Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

envault

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

envault

  • 0.2.2
  • Rubygems
  • Socket score
Version published
Maintainers
1
Created
Source

envault

Build Status Gem Version

Encrypt secret information environment variables by yaml.

Settings(Environment Variables)

export ENVAULT_PASSPHRASE=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
export ENVAULT_SIGN_PASSPHRASE=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
export ENVAULT_SALT=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Settings(yaml file)

development:
  passphrase: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
  sign_passphrase: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
  salt: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
  prefix: ENVAULT_

staging:
  passphrase: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  sign_passphrase: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  salt: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  prefix: ENVAULT_

production:
  provider: kms
  key_id: XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
  prefix: ENVAULT_
  • AWS KMS support.

Encrypt and Decrypt

$ cat .env
USERNAME_A: hogehoge
USERNAME_B: fugafuga
USERNAME_C: mogomogo
PASSWORD_A: hogehoge
PASSWORD_B: fugafuga
PASSWORD_C: mogomogo
API_KEY_A: hogehoge
API_KEY_B: fugafuga
API_KEY_C: mogomogo

## encrypt file
$ envault -e -s .env -c envault.yml --profile staging -k '^PASSWORD_.*' '^API_KEY_.*' > .env.encrypt
$ cat .env.encrypt
USERNAME_A: "hogehoge"
USERNAME_B: "fugafuga"
USERNAME_C: "mogomogo"
ENVAULT_PASSWORD_A: "VmI4TkcwYXFRdnp3cTNINFo5NHZNWWtUakd4WE9iWDhJdFIzVnQydXlMaz0tLU5CS2JONW1FalorMGxsOGxUYmpXUFE9PQ==--3e301c251f5a7cf0e6280daa3bc14cc04c2cbff492758028c9e5fd6ddc72660e"
ENVAULT_PASSWORD_B: "QzI1eFZnampSZkk3QWxEYkZjemNlMVpmWWVEVFluZjhJV01zS3JKNUlvST0tLUNvWDdNWVFGMUMwVGEvaTNFMkJVU2c9PQ==--d58c39f5e71b382f2d2778e8c02c58339ed330e0dc31067ed6544fcb94397700"
ENVAULT_PASSWORD_C: "eGo0S3pLRWV0OFRrdVRzTmwvZlR3VkN6a2xjeHpvcHV0ZlZMenNOUm1Wbz0tLS80WjFuRzQrQ29uSU5SbDBSOGUyRlE9PQ==--7c2342c9533b70af50be5cf1dd12aa66f595263ea4c8aa347b185a7a8e57fb3c"
ENVAULT_API_KEY_A: "QThLSGF4VXNST3ZXL0VTVURzMlQ3aUE2aXppTlc5aUxUWk9Xa0hXS25NYz0tLTAxWlI0OU0zdnZXUG1MdmtYY2FZK0E9PQ==--fff50bafac593d6c50da369f1e040e0f6db8623299078ccda029bbeed12a93c7"
ENVAULT_API_KEY_B: "cWdFS21HdnArNlBzcFhremhFNTJzdzhtYkNwWUIrb2dzekFsbzZxQjRsQT0tLWZUZTdpYW1Bc2xqRXcvMjB4eDRNc1E9PQ==--edb6d0bace9f1cd4c9eeef0a9289d43fd6724625e601aa46e9ebb12f6405efb6"
ENVAULT_API_KEY_C: "YllDcDhYUTJGZWhTRjBaQTU4L3RlZitzYVN3OTV6OXhSbkZHbFBWaWF3cz0tLVo1MGFZVkNWQ3g2UXdwRlBFaW43MWc9PQ==--fd0642530754f235856f9ebba252bb34156666498433e05c2ce29573aad6ec69"

## decrypt file
$ envault -d -s .env.encrypt -c envault.yml --profile staging
USERNAME_A: "hogehoge"
USERNAME_B: "fugafuga"
USERNAME_C: "mogomogo"
PASSWORD_A: "hogehoge"
PASSWORD_B: "fugafuga"
PASSWORD_C: "mogomogo"
API_KEY_A: "hogehoge"
API_KEY_B: "fugafuga"
API_KEY_C: "mogomogo"

## if use other profile, Error
$ envault -d -s .env.encrypt -c envault.yml --profile production                                                                                            1 ↵
/Users/toyama-h/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/activesupport-4.2.5/lib/active_support/message_verifier.rb:49:in `verify': ActiveSupport::MessageVerifier::InvalidSignature (ActiveSupport::MessageVerifier::InvalidSignature)
        from /Users/toyama-h/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/activesupport-4.2.5/lib/active_support/message_encryptor.rb:64:in `decrypt_and_verify'
        from /Users/toyama-h/Dropbox/github/envault/lib/envault/core.rb:51:in `block in decrypt_process'
        from /Users/toyama-h/Dropbox/github/envault/lib/envault/core.rb:49:in `each'
        from /Users/toyama-h/Dropbox/github/envault/lib/envault/core.rb:49:in `map'
        from /Users/toyama-h/Dropbox/github/envault/lib/envault/core.rb:49:in `decrypt_process'
        from /Users/toyama-h/Dropbox/github/envault/lib/envault/core.rb:44:in `decrypt_yaml'
        from /Users/toyama-h/Dropbox/github/envault/lib/envault/cli.rb:74:in `block in decrypt_file'
        from /Users/toyama-h/Dropbox/github/envault/lib/envault/cli.rb:73:in `each'
        from /Users/toyama-h/Dropbox/github/envault/lib/envault/cli.rb:73:in `decrypt_file'
        from /Users/toyama-h/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/thor-0.19.1/lib/thor/command.rb:27:in `run'
        from /Users/toyama-h/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/thor-0.19.1/lib/thor/invocation.rb:126:in `invoke_command'
        from /Users/toyama-h/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/thor-0.19.1/lib/thor.rb:359:in `dispatch'
        from /Users/toyama-h/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/thor-0.19.1/lib/thor/base.rb:440:in `start'
        from /Users/toyama-h/Dropbox/github/envault/bin/envault:6:in `<top (required)>'
        from /Users/toyama-h/bin/envault:17:in `load'
        from /Users/toyama-h/bin/envault:17:in `<main>'

reencrypt(config)

$ cat .envault.test
old_staging:
  passphrase: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
  sign_passphrase: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
  salt: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
  prefix: OLD_ENVAULT_

staging:
  passphrase: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  sign_passphrase: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  salt: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  prefix: ENVAULT_

$ cat .env.encrypt
OLD_ENVAULT_A: "aaaaaaaaaaaaaa"
OLD_ENVAULT_B: "bbbbbbbbbbbbbbb"
C: "hoge"

$ envault reencrypt_file -s .env.encrypt -c ~/.envault --from_profile old_staging --to_profile staging --overwrite

$ cat .env.encrypt
ENVAULT_A: "ccccccccccccccc"
ENVAULT_B: "ddddddddddddddd"
C: "hoge"

Load AND command(Environment Variables)

$ envault load -s .env.encrypt --command 'echo $PASSWORD_A'
hogehoge

Load Application(Environment Variables)

require 'envault'
Envault.load('.env.encrypt')
p ENV['PASSWORD_A']
#=> hogehoge

Load Application(Profile)

require 'envault'
Envault.load_with_profile('.env.encrypt', config: '.envault', profile: 'staging')
p ENV['PASSWORD_B']
#=> fugafuga

Installation

Add this line to your application's Gemfile:

gem 'envault'

And then execute:

$ bundle

Or install it yourself as:

$ gem install envault

Synopsis

$ envault

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request

Information

FAQs

Package last updated on 10 Nov 2017

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries

Research

Security News

Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries

Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.

By Kirill Boychenko  -  Nov 22, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc