Add basic file encryption/decryption support to nib
. This project deviates from the original intention of nib
in that it does not specifically relate to docker-compose
at all. In that way the API will be slightly different because a "service" is not involved, just file en/decryption.
Install the gem on your machine globally:
gem install nib-crypt
OpenSSL
is used to perform the file encryption/decryption (present on most systems already)AWS Command Line Interface
is used to fetch and persist keys on in a bucket on S3 (install via whalebrew recommended)
nib-crypt
will use a shared key for the purposes of encryption and decryption. These keys are to be stored in a (hopefully!) secure bucket on AWS S3. That means nib-crypt
must be configured with the name of the bucket you would like to store secret files in.
# .bashrc or .zshenv etc
export NIB_CRYPT_BUCKET_NAME=secrets-r-us
nib-crypt
expects a file name secrets.aes
to be present in the current directory (typically the root of a project). If this file does not exists the crypt-init
command can be used to create one or pull an existing one from AWS S3 if one exists for the project.
This command will check to see if a key exists for the current project (stored as projectname.secrets.aes
on AWS S3). If a key exists it will be copied down from AWS S3. If a key does not yet exist a new one will be created and pushed to the configured bucket on AWS S3.
nib crypt-init
Use the existing key file to encrypt a file
nib encrypt [input] [output]
nib decrypt [input] [output]
After pull down the repo build an image and use Guard to facilitate running specs and RuboCop.
nib build
nib guard gem
Bug reports and pull requests are welcome on GitHub at https://github.com/johnallen3d/nib-crypt.
The gem is available as open source under the terms of the MIT License.