-
Notifications
You must be signed in to change notification settings - Fork 0
/
decryptor.rb
56 lines (44 loc) · 1.51 KB
/
decryptor.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# frozen_string_literal: true
require 'base64'
require 'openssl'
require 'optparse'
options = {}
OptionParser.new do |opts|
opts.banner = "Usage: decryptor.rb [options]"
opts.on('--conflict') do
options[:conflict] = true
end
opts.on('--compare=BRANCH') do |branch|
options[:compare] = branch
end
end.parse!
def decrypt(content, key)
encrypted_data, iv, auth_tag = content.split("--").map { |v| ::Base64.strict_decode64(v) }
secret = [ key ].pack("H*")
cipher = OpenSSL::Cipher.new('aes-128-gcm')
cipher.decrypt
cipher.key = secret
cipher.iv = iv
cipher.auth_tag = auth_tag
cipher.auth_data = ""
decrypted_data = cipher.update(encrypted_data)
decrypted_data << cipher.final
Marshal.load(decrypted_data)
end
path = ENV['RAILS_MASTER_KEY'] || 'config/master.key'
key = File.read(File.expand_path("../../#{path}", __FILE__)).strip
if options.empty?
content_file = ARGV.empty? ? File.expand_path('../../config/credentials.yml.enc', __FILE__) : ARGV[0]
content = File.read(content_file)
puts decrypt(content, key)
else
require 'open3'
stdout, _, _ = if (target = options[:compare])
Open3.capture3("git diff --color #{target}:config/credentials.yml.enc HEAD:config/credentials.yml.enc")
else
target = File.exists?(File.expand_path('../.git/REBASE_HEAD', __dir__)) ? 'REBASE_HEAD' : 'MERGE_HEAD'
Open3.capture3("git diff --color HEAD:config/credentials.yml.enc #{target}:config/credentials.yml.enc")
end
stdout = 'Nothing changed' if stdout.empty?
puts stdout
end