class DynamoSecret::Secret

Public Class Methods

new(config) click to toggle source
# File lib/dynamo_secret/secret.rb, line 8
def initialize(config)
  @config = config
end

Public Instance Methods

delete() click to toggle source
# File lib/dynamo_secret/secret.rb, line 12
def delete
  resp = ask("Really delete #{site}? (y/N) ")
  return unless resp.casecmp('y')
  dynamodb.delete
  $stdout.puts "#{site} deleted"
end
get(fields) click to toggle source
# File lib/dynamo_secret/secret.rb, line 19
def get(fields)
  secret = dynamodb.fetch_secret
  return decrypt(secret, fields) if secret
  $stderr.puts "Could not find record for #{site}"
  exit 1
end
put() click to toggle source
# File lib/dynamo_secret/secret.rb, line 26
def put
  if gpg.key.nil? && kms.key.nil?
    $stderr.puts 'Refusing to store secrets in plain text'
    exit 1
  elsif dynamodb.fetch_secret
    $stderr.puts "Site #{site} already exists"
    exit 1
  else
    secret = encrypt
    dynamodb.put_secret(secret)
  end
end
setup() click to toggle source
# File lib/dynamo_secret/secret.rb, line 39
def setup
  dynamodb.create_table
  kms.create_key unless @config.fetch(:enable_kms, nil).nil?
end
update() click to toggle source
# File lib/dynamo_secret/secret.rb, line 44
def update
  secret = dynamodb.fetch_secret.merge(encrypt)
  dynamodb.put_secret(secret)
end

Private Instance Methods

decode(data) click to toggle source
# File lib/dynamo_secret/secret.rb, line 51
def decode(data)
  data = Base64.decode64(data)
  data = kms.decrypt(data) if kms.key
  data = gpg.decrypt(data) if gpg.key
  data
end
decrypt(data, fields) click to toggle source
# File lib/dynamo_secret/secret.rb, line 58
def decrypt(data, fields)
  headers = [['Key', 'Value'], ['---', '-----']]
  fields ||= [['Site', data['Site']]] + data.map { |k, v| [k, decode(v)] unless k == 'Site' }.compact
  output = if fields.is_a?(Array)
             headers + fields
           else
             headers + data.map { |k, v| [k, decode(v)] if fields.include?(k) }.compact
           end
  widths = output.transpose.map { |x| x.map(&:length).max }.map { |w| "%-#{w}s" }.join('   ')
  output.each { |line| $stdout.puts widths % line }
end
dynamodb() click to toggle source
# File lib/dynamo_secret/secret.rb, line 76
def dynamodb
  @dynamodb ||= DynamoDB.new(@config)
end
encode(data) click to toggle source
# File lib/dynamo_secret/secret.rb, line 70
def encode(data)
  data = gpg.encrypt(data) if gpg.key
  data = kms.encrypt(data) if kms.key
  Base64.encode64(data)
end
encrypt() click to toggle source
# File lib/dynamo_secret/secret.rb, line 80
def encrypt
  encrypted_data = {
    'Site' => site
  }
  @config[:secret_data][site].each do |kv|
    kv.map { |k, v| encrypted_data[k] = encode(v) }
  end
  encrypted_data
end
gpg() click to toggle source
# File lib/dynamo_secret/secret.rb, line 90
def gpg
  @gpg ||= Gpg.new
end
kms() click to toggle source
# File lib/dynamo_secret/secret.rb, line 94
def kms
  @kms ||= Kms.new(@config)
end
site() click to toggle source
# File lib/dynamo_secret/secret.rb, line 98
def site
  @config[:secret_data].map { |k, _v| k }.first
end