class Secrets

Overview

The Secrets class keeps track of a YAML-like structure of secrets for an application, and is responsible for encrypting and decrypting the file where those secrets are stored.

The instantiation of a Secrets object loads data from an encoded YAML file, and presents the data as a hash-like object.

secrets = Secrets.new
secrets["username"] # => "[email protected]"

An alternate way to use the library is with the Secrets#raw, combined with the YAML::Serializable module.

class MySecrets
  include YAML::Serializable

  property username : String
  property password : String
end

secrets = Secrets.new
secrets.raw # => "---\nusername: [email protected]\npassword: WARMACHINEROX\n"

my_secrets = MySecrets.from_yaml(secrets.raw)
my_secrets["username"] # => [email protected]

Note: Changes to the internal data of a Secrets object doesn't result in data being saved to the file. If this is intended behaviour, it must be done manually.

Defined in:

secrets.cr
secrets/any.cr

Constant Summary

DEFAULT_KEY_PATH = "secrets.key"
DEFAULT_PATH = "secrets.yml.enc"
VERSION = "0.1.0"

Constructors

Class Method Summary

Instance Method Summary

Constructor Detail

def self.new(file_path = DEFAULT_PATH, key_path = DEFAULT_KEY_PATH) #

Initializes a new Secrets object, and loads it from the encrypted YAML file at the specified location.

Raises a File::NotFoundError if the specified secrets file doesn't exist.


[View source]

Class Method Detail

def self.generate(path = DEFAULT_PATH, key_path = DEFAULT_KEY_PATH) #

Generates an encrypted secrets file and key file at the specified locations, overwriting the files if they already exist.

If this command is run from the same directory as the gitignore file, it will also read the file, and add the key file to it if necessary.

Note: This command won't create any folders required, and will throw a NotFoundError if the folder doesn't exist.


[View source]
def self.generate!(path = DEFAULT_PATH, key_path = DEFAULT_KEY_PATH) #

Generates an encrypted secrets file and key file at the specified locations, raising an error if the files already exist.

If this command is run from the same directory as the gitignore file, it will also read the file, and add the key file to it if necessary.

Note: As with the standard .generate method, this command won't create any folders required, and will throw a NotFoundError if the folder doesn't exist.


[View source]

Instance Method Detail

def [](*args, **options) #

returns the element at the given index_or_key, raises if out of bounds or the key is missing.


[View source]
def [](*args, **options, &) #

returns the element at the given index_or_key, raises if out of bounds or the key is missing.


[View source]
def []=(*args, **options) #

Sets the value of key to the given value.


[View source]
def []?(*args, **options) #

returns the element at the given index_or_key, or nil if out of bounds or the key is missing.


[View source]
def []?(*args, **options, &) #

returns the element at the given index_or_key, or nil if out of bounds or the key is missing.


[View source]
def decrypt(data : String) : String #

Decrypts data using the key and returns the decrypted data as a String.


[View source]
def encrypt(data : String) : String #

Encrypts data using the object's key and returns the encrypted data as a String.


[View source]
def file_path : String #

[View source]
def key_file_path : String #

[View source]
def load_data : Any #

Loads the YAML data from the encrypted secrets file.


[View source]
def raw : String #

Returns the raw YAML of the Secrets file

This allows the use of Secrets with the YAML::Serializable module.

class MySecrets
  include YAML::Serializable

  property username : String
  property password : String
end

my_secrets = MySecrets.from_yaml(Secrets.new.raw)
my_secrets["username"] # => [email protected]

[View source]
def reset #

Generates a new encryption key, saves it to the key file, and encrypts the data file using the new key.


[View source]
def save #

Saves data to the secrets file.


[View source]