RubyGems - calvery - Versions diffs - 0.1.0 - Mend

calvery 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 60248493396e75a137456f80208ff08591e633fa186c9a5181ae1c6e637ba708
+  data.tar.gz: da185eba5dafb7927e0c8c0f1a3e9f2334e07befbbf6652dc64af479c144e78c
+SHA512:
+  metadata.gz: 8c5a294c0996b79fbc4f30201cdc5d7fd2bb547aeac7c42caeafff1dbc977c127bcef89f62c0e4c405f43b558e30a4cf48a85c37938b1bca87a979ba36dfb039
+  data.tar.gz: 7b31062ec3b9d5657b548585b1ac8c0737eaeaaceee22b8c99859ab3f740f8f752e8e51812f7012b903be04edcb86e80b4fded15844385362319b3d545e66cf2

data/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 Renzy Armstrong / Calvery
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,82 @@
+# Calvery SDK — Ruby
+Official Ruby SDK for [Calvery Vault](https://calvery.xyz) secret manager. Ruby 3.0+. Zero runtime deps — stdlib only.
+## Install
+```bash
+gem install calvery
+```
+Or in `Gemfile`:
+```ruby
+gem "calvery", "~> 0.1"
+```
+## Quickstart
+```ruby
+require "calvery"
+client = Calvery::Client.new(ENV["CVSM_TOKEN"], "acme-corp")
+# Single secret
+db_url = client.get("DATABASE_URL")
+# All secrets
+all = client.get_all
+puts all.keys
+# Inject into ENV (skip ones already set)
+injected = client.inject!(overwrite: false)
+puts "Injected #{injected.size} vars"
+```
+## Config
+```ruby
+client = Calvery::Client.new(
+  ENV["CVSM_TOKEN"],
+  "acme-corp",
+  base_url: "https://vault.your-company.internal",
+  environment: "staging",
+  cache_ttl: 60,
+  max_retries: 5,
+  timeout: 30,
+)
+```
+## Error handling
+```ruby
+begin
+  val = client.get("DATABASE_URL")
+rescue Calvery::NotFound => e
+  warn "secret missing: #{e.message}"
+rescue Calvery::AuthError => e
+  warn "token invalid: #{e.message}"
+rescue Calvery::NetworkError => e
+  warn "network: #{e.message}"
+rescue Calvery::ServerError => e
+  warn "HTTP #{e.status}: #{e.message}"
+end
+```
+## Rails
+`config/initializers/calvery.rb`:
+```ruby
+Rails.application.config.calvery = Calvery::Client.new(
+  ENV.fetch("CVSM_TOKEN"),
+  ENV.fetch("CVSM_TEAM"),
+  environment: Rails.env,
+)
+# Load ke ENV saat boot
+Rails.application.config.calvery.inject!(overwrite: false)
+```
+## License
+MIT — support support@calvery.xyz, issues [github.com/RenzyArmstrong/Calvery-Vault](https://github.com/RenzyArmstrong/Calvery-Vault/issues)

data/lib/calvery.rb ADDED Viewed

@@ -0,0 +1,196 @@
+# frozen_string_literal: true
+require "net/http"
+require "uri"
+require "json"
+# Calvery Vault Ruby SDK.
+#
+#   client = Calvery::Client.new(ENV["CVSM_TOKEN"], "acme-corp")
+#   client.get("DATABASE_URL")
+#   client.get_all
+#   client.inject!(overwrite: false)  # populate ENV
+module Calvery
+  VERSION = "0.1.0"
+  DEFAULT_BASE_URL    = "https://api.calvery.xyz"
+  DEFAULT_ENVIRONMENT = "production"
+  DEFAULT_CACHE_TTL   = 30 # seconds
+  DEFAULT_MAX_RETRIES = 3
+  DEFAULT_TIMEOUT     = 10 # seconds
+  UUID_RE = /\A[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\z/i
+  class Error         < StandardError; end
+  class ConfigError   < Error; end
+  class AuthError     < Error; end
+  class NotFound      < Error; end
+  class NetworkError  < Error; end
+  class DecodeError   < Error; end
+  class ServerError   < Error
+    attr_reader :status
+    def initialize(msg, status)
+      super(msg)
+      @status = status
+    end
+  end
+  class Client
+    # @param token [String] Personal access token (cvsm_...)
+    # @param team  [String] Team slug or UUID
+    # @param options [Hash] :base_url, :environment, :cache_ttl, :max_retries, :timeout
+    def initialize(token, team, **options)
+      raise ConfigError, "token wajib" if token.nil? || token.empty?
+      raise ConfigError, "team wajib (slug atau UUID)" if team.nil? || team.empty?
+      @token       = token
+      @team_input  = team
+      @base_url    = (options[:base_url]    || DEFAULT_BASE_URL).sub(%r{/+\z}, "")
+      @default_env = options[:environment]  || DEFAULT_ENVIRONMENT
+      @cache_ttl   = options[:cache_ttl]    || DEFAULT_CACHE_TTL
+      @max_retries = options[:max_retries]  || DEFAULT_MAX_RETRIES
+      @timeout     = options[:timeout]      || DEFAULT_TIMEOUT
+      @resolved_team_id = nil
+      @cache = {}
+      @mutex = Mutex.new
+    end
+    # Ambil satu secret by name (default env).
+    def get(name, environment: nil)
+      env = environment || @default_env
+      all = get_all(environment: env)
+      raise NotFound, %(secret "#{name}" tidak ditemukan di environment "#{env}") unless all.key?(name)
+      all[name]
+    end
+    # Ambil semua secret untuk environment tertentu sebagai Hash.
+    def get_all(environment: nil)
+      env = environment || @default_env
+      @mutex.synchronize do
+        entry = @cache[env]
+        return entry[:data].dup if entry && entry[:expires_at] > Time.now.to_i
+      end
+      team_id = resolve_team_id
+      query   = URI.encode_www_form(format: "json", environment: env)
+      url     = "#{@base_url}/api/v1/teams/#{team_id}/secrets/export?#{query}"
+      body    = do_with_retry(:get, url)
+      data    = parse_json(body)
+      raise DecodeError, "response bukan object JSON" unless data.is_a?(Hash)
+      if @cache_ttl.positive?
+        @mutex.synchronize do
+          @cache[env] = { data: data.dup, expires_at: Time.now.to_i + @cache_ttl }
+        end
+      end
+      data
+    end
+    # Populate ENV dari semua secret. Return array nama yang di-inject.
+    def inject!(overwrite: false, environment: nil)
+      secrets  = get_all(environment: environment)
+      injected = []
+      secrets.each do |k, v|
+        if !overwrite && !ENV[k].to_s.empty?
+          next
+        end
+        ENV[k] = v
+        injected << k
+      end
+      injected
+    end
+    def clear_cache
+      @mutex.synchronize { @cache.clear }
+    end
+    private
+    def resolve_team_id
+      @mutex.synchronize { return @resolved_team_id if @resolved_team_id }
+      if @team_input.match?(UUID_RE)
+        @mutex.synchronize { @resolved_team_id = @team_input }
+        return @team_input
+      end
+      body  = do_with_retry(:get, "#{@base_url}/api/v1/teams")
+      data  = parse_json(body)
+      teams = data.is_a?(Hash) ? data["teams"] : nil
+      raise DecodeError, "gagal decode list teams" unless teams.is_a?(Array)
+      teams.each do |t|
+        if t.is_a?(Hash) && t["slug"] == @team_input
+          @mutex.synchronize { @resolved_team_id = t["id"] }
+          return t["id"]
+        end
+      end
+      raise NotFound, %(team dengan slug "#{@team_input}" tidak ditemukan di akun ini)
+    end
+    def do_with_retry(method, url_str)
+      uri  = URI(url_str)
+      last = nil
+      0.upto(@max_retries) do |attempt|
+        begin
+          Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == "https",
+                          open_timeout: @timeout, read_timeout: @timeout) do |http|
+            req = case method
+                  when :get then Net::HTTP::Get.new(uri.request_uri)
+                  else raise ArgumentError, "method #{method} tidak didukung"
+                  end
+            req["Authorization"] = "Bearer #{@token}"
+            req["User-Agent"]    = "calvery-ruby/#{VERSION}"
+            req["Accept"]        = "application/json"
+            res = http.request(req)
+            status = res.code.to_i
+            case status
+            when 401, 403
+              raise AuthError, read_error_msg(res.body, status)
+            when 500..599
+              if attempt < @max_retries
+                sleep(backoff(attempt))
+                next
+              end
+              raise ServerError.new("HTTP #{status}: #{read_error_msg(res.body, status)}", status)
+            when 400..499
+              raise ServerError.new("HTTP #{status}: #{read_error_msg(res.body, status)}", status)
+            else
+              return res.body.to_s
+            end
+          end
+        rescue Timeout::Error, Errno::ECONNREFUSED, SocketError, IOError => e
+          last = e
+          if attempt < @max_retries
+            sleep(backoff(attempt))
+            next
+          end
+          raise NetworkError, "gagal konek ke #{@base_url}: #{e.message}"
+        end
+      end
+      raise NetworkError, "unreachable: #{last&.message}"
+    end
+    def backoff(attempt)
+      base_ms = [100 * (2**attempt), 2000].min
+      (base_ms + rand(100)) / 1000.0
+    end
+    def read_error_msg(body, status)
+      data = parse_json(body)
+      return data["error"] if data.is_a?(Hash) && data["error"].is_a?(String)
+      "HTTP #{status}"
+    rescue
+      "HTTP #{status}"
+    end
+    def parse_json(body)
+      return nil if body.nil? || body.empty?
+      JSON.parse(body)
+    rescue JSON::ParserError
+      nil
+    end
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,50 @@
+--- !ruby/object:Gem::Specification
+name: calvery
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Calvery
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2026-04-22 00:00:00.000000000 Z
+dependencies: []
+description: Get, list, and inject secrets from Calvery Vault into your Ruby app (Rails,
+  Sidekiq, Rake).
+email:
+- support@calvery.xyz
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/calvery.rb
+homepage: https://calvery.xyz
+licenses:
+- MIT
+metadata:
+  source_code_uri: https://github.com/RenzyArmstrong/calvery-sdks
+  bug_tracker_uri: https://github.com/RenzyArmstrong/Calvery-Vault/issues
+  documentation_uri: https://docs.calvery.xyz/sdk/ruby/
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.5
+signing_key:
+specification_version: 4
+summary: Official Ruby SDK for Calvery Vault secret manager
+test_files: []