Publish as generic eyaml support for ruby

[marek-obuchowicz]

Guys,

Great piece of software. Is there any chance that you allow direct ruby calls to read+decrypt eyaml file (like YAML::load) and/or to encrypt/decript strings via function call? Would be great if we could benefit from your work not only while using hiera

[TomPoulton]

Hi @marek-obuchowicz, that's an interesting request. Theoretically yes that's fine, it would be good to ensure it's all modular anyway so that the encryption stuff is all isolated and the interaction with hiera is just the "presentation" layer, but we'd have to make sure all the keys and options etc are handled in a nice way for both hiera setups and direct ruby usage.

I'm working on refactoring a lot of the options handling and behind the scenes stuff so I'll bear this request in mind as I'm working on it.

[mariusor]

Until this issue can be solved in a more straight forward manner, I'm using something similar to this snippet:

I think its only benefit is not having to go through the shell, but YMMV.

require 'hiera/backend/eyaml/options'
require 'hiera/backend/eyaml/subcommands/encrypt'

def load_public_key (public_key_file)
    raise "eyaml public key file not found / readable: #{public_key_file}" unless File.readable? public_key_file

    Hiera::Backend::Eyaml::Options['pkcs7_public_key'] = public_key_file
end

def encrypt_string (input, public_key='./keys/public_key.pkcs7.pem')
    load_public_key public_key

    Hiera::Backend::Eyaml::Options[:source] = 'string'
    Hiera::Backend::Eyaml::Options[:input_data] = input
    output = Hiera::Backend::Eyaml::Subcommands::Encrypt.execute
    output.chomp
 end