support decryption via hiera-eyaml

cacheventures · Feb 16, 2018 · f15a232 · f15a232
1 parent 8688a68
commit f15a232
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 4 deletions.
diff --git a/.ruby-gemset b/.ruby-gemset
@@ -0,0 +1 @@
+chorizo
diff --git a/.ruby-version b/.ruby-version
@@ -1 +1 @@
-2.2.3
+2.5.0
diff --git a/Gemfile b/Gemfile
@@ -2,6 +2,7 @@ source "https://rubygems.org"
 
 gem 'slop', '~> 3.6'
 gem 'colorize'
+gem 'hiera-eyaml'
 
 group :development do
   gem 'pry'

diff --git a/lib/chorizo.rb b/lib/chorizo.rb
@@ -48,16 +48,30 @@ def build_output(env, host)
 
   def cloud66(env)
     output = build_output(env, 'cloud66')
-    output.each { |k,v| puts "#{k.upcase}=#{v}" }
+    output.each do |k,v|
+      value = decrypt_value(v)
+      puts "#{k.upcase}=#{value}"
+    end
   end
 
   def heroku(env, app)
     output = build_output(env, 'heroku')
     cmd_output = output.map do |k,v|
-      val = "#{v}".shellescape
-      "#{k}=#{val}"
+      value = decrypt_value(v)
+      escaped_value = "#{v}".shellescape
+      "#{k}=#{escaped_value}"
     end.join(' ')
     system "heroku config:set #{cmd_output} -a #{app}"
   end
 
+  def decrypt_value(value)
+    if value =~ /^ENC\[/
+      Open3.popen2("eyaml", "decrypt", "-s", value) do |i, o, t|
+        o.read.chomp
+      end
+    else
+      value
+    end
+  end
+
 end