Permalink
Browse files

Example use of s3store to store encrypted blobs in S3 for use by Tddium.

  • Loading branch information...
1 parent 4cbcdf9 commit 00388c23e70f1f305159d04b83ad272deef08062 William Josephson committed Mar 28, 2012
Showing with 39 additions and 0 deletions.
  1. +1 −0 .gitignore
  2. +18 −0 README
  3. 0 data/.gitkeep
  4. +10 −0 lib/tasks/tddium.rake
  5. +10 −0 test/unit/secret_test.rb
View
@@ -2,3 +2,4 @@ log/*
db/*.sqlite3
tmp
.tddium*
+.tddium
View
18 README
@@ -0,0 +1,18 @@
+# Example of importing encrypted files from S3 into Tddium
+#
+# 1. Create a new, read-only IAM identity with access just to
+# the bucket and prefix that will host your secure blobs
+#
+# 2. Use s3store to upload an encrypted blob; you will need to use AWS
+# keys with write permissions for the bucket
+#
+# 3. Use `tddium config:add` to add configuration values for your new
+# read-only IAM identity to your suite
+#
+# a. TDDIUM_S3_REGION - AWS S3 region, defaults to us-east-1
+# b. TDDIUM_S3_KEY_ID - AWS S3 secret key ID
+# c. TDDIUM_S3_SECRET - AWS S3 secret access key
+# d. TDDIUM_S3_PASSPHRASE - OpenSSL AES passphrase
+#
+# 4. Download and decrypt the blob and install it from a pre_hook task.
+# See lib/tasks/tddium.rake for an example.
View
No changes.
View
@@ -0,0 +1,10 @@
+# Copyright (c) 2012 Solano Labs All Rights Reserved
+
+namespace :tddium do
+ desc "tddium pre hook"
+ task :pre_hook do
+ url="s3://solano-labs.s3.amazonaws.com/s3store/todo.enc"
+ Kernel.system("s3store fetch #{url}")
+ Kernel.system("mv todo.enc #{ENV['TDDIUM_REPO_ROOT']}/data/secret.dat")
+ end
+end
View
@@ -0,0 +1,10 @@
+require 'test_helper'
+
+class SecretTest < ActiveSupport::TestCase
+ test "private data" do
+ path = File.join(File.dirname(__FILE__), '../..', 'data', 'secret.dat')
+ path = File.expand_path(path)
+ data = File.read(path)
+ assert data == "secret data\n"
+ end
+end

0 comments on commit 00388c2

Please sign in to comment.