This is a module that uses pycrypto and their Blowfish implementation to encrypt and decrypt values in the gocd-cli configuration file.
The module was created to fulfil a requirement that the password to access the Go server had to be encrypted while not in use, and with an approved cipher. It was fine to store the decryption password on the same machine. If your security needs are more stringent, then this module at its current state will not be enough for you. :)
You'll likely be happier using SELinux and defining which processes are allowed to access the unencrypted password from the file on disk instead of using this.
Install the module from PyPi:
$ pip install gocd-cli.encryption.blowfish
To prepare gocd-cli you need to add the encryption module to the config file, so it understands which module to use to handle decryption/encryption.
Example ~/.gocd/gocd-cli.cfg
:
[gocd]
encryption_module = gocd_cli.encryption.blowfish
To then encrypt the current plaintext password do:
$ gocd settings encrypt --key password
encryption_module = gocd_cli.encryption.blowfish
password_encrypted = b3o9xrRHgY1fggQ2XXT6pX1VxTyJVSk8
To decrypt:
$ gocd settings decrypt --key password
encryption_module = gocd_cli.encryption.blowfish
password = super secret
Note
If you encrypt the same string multiple times you will get different ciphertext each time. This is because the encryption module uses a random IV each time it encrypts.
If you haven't configured an encryption module the built-in caesar cipher module from gocd-cli will be used.