{"id":13845958,"url":"https://github.com/mschuchard/rapid-vaults","last_synced_at":"2026-03-05T16:47:08.161Z","repository":{"id":43703376,"uuid":"120202218","full_name":"mschuchard/rapid-vaults","owner":"mschuchard","description":"Ad-hoc encrypt and decrypt data behind multiple layers of protection via OpenSSL or GPG","archived":false,"fork":false,"pushed_at":"2025-01-30T14:09:27.000Z","size":159,"stargazers_count":4,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-16T07:07:13.142Z","etag":null,"topics":["decrypt","decrypt-data","decrypt-files","decrypting-files","decryption","encrypt","encrypted-data","encryption","encryption-decryption","encryption-tool","gpg","hacktoberfest","ruby","rubygem","secure","security","security-tools","ssl"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mschuchard.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-02-04T16:31:10.000Z","updated_at":"2025-01-30T14:09:31.000Z","dependencies_parsed_at":"2023-11-08T23:33:17.283Z","dependency_job_id":"c9e8d791-8ae6-4758-9ad2-4f97268d7355","html_url":"https://github.com/mschuchard/rapid-vaults","commit_stats":{"total_commits":121,"total_committers":1,"mean_commits":121.0,"dds":0.0,"last_synced_commit":"e8fbe94758a141fff2649681280a8458c4716ce3"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mschuchard%2Frapid-vaults","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mschuchard%2Frapid-vaults/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mschuchard%2Frapid-vaults/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mschuchard%2Frapid-vaults/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mschuchard","download_url":"https://codeload.github.com/mschuchard/rapid-vaults/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250371309,"owners_count":21419566,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["decrypt","decrypt-data","decrypt-files","decrypting-files","decryption","encrypt","encrypted-data","encryption","encryption-decryption","encryption-tool","gpg","hacktoberfest","ruby","rubygem","secure","security","security-tools","ssl"],"created_at":"2024-08-04T17:04:12.416Z","updated_at":"2026-03-05T16:47:08.122Z","avatar_url":"https://github.com/mschuchard.png","language":"Ruby","funding_links":[],"categories":["Ruby"],"sub_categories":[],"readme":"# Rapid Vaults\n- [Description](#description)\n- [Usage](#usage)\n  - [CLI](#cli)\n  - [API](#api)\n  - [gRPC](#grpc)\n  - [Docker](#docker)\n  - [Ansible](#ansible)\n  - [Puppet](#puppet)\n  - [Chef](#chef)\n- [Contributing](#contributing)\n\n## Description\n\nRapid Vaults is a gem that performs ad-hoc encryption and decryption of data behind multiple layers of protection via OpenSSL or GPG. It is lightweight and easy-to-use software to secure and retrieve your data with multiple layers of defense and verification.\n\n### Comparative Software\n\nAnsible-Vault is very similar to Rapid Vaults. Both are streamlined and easy to use ad-hoc encryption and decryption tools. The two primary differences are that Rapid Vaults has a Ruby API instead of a Python API and that Rapid Vaults offers additional verification and defense layers. The API can also be considered similar to the high level recipes provided by PyCA's Cryptography.\n\n### Non-Comparative Software\n\nRapid Vaults is not similar to tools like RbNaCl or Hashicorp's Vault. RbNaCl offers advanced encryption techniques by providing bindings to libsodium. Rapid Vaults relies upon AES-256-GCM (OpenSSL) or GPG's algorithms (RSA, SHA-512, etc.). Hashicorp's Vault is Enterprise level software with many powerful features and conveniences. Rapid Vaults is a lightweight and narrowly focused tool. However, Rapid Vaults can be considered algorithmically very similar to Vault's Transit secret engine.\n\n## Usage\n\n### CLI\n\nNote trailing information for each flag/argument for possible differences with utilizing GPG.\n\n```\nusage: rapid-vaults [options] file\n        --gpg                        Use GNUPG/GPG instead of GNUTLS/OpenSSL for encryption/decryption.\n    -g, --generate                   Generate a key and nonce for encryption and decryption (GPG: keys only).\n    -e, --encrypt                    Encrypt a file using a key and nonce and generate a tag (GPG: key and pw only).\n    -d, --decrypt                    Decrypt a file using a key, nonce, and tag (GPG: key and pw only).\n    -k, --key key                    Key file to be used for encryption or decryption. (GPG: use GNUPGHOME)\n    -n, --nonce nonce                Nonce file to be used for encryption or decryption (GPG: n/a).\n    -t, --tag tag                    Tag file to be used for decryption (GPG: n/a).\n    -p, --password password          (optional) Password to be used for encryption or decryption (GPG: required).\n    -f, --file-password password.txt (optional) Text file containing a password to be used for encryption or decryption (GPG: required).\n    -b, --binding binding            Output files to support bindings for other software languages.\n    --gpgparams                      GPG Key params input file used during generation of keys.\n    -o --outdir                      Optional output directory for generated files (default: pwd). (GPG: optional)\n```\n\n#### Generate Key and Nonce with SSL\n`rapid-vaults -g`\n\n#### Encrypt File with SSL\n\n`rapid-vaults -e -k key.txt -n nonce.txt -p secret -o /output/dir unencrypted.txt`\n\n#### Decrypt a File with SSL\n\n`rapid-vaults -d -k key.txt -n nonce.txt -t tag.txt -p secret -o /output/dir encrypted.txt`\n\n#### Generate Keys with GPG\nThis is the only situation where a `--gpgparams` flag and argument is required or utilized. The file provided as the argument should look like the following:\n\n```\n\u003cGnupgKeyParms format=\"internal\"\u003e\nKey-Type: DSA\nKey-Length: 1024\nSubkey-Type: ELG-E\nSubkey-Length: 1024\nName-Real: Joe Tester\nName-Comment: with stupid passphrase\nName-Email: joe@foo.bar\nExpire-Date: 0\nPassphrase: abc\n\u003c/GnupgKeyParms\u003e\n```\n\nThe environment variable `GNUPGHOME` must be set in the shell prior to generating the keys (`export GNUPGHOME=`). This establishes the home directory for the keys and support files. This should normally be a `/user_home_dir/.gnupg`.\n\n#### Encrypt File with GPG\nCurrently you set the path to the keys and other files via the environment variable `GNUPGHOME` prior to executing. Otherwise, the code will look in the default directory for the current user.\n\n`rapid-vaults --gpg -e -p password -o /output/dir unencrypted.txt`\n\n#### Decrypt a File with GPG\nCurrently you set the path to the keys and other files via the environment variable `GNUPGHOME` prior to executing. Otherwise, the code will look in the default directory for the current user.\n\n`rapid-vaults --gpg -d -p password -o /output/dir encrypted.txt`\n\n#### Output a Binding\n\n`rapid-vaults -b puppet -o /output/dir`  \n`rapid-vaults -b chef -o /path/to/outdir`\n\n### API\n\n#### Generate SSL Key and Nonce\n\n```ruby\nrequire 'rapid-vaults'\n\noptions = { action: :generate }\nkey, nonce = RapidVaults::API.main(options)\nFile.write('key.txt', key)\nFile.write('nonce.txt', nonce)\n```\n\n#### Encrypt with SSL\n\n```ruby\nrequire 'rapid-vaults'\n\noptions = {\n  action: :encrypt,\n  file: '/path/to/data.txt',\n  key: '/path/to/key.txt',\n  nonce: '/path/to/nonce.txt',\n  pw: File.read('/path/to/password.txt') # optional\n}\nencrypted_contents, tag = RapidVaults::API.main(options)\n```\n\n#### Decrypt with SSL\n\n```ruby\nrequire 'rapid-vaults'\n\noptions = {\n  action: :decrypt,\n  file: '/path/to/encrypted_data.txt',\n  key: '/path/to/key.txt',\n  nonce: '/path/to/nonce.txt',\n  tag: '/path/to/tag.txt',\n  pw: File.read('/path/to/password.txt') # optional\n}\ndecrypted_contents = RapidVaults::API.main(options)\n```\n\n#### Generate GPG Keys\n```ruby\nrequire 'rapid-vaults'\n\nENV['GNUPGHOME'] = '/home/alice/.gnupg'\n\noptions = {\n  action: :generate,\n  algorithm: :gpgme,\n  gpgparams: File.read('gpgparams.txt')\n}\nRapidVaults::API.main(options)\n```\n\nThe `:gpgparams` string should look like the following:\n\n```\n\u003cGnupgKeyParms format=\"internal\"\u003e\nKey-Type: DSA\nKey-Length: 1024\nSubkey-Type: ELG-E\nSubkey-Length: 1024\nName-Real: Joe Tester\nName-Comment: with stupid passphrase\nName-Email: joe@foo.bar\nExpire-Date: 0\nPassphrase: abc\n\u003c/GnupgKeyParms\u003e\n```\n\n#### Encrypt with GPG\n\n```ruby\nrequire 'rapid-vaults'\n\nENV['GNUPGHOME'] = '/home/bob/.gnupg' # optional\n\noptions = {\n  action: :encrypt,\n  algorithm: :gpgme,\n  file: '/path/to/data.txt',\n  pw: File.read('/path/to/password.txt')\n}\nencrypted_contents = RapidVaults::API.main(options)\n```\n\n#### Decrypt with GPG\n\n```ruby\nrequire 'rapid-vaults'\n\nENV['GNUPGHOME'] = '/home/chris/.gnupg' # optional\n\noptions = {\n  action: :decrypt,\n  algorithm: :gpgme,\n  file: '/path/to/encrypted_data.txt',\n  pw: File.read('/path/to/password.txt')\n}\ndecrypted_contents = RapidVaults::API.main(options)\n```\n\n### Docker\n\nA supported [Docker image](https://hub.docker.com/r/matthewschuchard/rapid-vaults) of Rapid-Vaults is now available from the public Docker Hub registry. Please consult the repository documentation for further usage information.\n\n### gRPC\n\nforthcoming\n\n### Ansible\n\nforthcoming\n\n### Puppet\n\nPuppet bindings are presented as a 2x2 matrix of custom functions for encryption/decryption and SSL/GPG. The custom functions require a non-obsolete version of Puppet. Documentation pertaining to their usage is done via Puppet Strings within the functions. It is highly recommended to wrap the output of the decryption functions within a `Sensitive` data type so that decrypted secrets are not shown in logs.\n\n### Chef\n\nChef can access Rapid Vaults directly through the native Ruby API. Therefore, the Chef bindings are presented as example methods for doing so.\n\n## Contributing\nCode should pass all spec tests. New features should involve new spec tests. Adherence to Rubocop and Reek is expected where not overly onerous or where the check is of dubious cost/benefit.\n\nA [Dockerfile](Dockerfile) is provided for easy rake testing. A [Vagrantfile](Vagrantfile) is provided for easy gem building, installation, and post-installation testing.\n\nPlease consult the GitHub Project for the current development roadmap.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmschuchard%2Frapid-vaults","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmschuchard%2Frapid-vaults","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmschuchard%2Frapid-vaults/lists"}