Class: Invar::Rake::Task::SecretsFileHandler

Inherits:

NamespacedFileTask

Object
NamespacedFileTask
Invar::Rake::Task::SecretsFileHandler

show all

Defined in:: lib/invar/rake/task/secrets.rb

Overview

Rake task handler for actions on the secrets file.

Constant Summary collapse

SECRETS_INSTRUCTIONS = Instructions hint for how to handle secret keys.

"Generated key. Save this key to a secure password manager, you will need it to edit the secrets.yml file:\n"

SWAP_EXT =

'tmp'

Instance Method Summary collapse

#create(content: SECRETS_TEMPLATE) ⇒ Object

Creates a new encrypted secrets file and prints the generated encryption key to STDOUT.
#edit ⇒ Object

Updates the file with new content.
#rotate ⇒ Object

Methods inherited from NamespacedFileTask

#file_path, #initialize

Constructor Details

This class inherits a constructor from Invar::Rake::Task::NamespacedFileTask

Instance Method Details

#create(content: SECRETS_TEMPLATE) ⇒ `Object`

Creates a new encrypted secrets file and prints the generated encryption key to STDOUT

# File 'lib/invar/rake/task/secrets.rb', line 18

def create(content: SECRETS_TEMPLATE)
   encryption_key = Lockbox.generate_key

   write_encrypted_file(file_path,
                        encryption_key: encryption_key,
                        content:        content,
                        permissions:    PrivateFile::DEFAULT_PERMISSIONS)

   warn SECRETS_INSTRUCTIONS
   puts encryption_key
end

#edit ⇒ `Object`

Updates the file with new content.

Either the content is provided over STDIN or the default editor is opened with the decrypted contents of the secrets file. After closing the editor, the file will be updated with the new encrypted contents.

# File 'lib/invar/rake/task/secrets.rb', line 34

def edit
   content = $stdin.stat.pipe? ? $stdin.read : nil

   edit_encrypted_file(secrets_file, content: content)

   warn "File saved to #{ secrets_file }"
end

#rotate ⇒ `Object`

# File 'lib/invar/rake/task/secrets.rb', line 42

def rotate
   file_path = secrets_file

   decrypted = read_encrypted_file(file_path, encryption_key: determine_key(file_path))

   swap_file = file_path.dirname / [file_path.basename, SWAP_EXT].join('.')
   file_path.rename swap_file

   begin
      create content: decrypted
      swap_file.delete
   rescue StandardError
      swap_file.rename file_path.to_s
   end
end