{"id":18510760,"url":"https://github.com/envato/ejson_wrapper","last_synced_at":"2026-03-14T04:31:18.479Z","repository":{"id":54391278,"uuid":"103341010","full_name":"envato/ejson_wrapper","owner":"envato","description":"Combines EJSON with AWS KMS","archived":false,"fork":false,"pushed_at":"2024-02-22T06:23:30.000Z","size":59,"stargazers_count":5,"open_issues_count":2,"forks_count":2,"subscribers_count":57,"default_branch":"main","last_synced_at":"2025-03-23T23:34:08.545Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/envato.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2017-09-13T02:01:28.000Z","updated_at":"2024-01-24T16:54:03.000Z","dependencies_parsed_at":"2024-02-22T07:26:37.418Z","dependency_job_id":null,"html_url":"https://github.com/envato/ejson_wrapper","commit_stats":{"total_commits":40,"total_committers":5,"mean_commits":8.0,"dds":"0.42500000000000004","last_synced_commit":"52a2fb00e6cf5321752787c917fe81e2b8f02c12"},"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envato%2Fejson_wrapper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envato%2Fejson_wrapper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envato%2Fejson_wrapper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envato%2Fejson_wrapper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/envato","download_url":"https://codeload.github.com/envato/ejson_wrapper/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247639455,"owners_count":20971541,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T15:24:55.743Z","updated_at":"2026-03-14T04:31:13.435Z","avatar_url":"https://github.com/envato.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# EJSON Wrapper\n\nWraps the [`ejson`](https://github.com/Shopify/ejson) program to safely execute it and parse the resulting JSON. Additionally it offers a feature to encrypt/decrypt secrets with encrypted private key using AWS KMS.\n\n## Prerequisites\n\n* [`ejson`](https://github.com/Shopify/ejson) application\n* Path to `ejson` binary is included in `PATH` environment variable\n\n## Installation\n\nAdd this line to your application's Gemfile:\n\n```ruby\ngem 'ejson_wrapper'\n```\n\nAnd then execute:\n\n```\n$ bundle\n```\n\nOr install it yourself as:\n\n```\n$ gem install ejson_wrapper\n```\n\n## Usage\n\n### Decrypting EJSON files\n\nEnsure your application has [AWS IAM Permission to decrypt with KMS](https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policy-example-encrypt-decrypt-specific-cmks).\n\nIn Ruby code:\n\n```\n# Private key is in /opt/ejson/keys\nEJSONWrapper.decrypt('myfile.ejson')\n=\u003e { :my_api_key =\u003e 'secret' }\n\n# Private key is in /alternate/key/dir\nEJSONWrapper.decrypt('myfile.ejson', key_dir: 'alternate/key/dir')\n=\u003e { :my_api_key =\u003e 'secret' }\n\n# Private key is in memory\nEJSONWrapper.decrypt('myfile.ejson', private_key: 'be8597abaa68bbfa23193624b1ed5e2cd6b9a8015e722138b23ecd3c90239b2d')\n=\u003e { :my_api_key =\u003e 'secret' }\n\n# Private key is stored inside the ejson file itself as _private_key_enc (encrypted with KMS \u0026 Base64 encoded)\nEJSONWrapper.decrypt('myfile.ejson', use_kms: true, region: 'ap-southeast-2')\n=\u003e { :my_api_key =\u003e 'secret' }\n```\n\nCommand line:\n\n```\n# decrypt all\n$ ejson_wrapper decrypt --file file.ejson --region us-east-1\n{\n  \"my_api_key\": \"[secret]\"\n}\n\n# decrypt \u0026 extract a specific secret\n$ ejson_wrapper decrypt --file file.ejson --region us-east-1 --secret my_api_key\n[secret]\n```\n\n### Generating EJSON files\n\nEnsure your application has [AWS IAM Permission to encrypt with KMS](https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policy-example-encrypt-decrypt-specific-cmks).\n\nFirstly, the EJSON is generated to have public key and Base64 encoded \u0026 encrypted private key in `_public_key` and `_private_key_enc` respectively with:\n\nUsing CLI:\n\n```\n$ ejson_wrapper generate --region $AWS_REGION --kms-key-id [key_id] --file myfile.ejson\nGenerated EJSON file myfile.ejson\n```\n\nOR Ruby code:\n\n```\n# Generate encrypted EJSON file (overwritting the unencrypted EJSON file)\nEJSONWrapper.generate(region: ENV['AWS_REGION'], kms_key_id: 'key_id', file: 'myfile.ejson')\n=\u003e Generated EJSON file myfile.ejson\n```\n\nVerify to ensure the new file contain the two required keys:\n\n```\n$ cat myfile.ejson\n{\n  \"_public_key\": \"[public_key]\",\n  \"_private_key_enc\":\"[base64_encoded_encrypted_private_key]\",\n}\n```\n\nYou now can add secrets into the EJSON file, in following example `my_api_key` in plaintext entry is added:\n\n```\n# myfile.ejson\n{\n  \"_public_key\": \"[public_key]\",\n  \"_private_key_enc\":\"[base64_encoded_encrypted_private_key]\",\n  \"my_api_key\": \"plaintext\"\n}\n```\n\nto encrypt the secrets, run following command:\n\n```\n$ ejson encrypt myfile.ejson\n```\n\nVerify to ensure the secret is encrypted correctly:\n\n```\n$ cat myfile.ejson\n{\n  \"_public_key\": \"[public_key]\",\n  \"_private_key_enc\":\"[base64_encoded_encrypted_private_key]\",\n  \"my_api_key\": \"encrypted_secret\"\n}\n```\n\n## Development\n\nAfter checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.\n\nTo install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).\n\n## Contributing\n\nBug reports and pull requests are welcome on GitHub at https://github.com/envato/ejson_wrapper.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenvato%2Fejson_wrapper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fenvato%2Fejson_wrapper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenvato%2Fejson_wrapper/lists"}