Crypt-Credentials
view release on metacpan or search on metacpan
},
"provides" : {
"Crypt::Credentials" : {
"file" : "lib/Crypt/Credentials.pm",
"version" : "0.006"
}
},
"release_status" : "stable",
"resources" : {
"bugtracker" : {
"web" : "https://github.com/Leont/crypt-credentials/issues"
},
"repository" : {
"type" : "git",
"url" : "git://github.com/Leont/crypt-credentials.git",
"web" : "https://github.com/Leont/crypt-credentials"
}
},
"version" : "0.006",
"x_generated_by_perl" : "v5.40.1",
"x_serialization_backend" : "Cpanel::JSON::XS version 4.39",
"x_spdx_expression" : "Artistic-1.0-Perl OR GPL-1.0-or-later"
}
Crypt::SysRandom: '0'
File::Basename: '0'
File::Path: '0'
File::Slurper: '0'
File::Spec::Functions: '0'
YAML::PP: '0'
perl: '5.010'
strict: '0'
warnings: '0'
resources:
bugtracker: https://github.com/Leont/crypt-credentials/issues
repository: git://github.com/Leont/crypt-credentials.git
version: '0.006'
x_generated_by_perl: v5.40.1
x_serialization_backend: 'YAML::Tiny version 1.76'
x_spdx_expression: 'Artistic-1.0-Perl OR GPL-1.0-or-later'
lib/Crypt/Credentials.pm view on Meta::CPAN
use Crypt::SysRandom 'random_bytes';
use File::Basename 'dirname';
use File::Path 'make_path';
use File::Slurper qw/read_binary write_binary/;
use File::Spec::Functions qw/catdir catfile curdir updir abs2rel rel2abs/;
use YAML::PP;
sub new {
my ($class, %args) = @_;
my $dir = rel2abs($args{dir} // catdir(curdir, 'credentials'));
my $check_file = catfile($dir, 'check.enc');
my $real_key;
if (-f $check_file) {
for my $key (@{ $args{keys} }) {
my $length = length $key;
croak "Invalid key size($length)" if $length != 16 && $length != 24 && $length != 32;
my $tag = eval { $class->_get($check_file, $key) } // '';
lib/Crypt/Credentials.pm view on Meta::CPAN
my ($self, $name, @content) = @_;
my $plaintext = $ypp->dump_string(@content);
return $self->put($name, $plaintext);
}
sub _get {
my ($self, $filename, $key) = @_;
my $raw = read_binary($filename);
my ($iv, $tag, $ciphertext) = unpack $format, $raw;
my $plaintext = gcm_decrypt_verify('AES', $key, $iv, '', $ciphertext, $tag);
croak 'Could not decrypt credentials file' if not defined $plaintext;
return $plaintext;
}
sub get {
my ($self, $name) = @_;
my $filename = catfile($self->{dir}, "$name.yml.enc");
croak "No such credentials '$name'" if not -f $filename;
return $self->_get($filename, $self->{key});
}
sub get_yaml {
my ($self, $name) = @_;
my $plaintext = $self->get($name);
return $ypp->load_string($plaintext);
}
sub has {
lib/Crypt/Credentials.pm view on Meta::CPAN
=head1 NAME
Crypt::Credentials - Manage credential files
=head1 VERSION
version 0.006
=head1 SYNOPSIS
my $credentials = Crypt::Credentials->new(
dir => $dir,
keys => split /:/, $ENV{CREDENTIAL_KEYS},
);
my $password = $credentials->get('password');
=head1 DESCRIPTION
This module implements a credentials store. Essentially it allows you to expand one secret (the key of the store) into any number of secrets.
=head1 METHODS
=head2 new
$self->new(keys => \@keys, dir => $dir)
This creates a new C<Crypt::Credentials> object. It takes two named arguments: C<@keys> (mandatory) are the cryptographic keys used to encrypt the credentials, they must be either 16, 24, or 32 bytes long. If multiple keys are given they're tried unt...
=head2 get
$self->get($name)
This reads the credentials entry for C<$name>, or throws an exception if it can't be opened for any reason.
=head2 get_yaml
$self->get_yaml($name)
Like the above, except it will decode the payload as YAML.
=head2 put
$self->put($name, $value)
This will write the values to the named credentials entry.
=head2 put_yaml
$self->put_yaml($name, \%values)
Like the above, but it will encode the value to YAML first.
=head2 has
$self->has($name)
This checks if a credentials entry exists
=head2 remove
$self->remove($name)
This removes a credentials entry. It will silently succeed if no such entry exists.
=head2 list
$self->list
This will list all credential entries.
=head2 recode
$self->recode($new_key)
use warnings;
use Test::More;
use Crypt::Credentials;
use File::Slurper 'read_binary';
use File::Temp 'tempdir';
my $dir = tempdir(CLEANUP => 1);
my $credentials = Crypt::Credentials->new(
keys => [ '0123456789ABCDEF' ],
dir => $dir,
);
is_deeply [$credentials->list], [], 'No entries yet';
my $original = { password => 'pass123' };
my $written = eval { $credentials->put_yaml('first', $original); 1 };
ok $written, 'Entry was written';
my $back = eval { $credentials->get_yaml('first') };
is_deeply($back, $original, 'Values roundtrip');
is_deeply [$credentials->list], ['first'], 'One entry';
my $file = File::Spec->catdir($dir, 'first.yml.enc');
ok -B $file, 'File is binary';
my $raw_before = read_binary($file);
$credentials->recode('FEDCBA9876543210');
my $raw_after = read_binary($file);
isnt($raw_after, $raw_before, 'File changed on recode');
my $credentials2 = Crypt::Credentials->new(
keys => [ '0123456789ABCDEF', 'FEDCBA9876543210' ],
dir => $dir,
);
my $back2 = eval { $credentials2->get_yaml('first') };
is_deeply($back2, $original, 'Values roundtrip again');
done_testing;
( run in 0.607 second using v1.01-cache-2.11-cpan-c333fce770f )