is supplied." do |file_name|
@encrypt = file_name || STDIN
end
- opts.on '-d', '--decrypt [FILE_NAME]', 'Decrypt a file, or read from stdin if no file name is supplied.' do |file_name|
+ opts.on "-d", "--decrypt [FILE_NAME]", "Decrypt a file, or read from stdin if no file name is supplied." do |file_name|
@decrypt = file_name || STDIN
end
- opts.on '-o', '--output FILE_NAME', 'Write encrypted or decrypted file to this file, otherwise output goes to stdout.' do |file_name|
+ opts.on "-o", "--output FILE_NAME", "Write encrypted or decrypted file to this file, otherwise output goes to stdout." do |file_name|
@output_file_name = file_name
end
- opts.on '-P', '--prompt', 'When encrypting or decrypting, prompt for a string encrypt or decrypt.' do
+ opts.on "-P", "--prompt", "When encrypting or decrypting, prompt for a string encrypt or decrypt." do
@prompt = true
end
- opts.on '-z', '--compress', 'Compress encrypted output file. [Default for encrypting files]' do
+ opts.on "-z", "--compress", "Compress encrypted output file. [Default for encrypting files]" do
@compress = true
end
- opts.on '-Z', '--no-compress', 'Does not compress the output file. [Default for encrypting strings]' do
+ opts.on "-Z", "--no-compress", "Does not compress the output file. [Default for encrypting strings]" do
@compress = false
end
- opts.on '-E', '--env ENVIRONMENT', "Environment to use in the config file. Default: SYMMETRIC_ENCRYPTION_ENV || RACK_ENV || RAILS_ENV || 'development'" do |environment|
+ opts.on "-E", "--env ENVIRONMENT", "Environment to use in the config file. Default: SYMMETRIC_ENCRYPTION_ENV || RACK_ENV || RAILS_ENV || 'development'" do |environment|
@environment = environment
end
- opts.on '-c', '--config CONFIG_FILE_PATH', 'File name & path to the Symmetric Encryption configuration file. Default: config/symmetric-encryption.yml or Env var: `SYMMETRIC_ENCRYPTION_CONFIG`' do |path|
+ opts.on "-c", "--config CONFIG_FILE_PATH", "File name & path to the Symmetric Encryption configuration file. Default: config/symmetric-encryption.yml or Env var: `SYMMETRIC_ENCRYPTION_CONFIG`" do |path|
@config_file_path = path
end
- opts.on '-m', '--migrate', 'Migrate configuration file to new format.' do
+ opts.on "-m", "--migrate", "Migrate configuration file to new format." do
@migrate = true
end
- opts.on '-r', '--re-encrypt [PATTERN]', 'ReEncrypt all files matching the pattern. Default: "**/*.{yml,rb}"' do |pattern|
- @re_encrypt = pattern || '**/*.{yml,rb}'
+ opts.on "-r", "--re-encrypt [PATTERN]", 'ReEncrypt all files matching the pattern. Default: "**/*.{yml,rb}"' do |pattern|
+ @re_encrypt = pattern || "**/*.{yml,rb}"
end
- opts.on '-n', '--new-password [SIZE]', 'Generate a new random password using only characters that are URL-safe base64. Default size is 22.' do |size|
+ opts.on "-n", "--new-password [SIZE]", "Generate a new random password using only characters that are URL-safe base64. Default size is 22." do |size|
@random_password = (size || 22).to_i
end
- opts.on '-g', '--generate', 'Generate a new configuration file and encryption keys for every environment.' do |config|
+ opts.on "-g", "--generate", "Generate a new configuration file and encryption keys for every environment." do |config|
@generate = config
end
- opts.on '-s', '--keystore heroku|environment|file|aws|gcp', 'Which keystore to use during generation or re-encryption.' do |keystore|
- @keystore = (keystore || 'file').downcase.to_sym
+ opts.on "-s", "--keystore heroku|environment|file|aws|gcp", "Which keystore to use during generation or re-encryption." do |keystore|
+ @keystore = (keystore || "file").downcase.to_sym
end
- opts.on '-B', '--regions [us-east-1,us-east-2,us-west-1,us-west-2]', 'AWS KMS Regions to encrypt data key with.' do |regions|
- @regions = regions.to_s.split(',').collect(&:strip) if regions
+ opts.on "-B", "--regions [us-east-1,us-east-2,us-west-1,us-west-2]", "AWS KMS Regions to encrypt data key with." do |regions|
+ @regions = regions.to_s.split(",").collect(&:strip) if regions
end
- opts.on '-K', '--key-path KEY_PATH', 'Output path in which to write generated key files. Default: ~/.symmetric-encryption' do |path|
+ opts.on "-K", "--key-path KEY_PATH", "Output path in which to write generated key files. Default: ~/.symmetric-encryption" do |path|
@key_path = path
end
- opts.on '-a', '--app-name NAME', 'Application name to use when generating a new configuration. Default: symmetric-encryption' do |name|
+ opts.on "-a", "--app-name NAME", "Application name to use when generating a new configuration. Default: symmetric-encryption" do |name|
@app_name = name
end
- opts.on '-S', '--environments ENVIRONMENTS', 'Comma separated list of environments for which to generate the config file. Default: development,test,release,production' do |environments|
- @environments = environments.split(',').collect(&:strip).collect(&:to_sym)
+ opts.on "-S", "--environments ENVIRONMENTS", "Comma separated list of environments for which to generate the config file. Default: development,test,release,production" do |environments|
+ @environments = environments.split(",").collect(&:strip).collect(&:to_sym)
end
- opts.on '-C', '--cipher-name NAME', 'Name of the cipher to use when generating a new config file, or when rotating keys. Default: aes-256-cbc' do |name|
+ opts.on "-C", "--cipher-name NAME", "Name of the cipher to use when generating a new config file, or when rotating keys. Default: aes-256-cbc" do |name|
@cipher_name = name
end
- opts.on '-R', '--rotate-keys', 'Generates a new encryption key version, encryption key files, and updates the configuration file.' do
+ opts.on "-R", "--rotate-keys", "Generates a new encryption key version, encryption key files, and updates the configuration file." do
@rotate_keys = true
end
- opts.on '-U', '--rotate-kek', 'Replace the existing key encrypting keys only, the data encryption key is not changed, and updates the configuration file.' do
+ opts.on "-U", "--rotate-kek", "Replace the existing key encrypting keys only, the data encryption key is not changed, and updates the configuration file." do
@rotate_kek = true
end
- opts.on '-D', '--rolling-deploy', 'During key rotation, support a rolling deploy by placing the new key second in the list so that it is not activated yet.' do
+ opts.on "-D", "--rolling-deploy", "During key rotation, support a rolling deploy by placing the new key second in the list so that it is not activated yet." do
@rolling_deploy = true
end
- opts.on '-A', '--activate-key', 'Activates the key by moving the key with the highest version to the top.' do
+ opts.on "-A", "--activate-key", "Activates the key by moving the key with the highest version to the top." do
@activate_key = true
end
- opts.on '-X', '--cleanup-keys', 'Removes all encryption keys, except the one with the highest version from the configuration file.' do
+ opts.on "-X", "--cleanup-keys", "Removes all encryption keys, except the one with the highest version from the configuration file." do
@cleanup_keys = true
end
- opts.on '-V', '--key-version NUMBER', 'Encryption key version to use when encrypting or re-encrypting. Default: (Current global version).' do |number|
+ opts.on "-V", "--key-version NUMBER", "Encryption key version to use when encrypting or re-encrypting. Default: (Current global version)." do |number|
@version = number.to_i
end
- opts.on '-L', '--ciphers', 'List available OpenSSL ciphers.' do
+ opts.on "-L", "--ciphers", "List available OpenSSL ciphers." do
puts "OpenSSL v#{OpenSSL::VERSION}. Available Ciphers:"
puts OpenSSL::Cipher.ciphers.join("\n")
exit
end
- opts.on '-v', '--version', 'Display Symmetric Encryption version.' do
+ opts.on "-v", "--version", "Display Symmetric Encryption version." do
@show_version = true
end
- opts.on('-h', '--help', 'Prints this help.') do
+ opts.on("-h", "--help", "Prints this help.") do
puts opts
exit
end
end
end
@@ -210,11 +210,11 @@
exit(-3)
end
config_file_does_not_exist!
self.environments ||= %i[development test release production]
- args = {
+ args = {
app_name: app_name,
environments: environments,
cipher_name: cipher_name
}
args[:key_path] = key_path if key_path
@@ -253,11 +253,11 @@
config = Config.read_file(config_file_path)
config.each_pair do |env, cfg|
next if environments && !environments.include?(env.to_sym)
next unless ciphers = cfg[:ciphers]
- highest = ciphers.max_by { |i| i[:version] }
+ highest = ciphers.max_by { |i| i[:version] }
ciphers.clear
ciphers << highest
end
Config.write_file(config_file_path, config)
@@ -268,11 +268,11 @@
config = Config.read_file(config_file_path)
config.each_pair do |env, cfg|
next if environments && !environments.include?(env.to_sym)
next unless ciphers = cfg[:ciphers]
- highest = ciphers.max_by { |i| i[:version] }
+ highest = ciphers.max_by { |i| i[:version] }
ciphers.delete(highest)
ciphers.unshift(highest)
end
Config.write_file(config_file_path, config)
@@ -287,49 +287,49 @@
SymmetricEncryption::Reader.decrypt(source: input_file_name, target: output_file_name || STDOUT, version: version)
end
def decrypt_string
begin
- require 'highline'
+ require "highline"
rescue LoadError
puts("\nPlease install gem highline before using the command line task to decrypt an entered string.\n gem install \"highline\"\n\n")
exit(-2)
end
- encrypted = HighLine.new.ask('Enter the value to decrypt:')
+ encrypted = HighLine.new.ask("Enter the value to decrypt:")
text = SymmetricEncryption.cipher(version).decrypt(encrypted)
puts("\n\nEncrypted: #{encrypted}")
- output_file_name ? File.open(output_file_name, 'wb') { |f| f << text } : puts("Decrypted: #{text}\n\n")
+ output_file_name ? File.open(output_file_name, "wb") { |f| f << text } : puts("Decrypted: #{text}\n\n")
end
def encrypt_string
begin
- require 'highline'
+ require "highline"
rescue LoadError
puts("\nPlease install gem highline before using the command line task to encrypt an entered string.\n gem install \"highline\"\n\n")
exit(-2)
end
value1 = nil
value2 = 0
while value1 != value2
- value1 = HighLine.new.ask('Enter the value to encrypt:') { |q| q.echo = '*' }
- value2 = HighLine.new.ask('Re-enter the value to encrypt:') { |q| q.echo = '*' }
+ value1 = HighLine.new.ask("Enter the value to encrypt:") { |q| q.echo = "*" }
+ value2 = HighLine.new.ask("Re-enter the value to encrypt:") { |q| q.echo = "*" }
- puts('Values do not match, please try again') if value1 != value2
+ puts("Values do not match, please try again") if value1 != value2
end
compress = false if compress.nil?
encrypted = SymmetricEncryption.cipher(version).encrypt(value1, compress: compress)
- output_file_name ? File.open(output_file_name, 'wb') { |f| f << encrypted } : puts("\n\nEncrypted: #{encrypted}\n\n")
+ output_file_name ? File.open(output_file_name, "wb") { |f| f << encrypted } : puts("\n\nEncrypted: #{encrypted}\n\n")
end
def gen_random_password(size)
p = SymmetricEncryption.random_password(size)
puts("\nGenerated Password: #{p}")
encrypted = SymmetricEncryption.encrypt(p)
puts("Encrypted: #{encrypted}\n\n")
- File.open(output_file_name, 'wb') { |f| f << encrypted } if output_file_name
+ File.open(output_file_name, "wb") { |f| f << encrypted } if output_file_name
end
def current_version
SymmetricEncryption.cipher.version
rescue SymmetricEncryption::ConfigError