Add first gem, make encrypt_value a binary, and make a keys dir

HenryTheHamster · Jul 12, 2013 · 5ec0890 · 5ec0890
1 parent d9264cf
commit 5ec0890
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 19 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,5 @@
 .idea
 *.iml
 *.gradle
+keys/*.pem
+pkg/*/lib
diff --git a/README.md b/README.md
@@ -40,6 +40,10 @@ N.B. when using the multi-line string syntax (i.e. >) **don't wrap encrypted str
 Setup
 =====
 
+### Installing hiera-eyaml
+
+    $ gem install hiera-eyaml
+
 ### Generate keys
 
 The first step is to create a pair of keys on the Puppet master
@@ -58,16 +62,6 @@ so I don’t see that as adding much in the way of security."
 Change the permissions so that the private key is only readable by the user that hiera (puppet) is
 running as.
 
-### Install eYaml backend
-
-I'm new to ruby and tight on deadlines so I will create a gem thing when I get a chance,
-but for now just copy eyaml_backend.rb to the same directory as the existing backends e.g.
-/usr/lib/ruby/site_ruby/1.8/hiera/backend
-
-You can find the directory with:
-
-    $ sudo find / -name yaml_backend.rb
-
 ### Configure Hiera
 
 Next configure hiera.yaml to use the eyaml backend
@@ -93,20 +87,18 @@ Next configure hiera.yaml to use the eyaml backend
 
 ### Encrypt value
 
-Copy public_key.pem created earlier to any machine where values will be encrypted and
-use openssl to encrypt sensitive data.
+Copy the public_key.pem created earlier to the keys subdirectory of this git repository.
 
-There is a very basic helper file encrypt_value.rb which will do this for you. Just copy the
-public key to the same directory as encrypt_value.rb (or vice versa), navigate to that
-directory and run
+There is a very basic helper file bin/encrypt_value.rb which will encrypt values for you 
+based on the public_key.pem. Run:
 
-    $ ruby encrypt_value.rb "my secret thing"
+    $ bin/encrypt_value.rb "my secret thing"
 
-The encrypted value is printed to the command line
+The encrypted value is printed to STDOUT
 
 If you wish to rename your key or keep it in another directory run
 
-    $ ruby encrypt_value.rb "my secret thing" /path/to/key/my_key.pem
+    $ encrypt_value.rb "my secret thing" /path/to/key/my_key.pem
 
 ### Insert encrypted value
 

diff --git a/Rakefile b/Rakefile
@@ -0,0 +1,20 @@
+require 'rubygems'
+require 'rake/gempackagetask'
+
+spec = Gem::Specification.new do |gem|
+    gem.name = "hiera-eyaml"
+    gem.version = "1.0.0"
+    gem.summary = "OpenSSL Encryption backend for Hiera"
+    gem.email = "[email protected]"
+    gem.author = "Tom Paulton"
+    gem.homepage = "http://github.com/TomPaulton/hiera-eyaml"
+    gem.description = "Hiera backend for decrypting encrypted yaml properties"
+    gem.require_path = "lib"
+    gem.files = FileList["lib/**/*"].to_a
+    gem.add_dependency('hiera', '>=0.2.0')
+end
+
+Rake::GemPackageTask.new(spec) do |pkg|
+    pkg.need_tar = true
+end
+
diff --git a/encrypt_value.rb → bin/encrypt_value.rb b/encrypt_value.rb → bin/encrypt_value.rb
@@ -1,9 +1,10 @@
+#!/usr/bin/env ruby
 require 'openssl'
 require 'base64'
 
 # Run from this directory using: ruby encrypt_value.rb "value to encrypt"
 
-public_key_path = './public_key.pem'
+public_key_path = 'keys/public_key.pem'
 
 plain_text = ARGV[0]
 public_key_arg = ARGV[1]

diff --git a/keys/.keepme b/keys/.keepme
diff --git a/pkg/hiera-eyaml-1.0.0.gem b/pkg/hiera-eyaml-1.0.0.gem