Results for secure-env

A simple and secure way to manage environment variables with AES encryption

Rust library for building Geneos Toolkit compatible applications

secure-env is a wrapper library around the Android KeyStore and the iOS Security Framework for key creation and sign operations using the Secure Element

Secure envelope wrapper over nenjo-eventbus

Securely store and set ENV variables via AWS SSM.

all rights reserved; for internal use only

dotenvcrypt ensures your .env files - and, by extension, any secrets within them - are encrypted, enabling storage of these files directly within Git.

Store your local env vars securely

Provide secrets either via ENV or fall back to secure backends like vault

Compares env 'REMOTE_ADDR' and 'PATH_INFO' against user-defined values to block (403), restrict (401 basic auth), or allow access to the rack app. Intended for use in simple access control. Should not be considered a security solution.

# holepunch [](http://badge.fury.io/rb/holepunch) [](https://travis-ci.org/undeadlabs/holepunch) Holepunch manages AWS EC2 security groups in a declarative way through a DSL. ## Requirements - Ruby 1.9.3 or newer. ## Installation ```bash gem install holepunch ``` or in your Gemfile ```ruby gem 'holepunch' ``` ## Basic Configuration You need to provide your AWS security credentials and a region. These can be provided via the command-line options, or you can use the standard AWS environment variables: ```bash export AWS_ACCESS_KEY_ID='...' export AWS_SECRET_ACCESS_KEY='...' export AWS_REGION='us-west-2' ``` ## The SecurityGroups file Specify your security groups in a `SecurityGroups` file in your project's root. Declare security groups that you need and the ingresses you want to expose. You can add ingresses using `tcp`, `udp`, and `ping`. For each ingress you can list allowed hosts using group names or CIDR notation. ```ruby group 'web' do desc 'Web servers' tcp 80 end group 'db' do desc 'database servers' tcp 5432, 'web' end group 'log' do desc 'log server' tcp 9999, 'web', 'db', '10.1.0.0/16' end ``` An environment can be specified which is available through the `env` variable. This allows you to have custom security groups per server environment. ```ruby group "#{env}-web" group "#{env}-db" do tcp 5432, "#{env}-web" end ``` Your application may depend on security groups defined by other services. Ensure they exist using the `depends` method. ```ruby depends 'my-other-service' group 'my-service' do udp 9999, 'my-other-service' end ``` You may specify port ranges for `tcp` and `udp` using the range operator. ```ruby group 'my-service' do udp 5000..9999, '0.0.0.0/0' end ``` You can specify ping/icmp rules with `icmp` (alias: `ping`). ```ruby group 'my-service' do ping '10.0.0.0/16' end ``` It can be useful to describe groups of security groups you plan to launch instances with by using the `service` declaration. ```ruby service "#{env}-web" do groups %W( admin #{env}-log-producer #{env}-web ) end ``` ## Usage Simply navigate to the directory containing your `SecurityGroups` file and run `holepunch`. ``` $ holepunch ``` If you need to specify an environment: ``` $ holepunch -e live ``` You can get a list of security groups for a service using the `service` subcommand. ``` $ holepunch service -e prod prod-web admin,prod-log-producer,prod-web ``` You can also get a list of all defined services. ``` $ holepunch service --list ``` ## Testing You can run the unit tests by simply running rspec. ``` $ rspec ``` By default the integration tests with EC2 are not run. You may run them with: ``` $ rspec -t integration ``` ## Authors - Ben Scott (gamepoet@gmail.com) - Pat Wyatt (pat@codeofhonor.com) ## License Copyright 2014 Undead Labs, LLC. Licensed under the MIT License: http://opensource.org/licenses/MIT

Heimdal AI Analyze installs a git pre-commit hook that runs an AI-assisted code review of your staged diff when you commit with analysis enabled (e.g. `git analyze -m "message"`). Reviews security, duplication, complexity, style, and tests; critical issues can block the commit. Requires CURSOR_API_KEY in the environment or a repo-local `.env`.

Sym is a ruby library (gem) that offers both the command line interface (CLI) and a set of rich Ruby APIs, which make it rather trivial to add encryption and decryption of sensitive data to your development or deployment workflow. For additional security the private key itself can be encrypted with a user-generated password. For decryption using the key the password can be input into STDIN, or be defined by an ENV variable, or an OS-X Keychain Entry. Unlike many other existing encryption tools, Sym focuses on getting out of your way by offering a streamlined interface with password caching (if MemCached is installed and running locally) in hopes to make encryption of application secrets nearly completely transparent to the developers. Sym uses symmetric 256-bit key encryption with the AES-256-CBC cipher, same cipher as used by the US Government. For password-protecting the key Sym uses AES-128-CBC cipher. The resulting data is zlib-compressed and base64-encoded. The keys are also base64 encoded for easy copying/pasting/etc. Sym accomplishes encryption transparency by combining several convenient features: 1. Sym can read the private key from multiple source types, such as pathname, an environment variable name, a keychain entry, or CLI argument. You simply pass either of these to the -k flag — one flag that works for all source types. 2. By utilizing OS-X Keychain on a Mac, Sym offers truly secure way of storing the key on a local machine, much more secure then storing it on a file system, 3. By using a local password cache (activated with -c) via an in-memory provider such as memcached, sym invocations take advantage of password cache, and only ask for a password once per a configurable time period, 4. By using SYM_ARGS environment variable, where common flags can be saved. This is activated with sym -A, 5. By reading the key from the default key source file ~/.sym.key which requires no flags at all, 6. By utilizing the --negate option to quickly encrypt a regular file, or decrypt an encrypted file with extension .enc 7. By implementing the -t (edit) mode, that opens an encrypted file in your $EDITOR, and replaces the encrypted version upon save & exit, optionally creating a backup. 8. By offering the Sym::MagicFile ruby API to easily read encrypted files into memory. Please refer the module documentation available here: https://www.rubydoc.info/gems/sym

# Quick Start The Owner API uses the JSON format, and must be accessed over a [secure connection](https://en.wikipedia.org/wiki/HTTPS). Let’s assume that the access token provided by your account manager is “TOKEN”. Here’s how to get the list of ids of all your invoices from the first week of August with a shell script: ```bash query="end_date=2018-08-08T00%3A00%3A00%2B00%3A00&start_date=2018-08-01T00%3A00%3A00%2B00%3A00" curl -i "https://api-eu.getaround.com/owner/v1/invoices?${query}" \ -H "Authorization: Bearer TOKEN" \ -H "Accept:application/json" \ -H "Content-Type:application/json" ``` And here’s how to get the invoice with the id 12345: ```bash curl -i "https://api-eu.getaround.com/owner/v1/invoices/12345" \ -H "Authorization: Bearer TOKEN" \ -H "Accept: application/json" \ -H "Content-Type: application/json"" ``` See the [endpoints section](#tag/Invoices) of this guide for details about the response format. Dates in request params should follow the ISO 8601 standard. # Authentication All requests must be authenticated with a [bearer token header](https://tools.ietf.org/html/rfc6750#section-2.1). You token will be sent to you by your account manager. Unauthenticated requests will return a 401 status. # Pagination The page number and the number of items per page can be set with the “page” and “per_page” params. For example, this request will return the second page of invoices, and 50 invoices per page: `https://api-eu.getaround.com/owner/v1/invoices?page=2&per_page=50` Both of these params are optional. The default page size is 30 items. The Getaround Owner API follows the [RFC 8288 convention](https://datatracker.ietf.org/doc/html/rfc8288) of using the `Link` header to provide the `next` page URL. Please don't build the pagination URLs yourself. The `next` page will be missing when you are requesting the last available page. Here's an example response header from requesting the second page of invoices `https://api-eu.getaround.com/owner/v1/invoices?page=2&per_page=50` ``` Link: <https://api-eu.getaround.com/owner/v1/invoices?page=3&per_page=50>; rel="next" ``` # Throttling policy and Date range limitation We have throttling policy that prevents you to perform more than 100 requests per min from the same IP. Also, there is a limitation on the size of the range of dates given in params in some requests. All requests that need start_date and end_date, do not accept a range bigger than 30 days. # Webhooks Getaround can send webhook events that notify your application when certain events happen on your account. This is especially useful to follow the lifecycle of rentals, tracking for example bookings or cancellations. ### Setup To set up an endpoint, you need to define a route on your server for receiving events, and then <a href="mailto:owner-api@getaround.com">ask Getaround</a> to add this URL to your account. To acknowledge receipt of a event, your endpoint must: - Return a `2xx` HTTP status code. - Be a secure `https` endpoint with a valid SSL certificate. ### Testing Once Getaround has set up the endpoint, and it is properly configured as described above, a test `ping` event can be sent by clicking the button below: <form action="/docs/api/owner/fire_ping_webhook" method="post"><input type="submit" value="Send Ping Event"></form> You should receive the following JSON payload: ```json { "data": { "ping": "pong" }, "type": "ping", "occurred_at": "2019-04-18T08:30:05Z" } ``` ### Retries Webhook deliveries will be attempted for up to three days with an exponential back off. After that point the delivery will be abandoned. ### Verifying Signatures Getaround will also provide you with a secret token, which is used to create a hash signature with each payload. This hash signature is passed along with each request in the headers as `X-Drivy-Signature`. Suppose you have a basic server listening to webhooks that looks like this: ```ruby require 'sinatra' require 'json' post '/payload' do push = JSON.parse(params[:payload]) "I got some JSON: #{push.inspect}" end ``` The goal is to compute a hash using your secret token, and ensure that the hash from Getaround matches. Getaround uses an HMAC hexdigest to compute the hash, so you could change your server to look a little like this: ```ruby post '/payload' do request.body.rewind payload_body = request.body.read verify_signature(payload_body) push = JSON.parse(params[:payload]) "I got some JSON: #{push.inspect}" end def verify_signature(payload_body) signature = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), ENV['SECRET_TOKEN'], payload_body) return halt 500, "Signatures didn't match!" unless Rack::Utils.secure_compare(signature, request.env['HTTP_X_DRIVY_SIGNATURE']) end ``` Obviously, your language and server implementations may differ from this code. There are a couple of important things to point out, however: No matter which implementation you use, the hash signature starts with `sha1=`, using the key of your secret token and your payload body. Using a plain `==` operator is not advised. A method like secure_compare performs a "constant time" string comparison, which renders it safe from certain timing attacks against regular equality operators. ### Best Practices - **Acknowledge events immediately**. If your webhook script performs complex logic, or makes network calls, it’s possible that the script would time out before Getaround sees its complete execution. Ideally, your webhook handler code (acknowledging receipt of an event by returning a `2xx` status code) is separate of any other logic you do for that event. - **Handle duplicate events**. Webhook endpoints might occasionally receive the same event more than once. We advise you to guard against duplicated event receipts by making your event processing idempotent. One way of doing this is logging the events you’ve processed, and then not processing already-logged events. - **Do not expect events in order**. Getaround does not guarantee delivery of events in the order in which they are generated. Your endpoint should therefore handle this accordingly. We do provide an `occurred_at` timestamp for each event, though, to help reconcile ordering.

No description provided.

No description provided.

No description provided.

No description provided.

No description provided.

No description provided.

No description provided.

No description provided.

No description provided.

No description provided.

No description provided.

No description provided.