Skip to content

Commit 7ace97a

Browse files
evanphxevanphx
authored
Merge pull request #154 from maschwenk/patch-1
Allow PEM contents as Base64 encoded string
2 parents 03bb723 + d8456cf commit 7ace97a

3 files changed

Lines changed: 24 additions & 2 deletions

File tree

README.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,10 @@ Vault.configure do |config|
5353
# Custom SSL PEM, also read as ENV["VAULT_SSL_CERT"]
5454
config.ssl_pem_file = "/path/on/disk.pem"
5555

56+
# As an alternative to a pem file, you can provide the raw PEM string, also read in the following order of preference:
57+
# ENV["VAULT_SSL_PEM_CONTENTS_BASE64"] then ENV["VAULT_SSL_PEM_CONTENTS"]
58+
config.ssl_pem_contents = "-----BEGIN ENCRYPTED..."
59+
5660
# Use SSL verification, also read as ENV["VAULT_SSL_VERIFY"]
5761
config.ssl_verify = false
5862

lib/vault/defaults.rb

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
require "pathname"
2+
require "base64"
23

34
module Vault
45
module Defaults
@@ -126,7 +127,11 @@ def ssl_ciphers
126127
# the value for {#ssl_pem_file}, if set.
127128
# @return [String, nil]
128129
def ssl_pem_contents
129-
ENV["VAULT_SSL_PEM_CONTENTS"]
130+
if ENV["VAULT_SSL_PEM_CONTENTS_BASE64"]
131+
Base64.decode64(ENV["VAULT_SSL_PEM_CONTENTS_BASE64"])
132+
else
133+
ENV["VAULT_SSL_PEM_CONTENTS"]
134+
end
130135
end
131136

132137
# The path to a pem on disk to use with custom SSL verification

spec/unit/defaults_spec.rb

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -128,11 +128,24 @@ module Vault
128128
end
129129

130130
describe ".ssl_pem_contents" do
131-
it "defaults to ENV['VAULT_SSL_PEM_CONTENTS']" do
131+
it "defaults to ENV['VAULT_SSL_PEM_CONTENTS_BASE64']" do
132+
with_stubbed_env("VAULT_SSL_PEM_CONTENTS_BASE64" => "YWJjZC0xMjM0\n") do
133+
expect(Defaults.ssl_pem_contents).to eq("abcd-1234")
134+
end
135+
end
136+
137+
it "falls back to ENV['VAULT_SSL_PEM_CONTENTS']" do
132138
with_stubbed_env("VAULT_SSL_PEM_CONTENTS" => "abcd-1234") do
133139
expect(Defaults.ssl_pem_contents).to eq("abcd-1234")
134140
end
135141
end
142+
143+
it "returns nil if neither ENV['VAULT_SSL_PEM_CONTENTS'] \
144+
nor ENV['VAULT_SSL_PEM_CONTENTS_BASE64'] are present" do
145+
with_stubbed_env("VAULT_SSL_PEM_CONTENTS" => nil, "VAULT_SSL_PEM_CONTENTS_BASE64" => nil) do
146+
expect(Defaults.ssl_pem_contents).to eq(nil)
147+
end
148+
end
136149
end
137150

138151
describe ".ssl_pem_file" do

0 commit comments

Comments
 (0)