Kpow Secure -> Shroud

factorhouse · Jan 22, 2025 · 9dafa7d · 9dafa7d
1 parent 9932705
commit 9dafa7d
Show file tree

Hide file tree

Showing 8 changed files with 64 additions and 57 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,19 +10,19 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Prepare java
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
-          java-version: '11'
+          java-version: '17'
 
       - name: Install clojure tools
-        uses: DeLaGuardo/setup-clojure@4.0
+        uses: DeLaGuardo/setup-clojure@13.0
         with:
           lein: 'latest'
           github-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Run tests
-        run: lein smoke
+        run: lein smoke
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,13 @@
 # Change Log
 All notable changes to this project will be documented in this file. This change log follows the conventions of [keepachangelog.com](http://keepachangelog.com/).
 
+## [1.0.4] - 2025-23-01
+
+* **Breaking**: Move Clojars deployment from `io.factorhouse/kpow-secure` to `io.factorhouse/shroud`
+* **Breaking**: Move core namespace from `kpow.secure` to `io.factorhouse.shroud.secure`
+* **Breaking**: Rename environment variables `KPOW_SECURE_KEY` and `KPOW_KEY_LOCATION` to `SHROUD_KEY` and `SHROUD_KEY_LOCATION`.
+* Bump project dependencies
+
 ## [1.0.3] - 2022-12-06
 
 - rm Decoder class entirely

diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
-# Kpow Secure: Key Generation and Payload Encryption
+# Shroud: Key Generation and Payload Encryption
 
-[![Kpow secure test](https://github.com/factorhouse/kpow-secure/actions/workflows/ci.yml/badge.svg)](https://github.com/factorhouse/kpow-secure/actions/workflows/ci.yml)
-[![Clojars Project](https://img.shields.io/clojars/v/io.factorhouse/kpow-secure.svg)](https://clojars.org/io.factorhouse/kpow-secure)
+[![Kpow secure test](https://github.com/factorhouse/shroud/actions/workflows/ci.yml/badge.svg)](https://github.com/factorhouse/shroud/actions/workflows/ci.yml)
+[![Clojars Project](https://img.shields.io/clojars/v/io.factorhouse/shroud.svg)](https://clojars.org/io.factorhouse/shroud)
 
 
 A library for encrypted Kafka configuration with Java AES encryption and PBKDF2 master key generation.
@@ -10,12 +10,12 @@ Encrypted configuration is **not a replacement for secret managers**, but may he
 
 Can be used standalone or integrated with your application. This library provides:
 
-* [Clojure implementation](https://github.com/factorhouse/kpow-secure/blob/main/README.md#clojure-implementation)
-* [Command line interface](https://github.com/factorhouse/kpow-secure/blob/main/README.md#command-line-interface)
+* [Clojure implementation](https://github.com/factorhouse/shroud/blob/main/README.md#clojure-implementation)
+* [Command line interface](https://github.com/factorhouse/shroud/blob/main/README.md#command-line-interface)
 
 This library is used as an option to secure configuration for [Kpow for Apache Kafka](https://kpow.io) since [v88.2](https://kpow.io/releases/88-2/).
 
-See the [Kpow Secure Configuration Guide](https://github.com/factorhouse/kpow/tree/main/secure-config) for specifics on secure configuration for Kpow.
+See the [Shroud Configuration Guide](https://github.com/factorhouse/kpow/tree/main/secure-config) for specifics on secure configuration for Kpow.
 
 ## Capabilities
 
@@ -26,7 +26,7 @@ See the [Kpow Secure Configuration Guide](https://github.com/factorhouse/kpow/tr
  * Payload interpretation (decrypt config into `java.util.Properties` or `clojure.lang.PersistentArrayMap`)
  * CLI interface for key generation and encryption / decryption
  * Java API for easy decryption of payload into `java.util.String` or `java.util.Properties`
- * Key lookup via KPOW_SECURE_KEY or KPOW_SECURE_KEY_LOCATION environment variables
+ * Key lookup via SHROUD_KEY or SHROUD_KEY_LOCATION environment variables
 
 ## License
 
@@ -183,11 +183,11 @@ The passphrase is read from a local file to ensure it is not observable in your
 #### Show the help menu
 
 ```bash
-java -cp target/kpow-secure-1.0.0-standalone.jar kpow.secure.key --help
+java -cp target/shroud-1.0.0-standalone.jar io.factorhouse.shroud.key --help
 ```
 
 ```bash
-21:27:09.090 [main] INFO kpow.secure.key -
+21:27:09.090 [main] INFO io.factorhouse.shroud.key -
 
   -p, --pass-file PASSPHRASE-FILE  (required) File containing key passphrase
   -s, --salt SALT                  (optional) Salt to use with key generation, random if none provided
@@ -198,13 +198,13 @@ java -cp target/kpow-secure-1.0.0-standalone.jar kpow.secure.key --help
 #### Generate a key with random salt
 
 ```bash
-java -cp target/kpow-secure-1.0.0-standalone.jar kpow.secure.key --pass-file dev-resources/secure/passphrase.txt --out-file dev-resources/secure/passphrase.key
+java -cp target/shroud-1.0.0-standalone.jar io.factorhouse.shroud.key --pass-file dev-resources/secure/passphrase.txt --out-file dev-resources/secure/passphrase.key
 ```
 
 ```bash
-19:46:50.912 [main] INFO kpow.secure.key -
+19:46:50.912 [main] INFO io.factorhouse.shroud.key -
 
-Kpow Secure Key:
+Shroud Key:
 ----------------
 
 nP+O/6xOu9+9+JZFYgfhS+R6x4OjVgToP9DlM1bx35g=
@@ -217,13 +217,13 @@ Random salt used, this key cannot be regenerated.
 #### Generate a key with chosen salt
 
 ```bash
-java -cp target/kpow-secure-1.0.0-standalone.jar kpow.secure.key --pass-file dev-resources/secure/passphrase.txt --salt abcdef --out-file dev-resources/secure/mykey.aes
+java -cp target/shroud-1.0.0-standalone.jar io.factorhouse.shroud.key --pass-file dev-resources/secure/passphrase.txt --salt abcdef --out-file dev-resources/secure/mykey.aes
 ```
 
 ```bash
-19:48:01.933 [main] INFO kpow.secure.key -
+19:48:01.933 [main] INFO io.factorhouse.shroud.key -
 
-Kpow Secure Key:
+Shroud Key:
 ----------------
 
 88wRMz4DuaRWOmyKPb8IgmY4kZAyQvPiRVxUy79OgL8=
@@ -238,11 +238,11 @@ This key can be regenerated with the same passphrase and salt.
 #### Show the help menu
 
 ```bash
-java -cp target/kpow-secure-1.0.0-standalone.jar kpow.secure --help
+java -cp target/shroud-1.0.0-standalone.jar io.factorhouse.shroud --help
 ```
 
 ```bash
-23:01:46.551 [main] INFO kpow.secure -
+23:01:46.551 [main] INFO io.factorhouse.shroud -
 
       --key TEXT           Base64 encoded key
       --key-file FILE      File containing base64 encoded key
@@ -257,11 +257,11 @@ java -cp target/kpow-secure-1.0.0-standalone.jar kpow.secure --help
 #### Encrypt text directly on the command line 
 
 ```bash
-java -cp target/kpow-secure-1.0.0-standalone.jar kpow.secure --encrypt supersecrettext --key 88wRMz4DuaRWOmyKPb8IgmY4kZAyQvPiRVxUy79OgL8=
+java -cp target/shroud-1.0.0-standalone.jar io.factorhouse.shroud --encrypt supersecrettext --key 88wRMz4DuaRWOmyKPb8IgmY4kZAyQvPiRVxUy79OgL8=
 ```
 
 ```bash
-22:19:30.511 [main] INFO kpow.secure -
+22:19:30.511 [main] INFO io.factorhouse.shroud -
 
 Kpow Encrypted:
 ---------------
@@ -272,11 +272,11 @@ ARB41R5ZsMNkjNnr3YD+RK2wT6ywAgR0KpcCpLYH/g3rxQ==
 #### Decrypt text directly on the command line 
 
 ```bash
-java -cp target/kpow-secure-1.0.0-standalone.jar kpow.secure --decrypt ARDO7O0legO6PFvIGq/ILD/gekC43knuHqCxhvJoyOeCBw== --key-file dev-resources/secure/passphrase.key
+java -cp target/shroud-1.0.0-standalone.jar io.factorhouse.shroud --decrypt ARDO7O0legO6PFvIGq/ILD/gekC43knuHqCxhvJoyOeCBw== --key-file dev-resources/secure/passphrase.key
 ```
 
 ```bash
-22:21:16.491 [main] INFO kpow.secure -
+22:21:16.491 [main] INFO io.factorhouse.shroud -
 
 Kpow Decrypted:
 ---------------
@@ -287,11 +287,11 @@ supersecrettext
 #### Encrypt a plaintext file
 
 ```bash
-java -cp target/kpow-secure-1.0.0-standalone.jar kpow.secure --encrypt-file dev-resources/secure/config.env --key-file dev-resources/secure/passphrase.key --out-file dev-resources/secure/config.aes
+java -cp target/shroud-1.0.0-standalone.jar io.factorhouse.shroud --encrypt-file dev-resources/secure/config.env --key-file dev-resources/secure/passphrase.key --out-file dev-resources/secure/config.aes
 ```
 
 ```bash
-22:33:28.807 [main] INFO kpow.secure -
+22:33:28.807 [main] INFO io.factorhouse.shroud -
 
 Kpow Encrypted:
 ---------------
@@ -314,11 +314,11 @@ ARD9I/BlocgOwYfsW/oXrJtY/u2AnMWm/ewWIm7iDJrSkkGnQbM38ZbCM1hWfYZLHpIo99LATlgtnR4r
 #### Decrypt the payload
 
 ```bash
-java -cp target/kpow-secure-1.0.0-standalone.jar kpow.secure --decrypt-file dev-resources/secure/config.aes --key-file dev-resources/secure/passphrase.key
+java -cp target/shroud-1.0.0-standalone.jar io.factorhouse.shroud --decrypt-file dev-resources/secure/config.aes --key-file dev-resources/secure/passphrase.key
 ```
 
 ```bash
-22:40:11.998 [main] INFO kpow.secure -
+22:40:11.998 [main] INFO io.factorhouse.shroud -
 
 Kpow Decrypted:
 ---------------

diff --git a/project.clj b/project.clj
@@ -1,20 +1,20 @@
-(defproject io.factorhouse/kpow-secure "1.0.3"
+(defproject io.factorhouse/shroud "1.0.4"
 
   :description "Secure Key Generation and Payload Encryption"
 
-  :url "https://github.com/factorhouse/kpow-secure"
+  :url "https://github.com/factorhouse/shroud"
 
   :license {:name "MIT License"
-            :url  "https://github.com/factorhouse/kpow-secure/blob/main/LICENSE"}
+            :url  "https://github.com/factorhouse/shroud/blob/main/LICENSE"}
 
 
-  :dependencies [[org.clojure/clojure "1.11.1"]
-                 [org.clojure/tools.cli "1.0.214"]
-                 [org.clojure/tools.logging "1.2.4"]
-                 [ch.qos.logback/logback-classic "1.2.11"]]
+  :dependencies [[org.clojure/clojure "1.12.0"]
+                 [org.clojure/tools.cli "1.1.230"]
+                 [org.clojure/tools.logging "1.3.0"]
+                 [ch.qos.logback/logback-classic "1.5.16"]]
 
-  :profiles {:dev     {:plugins        [[lein-cljfmt "0.8.0"]]
-                       :dependencies   [[clj-kondo "2022.11.02"]]
+  :profiles {:dev     {:plugins        [[dev.weavejester/lein-cljfmt "0.13.0"]]
+                       :dependencies   [[clj-kondo "2025.01.16"]]
                        :resource-paths ["dev-resources"]}
              :uberjar {:aot :all}}
 

diff --git a/src/kpow/secure.clj → src/io/factorhouse/shroud/secure.clj b/src/kpow/secure.clj → src/io/factorhouse/shroud/secure.clj
@@ -1,8 +1,8 @@
-(ns kpow.secure
+(ns io.factorhouse.shroud.secure
   (:require [clojure.string :as str]
             [clojure.tools.cli :as cli]
             [clojure.tools.logging :as log]
-            [kpow.secure.key :as key])
+            [io.factorhouse.shroud.secure.key :as key])
   (:import (java.io StringReader)
            (java.nio ByteBuffer)
            (java.nio.charset StandardCharsets)
@@ -12,8 +12,8 @@
            (javax.crypto.spec IvParameterSpec))
   (:gen-class))
 
-(def kpow-secure-key "KPOW_SECURE_KEY")
-(def kpow-secure-key-location "KPOW_SECURE_KEY_LOCATION")
+(def shroud-key "SHROUD_KEY")
+(def shroud-key-location "SHROUD_KEY_LOCATION")
 
 (def prefix "AES:")
 
@@ -86,16 +86,16 @@
 (def load-key
   (memoize
    (fn []
-     (when-let [key-location (System/getenv kpow-secure-key-location)]
+     (when-let [key-location (System/getenv shroud-key-location)]
        (try
          (slurp key-location)
          (catch Exception ex
            (log/errorf ex "Key file not found at path %s" key-location)))))))
 
 (defn lookup-key
-  "Retrieve an encoded encryption key from the kpow-secure-key environment variable or location"
+  "Retrieve an encoded encryption key from the shroud-key environment variable or location"
   []
-  (or (System/getenv kpow-secure-key)
+  (or (System/getenv shroud-key)
       (load-key)))
 
 (defn encrypted
@@ -179,4 +179,4 @@
           (str/blank? target-text) (log/info "\n\nRequired --encrypt, --decrypt, --encrypt-file, or --decrypt-file")
           :else (process (or encrypt encrypt-file) key-text target-text out-file)))
       (catch Exception ex
-        (log/error ex)))))
+        (log/error ex)))))
diff --git a/src/kpow/secure/key.clj → src/io/factorhouse/shroud/secure/key.clj b/src/kpow/secure/key.clj → src/io/factorhouse/shroud/secure/key.clj
@@ -1,4 +1,4 @@
-(ns kpow.secure.key
+(ns io.factorhouse.shroud.secure.key
   (:require [clojure.string :as str]
             [clojure.tools.cli :as cli]
             [clojure.tools.logging :as log])
@@ -49,7 +49,7 @@
   [pass-file salt out-file]
   (let [secure-key (export-key (secret-key (slurp pass-file) salt))]
     (spit out-file secure-key)
-    (log/info (format "\n\nKpow Secure Key:\n----------------\n\n%s\n\nKey file written to: %s\n\n%s"
+    (log/info (format "\n\nShroud Key:\n----------------\n\n%s\n\nKey file written to: %s\n\n%s"
                       secure-key
                       out-file
                       (if salt
@@ -72,4 +72,4 @@
         (not pass-file) (log/info "\n\nRequired: --passfile PASSPHRASE-FILE  File containing key passphrase")
         :else (generate-key pass-file salt (or out-file (str pass-file ".key"))))
       (catch Exception ex
-        (log/errorf ex "\nFailed to generate key")))))
+        (log/errorf ex "\nFailed to generate key")))))
diff --git a/test/kpow/secure/key_test.clj → ...io/factorhouse/shroud/secure/key_test.clj b/test/kpow/secure/key_test.clj → ...io/factorhouse/shroud/secure/key_test.clj
@@ -1,6 +1,6 @@
-(ns kpow.secure.key-test
+(ns io.factorhouse.shroud.secure.key-test
   (:require [clojure.test :refer [deftest is]]
-            [kpow.secure.key :as key]))
+            [io.factorhouse.shroud.secure.key :as key]))
 
 (deftest key-gen-and-export-import
 
@@ -19,4 +19,4 @@
 
   ;; an imported key is equivalent to one generated from inputs
   (is (= (key/import-key "//iQh9KYe7pM+mevjifZPrm7YE2+rRloG1E15zzjR88=")
-         (key/secret-key "aquickredfox" "some-salt"))))
+         (key/secret-key "aquickredfox" "some-salt"))))
diff --git a/test/kpow/secure_test.clj → test/io/factorhouse/shroud/secure_test.clj b/test/kpow/secure_test.clj → test/io/factorhouse/shroud/secure_test.clj
@@ -1,7 +1,7 @@
-(ns kpow.secure-test
+(ns io.factorhouse.shroud.secure-test
   (:require [clojure.test :refer [deftest is]]
-            [kpow.secure :as secure]
-            [kpow.secure.key :as key]))
+            [io.factorhouse.shroud.secure :as secure]
+            [io.factorhouse.shroud.secure.key :as key]))
 
 (def sample-input (str "SSL_KEYSTORE_PASSWORD=keypass1234\n"
                        "SSL_TRUSTSTORE_PASSWORD=trustpass1234"))
@@ -117,4 +117,4 @@
     ;; Mixed characters pass generated by KeepassXC
     (is (= "w;7MQ{&{o[F(H&^Fv[aN^y{7J@z+K7#"
            (->> (secure/encrypted "//iQh9KYe7pM+mevjifZPrm7YE2+rRloG1E15zzjR88=" "w;7MQ{&{o[F(H&^Fv[aN^y{7J@z+K7#")
-                (secure/decrypted "//iQh9KYe7pM+mevjifZPrm7YE2+rRloG1E15zzjR88="))))))
+                (secure/decrypted "//iQh9KYe7pM+mevjifZPrm7YE2+rRloG1E15zzjR88="))))))