capistrano-secret 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +45 -33
- data/lib/capistrano/secret/tasks/secret.cap +6 -4
- data/lib/capistrano/secret/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d1efd5ae4212ee3a81cf676d6ce77a24460fb6e5
|
|
4
|
+
data.tar.gz: aeb27f2d1281a4c9ff09c1c7492a92b1d5d38aa8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bd3f80b96fa4afc6fdb5f97b324a89c314557f16273ac954af6a8abd9b626364f8ca707f7fb5876572dfe3e5933b7a1d15d450182dd8e1ba556c5509f3a48f93
|
|
7
|
+
data.tar.gz: 7f4396210c43944e488576f0dbb6e754395b8bca87d9d24a9df98e269f81b2878e5ccfeb5f480d236cae0011f8f28448440b0e71a9762cf2f1cdf33a312f2549
|
data/README.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
#
|
|
1
|
+
# Capistrano::Secret
|
|
2
2
|
|
|
3
3
|
A [Capistrano](http://capistranorb.com/) gem to isolate secret information.
|
|
4
4
|
|
|
@@ -7,32 +7,28 @@ This usually leads to cumbersome and risky setups, especially when combined with
|
|
|
7
7
|
|
|
8
8
|
This tiny gem provides methods to **easily** do the **right thing**: conveniently tuck all secrets in a JSON file in a dedicated folder, and easily the information from the rest of the Capistrano tasks.
|
|
9
9
|
|
|
10
|
+
|
|
10
11
|
## Quick start
|
|
11
12
|
|
|
12
|
-
|
|
13
|
-
```
|
|
13
|
+
In a shell:
|
|
14
|
+
```bash
|
|
14
15
|
gem install capistrano-secret
|
|
16
|
+
echo "require 'capistrano/secret'" >> Capfile
|
|
17
|
+
mkdir config/secret
|
|
18
|
+
echo "config/secret" >> .gitignore
|
|
19
|
+
echo '{"secret":{"of": {"life": 42}}}' > config/secret/production.json
|
|
20
|
+
echo '{"secret":{"of": {"life": "partying like crazy"}}}' > config/secret/staging.json
|
|
15
21
|
```
|
|
16
22
|
|
|
17
|
-
|
|
23
|
+
Then in any Capistrano task:
|
|
18
24
|
```ruby
|
|
19
|
-
|
|
20
|
-
```
|
|
21
|
-
|
|
22
|
-
Create secret directory and add it to `.gitignore`:
|
|
23
|
-
```
|
|
24
|
-
config/secret
|
|
25
|
+
puts "I know the secret, it is #{secret('secret.of.life')}";
|
|
25
26
|
```
|
|
26
27
|
|
|
27
|
-
Then in Capistrano access any secret with:
|
|
28
|
-
|
|
29
|
-
```ruby
|
|
30
|
-
secret('path.to.example.key');
|
|
31
|
-
```
|
|
32
28
|
|
|
33
29
|
## Features
|
|
34
30
|
|
|
35
|
-
|
|
31
|
+
Capistrano::Secret advantages:
|
|
36
32
|
|
|
37
33
|
* All secret information in one unique place: no duplication, easy to keep out of repository.
|
|
38
34
|
* Files contain only secret: no mixing with other, non-sensitive information (like configuration directives).
|
|
@@ -40,7 +36,8 @@ Here are capistrano-secret's advantages over alternatives (like keeping whole co
|
|
|
40
36
|
* Each stages has its own set of secrets.
|
|
41
37
|
* Method name makes it explicit to developer this is sensitive information (it's called `secret()`!).
|
|
42
38
|
|
|
43
|
-
|
|
39
|
+
It really shines when used in conjunction with a templating library like [capistrano-template](https://github.com/xavierpriour/capistrano-template),
|
|
40
|
+
to generate configuration files at deployment. Check it out!
|
|
44
41
|
|
|
45
42
|
## Requirements
|
|
46
43
|
|
|
@@ -48,38 +45,46 @@ Full power shows when used in conjunction with a templating library like [capist
|
|
|
48
45
|
|
|
49
46
|
All dependencies are listed in the .gemspec file so if using `bundler` you just need to `bundle install` in your project directory.
|
|
50
47
|
|
|
51
|
-
## Usage
|
|
52
48
|
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
49
|
+
## Installation
|
|
50
|
+
|
|
51
|
+
Add this line to your application's Gemfile:
|
|
52
|
+
```
|
|
53
|
+
gem 'capistrano-template'
|
|
56
54
|
```
|
|
57
55
|
|
|
58
|
-
|
|
59
|
-
```
|
|
60
|
-
|
|
56
|
+
And then execute:
|
|
57
|
+
```bash
|
|
58
|
+
$ bundle
|
|
61
59
|
```
|
|
62
60
|
|
|
61
|
+
Or install it yourself as:
|
|
62
|
+
```bash
|
|
63
|
+
$ gem install capistrano-template
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
|
|
67
|
+
## Usage
|
|
68
|
+
|
|
63
69
|
Include gem in your `Capfile`:
|
|
64
70
|
```ruby
|
|
65
71
|
require 'capistrano/secret'
|
|
66
72
|
```
|
|
67
73
|
|
|
68
74
|
Create directory where secret information will be stored.
|
|
69
|
-
Default is `config/secret`, to
|
|
75
|
+
Default is `config/secret`, to use a different one define `secret_dir` in `deploy.rb`:
|
|
70
76
|
```ruby
|
|
71
|
-
set :secret_dir, '
|
|
77
|
+
set :secret_dir, 'new/secret/dir'
|
|
72
78
|
```
|
|
73
79
|
|
|
74
|
-
Ensure the directory stays out of repository
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
config/secret
|
|
80
|
+
Ensure the directory stays out of repository (for git, add it to `.gitignore`):
|
|
81
|
+
```bash
|
|
82
|
+
echo 'config/secret' >> .gitignore
|
|
78
83
|
```
|
|
79
84
|
|
|
80
85
|
Then in the directory, create one JSON file per stage (same name as the stage):
|
|
81
|
-
```
|
|
82
|
-
config/secret/production.json
|
|
86
|
+
```bash
|
|
87
|
+
touch config/secret/production.json
|
|
83
88
|
```
|
|
84
89
|
|
|
85
90
|
In the files, define keys as needed, using JSON syntax. For example:
|
|
@@ -107,4 +112,11 @@ So you can test the return value of any part of the path to see if an option is
|
|
|
107
112
|
if secret('mail') then
|
|
108
113
|
# do something with mail info, like send a msg after deploy
|
|
109
114
|
end
|
|
110
|
-
```
|
|
115
|
+
```
|
|
116
|
+
|
|
117
|
+
## Contributing
|
|
118
|
+
1. Fork it ( https://github.com/xavierpriour/capistrano-secret/fork )
|
|
119
|
+
2. Create your feature branch (`git checkout -b my-new-feature`)
|
|
120
|
+
3. Commit your changes (`git commit -am 'Add some feature'`)
|
|
121
|
+
4. Push to the branch (`git push origin my-new-feature`)
|
|
122
|
+
5. Create a new Pull Request
|
|
@@ -2,8 +2,12 @@ require 'json'
|
|
|
2
2
|
|
|
3
3
|
# - key: (string), can be a dot notation
|
|
4
4
|
def secret(key)
|
|
5
|
+
result = fetch(:secret);
|
|
6
|
+
if result.nil? #lazy load
|
|
7
|
+
Rake::Task['secret:load'].invoke
|
|
8
|
+
result = fetch(:secret);
|
|
9
|
+
end
|
|
5
10
|
parts = key.split('.');
|
|
6
|
-
result = fetch(:secret, {});
|
|
7
11
|
parts.each {|k|
|
|
8
12
|
if result.has_key?(k);
|
|
9
13
|
result = result[k];
|
|
@@ -35,6 +39,4 @@ DESC
|
|
|
35
39
|
end
|
|
36
40
|
set :secret, secret
|
|
37
41
|
end
|
|
38
|
-
end
|
|
39
|
-
|
|
40
|
-
before 'deploy:starting', 'secret:load'
|
|
42
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: capistrano-secret
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Xavier Priour
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-08-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|