chronicle-etl 0.4.4 → 0.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2f035ef95ebae675973ce505c71345c0c2da640b20a3e88050f4c88c76caf656
-  data.tar.gz: '0486e4ce5bfdb85ad6ccb5a792ac7aa5a897afecf839c759bb78a2f33136d34e'
+  metadata.gz: b8faa084cfe4a9f080ee5494c69b268b78bfa8f3502354e740264e6941f13daf
+  data.tar.gz: 1bf4f2751c71cadedc78a2fe3ed5b09bf86cd601a909e2fa2db0a0de8cc2c21d
 SHA512:
-  metadata.gz: f9a1ba3cb4a9abd3bc8a499012b3456b1a2b4cf1f55bed1213f0b1baa6ea96d0ad6e54a470425fa5aa4961061630095218a31f64ef4a39bea15c547219f9a7a8
-  data.tar.gz: d82ff59fd2875d55b079b7814b6a028f98f80f17d3ae2bb3291e5ae6cfb7e1b06f571e16fc73c83dea41d7682f24eb9b7ee3fa6ae7cc709ede57e12011e6a0be
+  metadata.gz: ff10779b663a3321b779fb03e07249856174d96fb96e405ae906a47441c288d6a245c852525801ba250cce1125cf05c523ef4ec75fdfb4335cef9003091437ed
+  data.tar.gz: 509f6f92e95341d212c54b6b000bc54e8ba03898497191a3e5d3b14db7bff3ed625d0fee403888fbb6103c1edc14de66b215d9aa84ddb68cefcf51c0e6c74138

data/.rubocop.yml

@@ -11,6 +11,9 @@ Style/StringLiterals:
 Layout/MultilineAssignmentLayout:
   Enabled: false
 
+Layout/MultilineMethodCallIndentation:
+  EnforcedStyle: indented
+
 Layout/RedundantLineBreak:
   Enabled: false
 

data/README.md

@@ -16,12 +16,21 @@ If you don’t want to spend all your time writing scrapers, reverse-engineering
 * **A common, opinionated schema**: You can normalize different datasets into a single schema so that, for example, all your iMessages and emails are stored in a common schema. Don’t want to use the schema? `chronicle-etl` always allows you to fall back on working with the raw extraction data.
 
 ## Installation
+
+Using homebrew:
+```sh
+$ brew install chronicle-app/etl/chronicle-etl
+
+```
+Using rubygems:
 ```sh
-# Install chronicle-etl
-gem install chronicle-etl
+$ gem install chronicle-etl
 ```
 
-After installation, the `chronicle-etl` command will be available in your shell. Homebrew support [is coming soon](https://github.com/chronicle-app/chronicle-etl/issues/13).
+Confirm it installed successfully:
+```sh
+$ chronicle-etl --version
+```
 
 ## Basic usage and running jobs
 
@@ -34,28 +43,60 @@ $ chronicle-etl --extractor NAME --transformer NAME --loader NAME
 
 # Read test.csv and display it to stdout as a table 
 $ chronicle-etl --extractor csv --input ./data.csv --loader table
+
+# Retrieve shell commands run in the last 5 hours
+$ chronicle-etl -e shell --since 5h
+
+# Get email senders from an .mbox email archive file
+$ chronicle-etl --extractor email:mbox -i sample-email-archive.mbox -t email --fields actor.slug
+
+# Save an access token as a secret and use it in a job
+$ chronicle-etl secrets:set pinboard access_token username:foo123
+$ chronicle-etl secrets:list # Verify that's it's available
+$ chronicle-etl -e pinboard --since 1mo # Used automatically based on plugin name
 ```
 
 ### Common options
 ```sh
 Options:
-  -j, [--name=NAME]                    # Job configuration name
-  -e, [--extractor=EXTRACTOR-NAME]     # Extractor class. Default: stdin
-      [--extractor-opts=key:value]     # Extractor options
-  -t, [--transformer=TRANFORMER-NAME]  # Transformer class. Default: null
-      [--transformer-opts=key:value]   # Transformer options
-  -l, [--loader=LOADER-NAME]           # Loader class. Default: stdout
-      [--loader-opts=key:value]        # Loader options
-  -i, [--input=FILENAME]               # Input filename or directory
-      [--since=DATE]                   # Load records SINCE this date. Overrides job's `load_since` configuration option in extractor's options
-      [--until=DATE]                   # Load records UNTIL this date
-      [--limit=N]                      # Only extract the first LIMIT records
-  -o, [--output=OUTPUT]                # Output filename
-      [--fields=field1 field2 ...]     # Output only these fields
-      [--log-level=LOG_LEVEL]          # Log level (debug, info, warn, error, fatal)
-                                       # Default: info
-  -v, [--verbose], [--no-verbose]      # Set log level to verbose
-      [--silent], [--no-silent]        # Silence all output
+  -e, [--extractor=NAME]                 # Extractor class. Default: stdin
+      [--extractor-opts=key:value]       # Extractor options
+  -t, [--transformer=NAME]               # Transformer class. Default: null
+      [--transformer-opts=key:value]     # Transformer options
+  -l, [--loader=NAME]                    # Loader class. Default: table
+      [--loader-opts=key:value]          # Loader options
+  -i, [--input=FILENAME]                 # Input filename or directory
+      [--since=DATE]                     # Load records SINCE this date (or fuzzy time duration)
+      [--until=DATE]                     # Load records UNTIL this date (or fuzzy time duration)
+      [--limit=N]                        # Only extract the first LIMIT records
+  -o, [--output=OUTPUT]                  # Output filename
+      [--fields=field1 field2 ...]       # Output only these fields
+      [--header-row], [--no-header-row]  # Output the header row of tabular output
+
+      [--log-level=LOG_LEVEL]            # Log level (debug, info, warn, error, fatal)
+                                         # Default: info
+  -v, [--verbose], [--no-verbose]        # Set log level to verbose
+      [--silent], [--no-silent]          # Silence all output
+```
+
+### Saving jobs
+
+You can save details about a job to a local config file (saved by default in `~/.config/chronicle/etl/jobs/job_name.yml`) to save yourself the trouble of setting the CLI flags for each run.
+
+```sh
+# Save a job named 'sample' to ~/.config/chronicle/etl/jobs/sample.yml
+$ chronicle-etl jobs:save sample --extractor pinboard --since 10d
+
+# Show details about the job
+$ chronicle-etl jobs:show sample
+
+# Run the job
+$ chronicle-etl jobs:run sample
+# Or more simply:
+$ chronicle-etl sample
+
+# Show all saved jobs
+$ chronicle-etl jobs:list
 ```
 
 ## Connectors
@@ -83,58 +124,51 @@ $ chronicle-etl connectors:list
 - [`json`](https://github.com/chronicle-app/chronicle-etl/blob/main/lib/chronicle/etl/loaders/json_loader.rb) - Load records serialized as JSON
 - [`rest`](https://github.com/chronicle-app/chronicle-etl/blob/main/lib/chronicle/etl/loaders/rest_loader.rb) - Serialize records with [JSONAPI](https://jsonapi.org/) and send to a REST API
 
-### Plugins
-Plugins provide access to data from third-party platforms, services, or formats. 
+## Chronicle Plugins
+Plugins provide access to data from third-party platforms, services, or formats. Plugins are packaged as separate rubygems and can be installed through the CLI (which installs the Gems under the hood).
+
+### Plugin usage
 
 ```bash
 # Install a plugin
 $ chronicle-etl plugins:install NAME
 
-# Install the imessage plugin
-$ chronicle-etl plugins:install imessage
-
 # List installed plugins
 $ chronicle-etl plugins:list
 
+# Use a plugin
+$ chronicle-etl plugins:install shell
+$ chronicle-etl --extractor shell:history --limit 10
+
 # Uninstall a plugin
 $ chronicle-etl plugins:uninstall NAME
 ```
 
-A few dozen importers exist [in my Memex project](https://hyfen.net/memex/) and they’re being ported over to the Chronicle system. This table shows what’s available now and what’s coming. Rows are sorted in very rough order of priority.
+### Status
+
+A few dozen importers exist [in my Memex project](https://hyfen.net/memex/) and I'm porting them over to the Chronicle system. The [Chronicle Plugin Tracker](https://github.com/orgs/chronicle-app/projects/1/views/1) lets you keep track what's available and what's coming soon.
 
-If you want to work together on a connector, please [get in touch](#get-in-touch)!
+If you don't see a plugin for a third-party provider or data source that you're interested in using with `chronicle-etl`, [please open an issue](https://github.com/chronicle-app/chronicle-etl/issues/new). If you want to work together on a plugin, please [get in touch](#get-in-touch)!
+
+#### Currently available
 
 | Name                                                            | Description                                                                                 | Availability                     |
 |-----------------------------------------------------------------|---------------------------------------------------------------------------------------------|----------------------------------|
 | [imessage](https://github.com/chronicle-app/chronicle-imessage) | iMessage messages and attachments                                                           | Available                        |
-| [shell](https://github.com/chronicle-app/chronicle-shell)       | Shell command history                                                                       | Available (zsh support pending)  |
-| [email](https://github.com/chronicle-app/chronicle-email)       | Emails and attachments from IMAP or .mbox files                                             | Available (imap support pending) |
+| [shell](https://github.com/chronicle-app/chronicle-shell)       | Shell command history                                                                       | Available (still needs zsh support)  |
+| [email](https://github.com/chronicle-app/chronicle-email)       | Emails and attachments from IMAP or .mbox files                                             | Available (still needs IMAP support) |
 | [pinboard](https://github.com/chronicle-app/chronicle-email)    | Bookmarks and tags                                                                          | Available                        |
 | [safari](https://github.com/chronicle-app/chronicle-safari)     | Browser history from local sqlite db                                                        | Available                        |
-| github                                                          | Github user and repo activity                                                               | In progress                      |
-| chrome                                                          | Browser history from local sqlite db                                                        | Needs porting                    |
-| whatsapp                                                        | Messaging history (via individual chat exports) or reverse-engineered local desktop install | Unstarted                        |
-| anki                                                            | Studying and card creation history                                                          | Needs porting                    |
-| facebook                                                        | Messaging and history posting via data export files                                         | Needs porting                    |
-| twitter                                                         | History via API or export data files                                                        | Needs porting                    |
-| foursquare                                                      | Location history via API                                                                    | Needs porting                    |
-| goodreads                                                       | Reading history via export csv (RIP goodreads API)                                          | Needs porting                    |
-| lastfm                                                          | Listening history via API                                                                   | Needs porting                    |
-| images                                                          | Process image files                                                                         | Needs porting                    |
-| arc                                                             | Location history from synced icloud backup files                                            | Needs porting                    |
-| firefox                                                         | Browser history from local sqlite db                                                        | Needs porting                    |
-| fitbit                                                          | Personal analytics via API                                                                  | Needs porting                    |
-| git                                                             | Commit history on a repo                                                                    | Needs porting                    |
-| google-calendar                                                 | Calendar events via API                                                                     | Needs porting                    |
-| instagram                                                       | Posting and messaging history via export data                                               | Needs porting                    |
-| shazam                                                          | Song tags via reverse-engineered API                                                        | Needs porting                    |
-| slack                                                           | Messaging history via API                                                                   | Need rethinking                  |
-| strava                                                          | Activity history via API                                                                    | Needs porting                    |
-| things                                                          | Task activity via local sqlite db                                                           | Needs porting                    |
-| bear                                                            | Note taking activity via local sqlite db                                                    | Needs porting                    |
-| youtube                                                         | Video activity via takeout data and API                                                     | Needs porting                    |
-
-### Writing your own connector
+| [github](https://github.com/chronicle-app/chronicle-github)     | Github activity stream                                                                      | Available                        |
+
+#### Coming soon
+
+In summary, the following **are coming soon**:
+anki, arc, bear, chrome, facebook, firefox, fitbit, foursquare, git, github, goodreads, google-calendar, images, instagram, lastfm, shazam, slack, strava, things, twitter, whatsapp, youtube.
+
+Please check the [Chronicle Plugin Tracker](https://github.com/orgs/chronicle-app/projects/1/views/1) for details.
+
+### Writing your own plugin
 
 Additional connectors are packaged as separate ruby gems. You can view the [iMessage plugin](https://github.com/chronicle-app/chronicle-imessage) for an example.
 
@@ -149,7 +183,7 @@ module Chronicle
     class FooExtractor < Chronicle::ETL::Extractor
       register_connector do |r|
         r.identifier = 'foo'
-        r.description = 'From foo.com'
+        r.description = 'from foo.com'
       end
 
       setting :access_token, required: true
@@ -168,6 +202,44 @@ module Chronicle
 end
 ```
 
+## Secrets Management
+
+If your job needs secrets such as access tokens or passwords, `chronicle-etl` has a built-in secret management system. 
+
+Secrets are organized in namespaces. Typically, you use one namespace per plugin (`pinboard` secrets for the `pinboard` plugin). When you run a job that uses the `pinboard` plugin extractor, for example, the secrets from that namespace will automatically be included in the extractor's options. To override which secrets get included, you can use do it in the connector options with `secrets: ALT-NAMESPACE`.
+
+Under the hood, secrets are stored in `~/.config/chronicle/etl/secrets/NAMESPACE.yml` with 0600 permissions on each file.
+
+### Using the secret manager
+
+```sh
+# Save a secret under the 'pinboard' namespace
+$ chronicle-etl secrets:set pinboard access_token username:foo123
+
+# Set a secret using stdin
+$ echo -n "username:foo123" | chronicle-etl secrets:set pinboard access_token
+
+# List available secretes
+$ chronicle-etl secrets:list
+
+# Use 'pinboard' secrets in the pinboard extractor's options (happens automatically)
+$ chronicle-etl -e pinboard --since 1mo
+
+# Use a custom secrets namespace
+$ chronicle-etl secrets:set pinboard-alt access_token different-username:foo123
+$ chronicle-etl -e pinboard --extractor-opts secrets:pinboard-alt --since 1mo
+
+# Remove a secret
+$ chronicle-etl secrets:unset pinboard access_token
+```
+
+## Roadmap
+
+- Keep tackling **new plugins**. See: [Chronicle Plugin Tracker](https://github.com/orgs/chronicle-app/projects/1)
+- Add support for **incremental extractions** #37
+- **Improve stdin extractor and shell command transformer** (#5) so that users can easily integrate their own scripts/tools into jobs
+- **Add documentation for Chronicle Schema**. It's found throughout this project but never explained.
+
 ## Development
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
 

data/chronicle-etl.gemspec

@@ -43,22 +43,23 @@ Gem::Specification.new do |spec|
   spec.add_dependency "marcel", "~> 1.0.2"
   spec.add_dependency "mini_exiftool", "~> 2.10"
   spec.add_dependency "nokogiri", "~> 1.13"
-  spec.add_dependency "runcom", ">= 6.0"
   spec.add_dependency "sequel", "~> 5.35"
   spec.add_dependency "sqlite3", "~> 1.4"
   spec.add_dependency "thor", "~> 1.2"
   spec.add_dependency "thor-hollaback", "~> 0.2"
   spec.add_dependency "tty-progressbar", "~> 0.17"
+  spec.add_dependency "tty-prompt", "~> 0.23"
   spec.add_dependency "tty-spinner"
   spec.add_dependency "tty-table", "~> 0.11"
-  spec.add_dependency "tty-prompt", "~> 0.23"
+  spec.add_dependency "xdg", ">= 4.0"
 
   spec.add_development_dependency "bundler", "~> 2.1"
+  spec.add_development_dependency "guard-rspec", "~> 4.7.3"
+  spec.add_development_dependency "fakefs"
   spec.add_development_dependency "pry-byebug", "~> 3.9"
   spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec", "~> 3.9"
+  spec.add_development_dependency "rubocop", "~> 1.25.1"
   spec.add_development_dependency "simplecov", "~> 0.21"
-  spec.add_development_dependency "guard-rspec", "~> 4.7.3"
   spec.add_development_dependency "yard", "~> 0.9.7"
-  spec.add_development_dependency "rubocop", "~> 1.25.1"
 end

data/lib/chronicle/etl/cli/connectors.rb

@@ -4,6 +4,8 @@ module Chronicle
   module ETL
     module CLI
       # CLI commands for working with ETL connectors
+      #
+      # @todo make this work with new plugin system (i.e. no loading of all plugins)
       class Connectors < SubcommandBase
         default_task 'list'
         namespace :connectors
@@ -11,8 +13,6 @@ module Chronicle
         desc "list", "Lists available connectors"
         # Display all available connectors that chronicle-etl has access to
         def list
-          Chronicle::ETL::Registry.load_all!
-
           connector_info = Chronicle::ETL::Registry.connectors.map do |connector_registration|
             {
               identifier: connector_registration.identifier,

data/lib/chronicle/etl/cli/jobs.rb

@@ -9,8 +9,6 @@ module Chronicle
         default_task "start"
         namespace :jobs
 
-        class_option :name, aliases: '-j', desc: 'Job configuration name'
-
         class_option :extractor, aliases: '-e', desc: "Extractor class. Default: stdin", banner: 'NAME'
         class_option :'extractor-opts', desc: 'Extractor options', type: :hash, default: {}
         class_option :transformer, aliases: '-t', desc: 'Transformer class. Default: null', banner: 'NAME'
@@ -20,8 +18,8 @@ module Chronicle
 
         # This is an array to deal with shell globbing
         class_option :input, aliases: '-i', desc: 'Input filename or directory', default: [], type: 'array', banner: 'FILENAME'
-        class_option :since, desc: "Load records SINCE this date", banner: 'DATE'
-        class_option :until, desc: "Load records UNTIL this date", banner: 'DATE'
+        class_option :since, desc: "Load records SINCE this date (or fuzzy time duration)", banner: 'DATE'
+        class_option :until, desc: "Load records UNTIL this date (or fuzzy time duration)", banner: 'DATE'
         class_option :limit, desc: "Only extract the first LIMIT records", banner: 'N'
 
         class_option :output, aliases: '-o', desc: 'Output filename', type: 'string'
@@ -44,12 +42,12 @@ module Chronicle
             If you do not want to use the command line flags, you can also configure a job with a .yml config file. You can either specify the path to this file or use the filename and place the file in ~/.config/chronicle/etl/jobs/NAME.yml and call it with `--job NAME`
 LONG_DESC
         # Run an ETL job
-        def start
-          job_definition = build_job_definition(options)
+        def start(name = nil)
+          job_definition = build_job_definition(name, options)
 
           if job_definition.plugins_missing?
             missing_plugins = job_definition.errors[:plugins]
-              .select { |error| error.is_a?(Chronicle::ETL::PluginLoadError) }
+              .select { |error| error.is_a?(Chronicle::ETL::PluginNotInstalledError) }
               .map(&:name)
               .uniq
             install_missing_plugins(missing_plugins)
@@ -57,25 +55,46 @@ LONG_DESC
 
           run_job(job_definition)
         rescue Chronicle::ETL::JobDefinitionError => e
-          cli_fail(message: "Error running job.\n#{job_definition.errors}", exception: e)
+          message = ""
+          job_definition.errors.each_pair do |category, errors|
+            message << "Problem with #{category}:\n  - #{errors.map(&:to_s).join("\n  - ")}"
+          end
+          cli_fail(message: "Error running job.\n#{message}", exception: e)
         end
 
-        desc "create", "Create a job"
+        option :'skip-confirmation', aliases: '-y', type: :boolean
+        desc "save", "Save a job"
         # Create an ETL job
-        def create
-          job_definition = build_job_definition(options)
+        def save(name)
+          write_config = true
+          job_definition = build_job_definition(name, options)
           job_definition.validate!
 
-          path = File.join('chronicle', 'etl', 'jobs', options[:name])
-          Chronicle::ETL::Config.write(path, job_definition.definition)
+          if Chronicle::ETL::Config.exists?("jobs", name) && !options[:'skip-confirmation']
+            prompt = TTY::Prompt.new
+            write_config = false
+            message = "Job '#{name}' exists already. Ovewrite it?"
+            begin
+              write_config = prompt.yes?(message)
+            rescue TTY::Reader::InputInterrupt
+            end
+          end
+
+          if write_config
+            Chronicle::ETL::Config.write("jobs", name, job_definition.definition)
+            cli_exit(message: "Job saved. Run it with `$chronicle-etl jobs:run #{name}`")
+          else
+            cli_fail(message: "\nJob not saved")
+          end
+
         rescue Chronicle::ETL::JobDefinitionError => e
           cli_fail(message: "Job definition error", exception: e)
         end
 
         desc "show", "Show details about a job"
         # Show an ETL job
-        def show
-          job_definition = build_job_definition(options)
+        def show(name = nil)
+          job_definition = build_job_definition(name, options)
           job_definition.validate!
           puts Chronicle::ETL::Job.new(job_definition)
         rescue Chronicle::ETL::JobDefinitionError => e
@@ -88,7 +107,7 @@ LONG_DESC
           jobs = Chronicle::ETL::Config.available_jobs
 
           job_details = jobs.map do |job|
-            r = Chronicle::ETL::Config.load("chronicle/etl/jobs/#{job}.yml")
+            r = Chronicle::ETL::Config.load("jobs", job)
 
             extractor = r[:extractor][:name] if r[:extractor]
             transformer = r[:transformer][:name] if r[:transformer]
@@ -109,6 +128,11 @@ LONG_DESC
         private
 
         def run_job(job_definition)
+          # FIXME: have to validate here so next method can work. This is clumsy
+          job_definition.validate!
+          # FIXME: clumsy to make CLI responsible for setting secrets here. Think about a better way to do this
+          job_definition.apply_default_secrets
+
           job = Chronicle::ETL::Job.new(job_definition)
           runner = Chronicle::ETL::Runner.new(job)
           runner.run!
@@ -128,29 +152,30 @@ LONG_DESC
         end
 
         # Create job definition by reading config file and then overwriting with flag options
-        def build_job_definition(options)
+        def build_job_definition(name, options)
           definition = Chronicle::ETL::JobDefinition.new
-          definition.add_config(load_job_config(options[:name]))
+          definition.add_config(load_job_config(name))
           definition.add_config(process_flag_options(options).transform_keys(&:to_sym))
           definition
         end
 
         def load_job_config name
-          Chronicle::ETL::Config.load_job_from_config(name)
+          Chronicle::ETL::Config.read_job(name)
         end
 
         # Takes flag options and turns them into a runner config
+        # TODO: this needs a lot of refactoring
         def process_flag_options options
-          extractor_options = options[:'extractor-opts'].merge({
+          extractor_options = options[:'extractor-opts'].transform_keys(&:to_sym).merge({
             input: (options[:input] if options[:input].any?),
             since: options[:since],
             until: options[:until],
-            limit: options[:limit],
+            limit: options[:limit]
           }.compact)
 
-          transformer_options = options[:'transformer-opts']
+          transformer_options = options[:'transformer-opts'].transform_keys(&:to_sym)
 
-          loader_options = options[:'loader-opts'].merge({
+          loader_options = options[:'loader-opts'].transform_keys(&:to_sym).merge({
             output: options[:output],
             header_row: options[:header_row],
             fields: options[:fields]

data/lib/chronicle/etl/cli/main.rb

@@ -24,6 +24,9 @@ module Chronicle
         desc 'plugins:COMMAND', 'Configure plugins', hide: true
         subcommand 'plugins', Plugins
 
+        desc 'secrets:COMMAND', 'Manage secrets', hide: true
+        subcommand 'secrets', Secrets
+
         # Entrypoint for the CLI
         def self.start(given_args = ARGV, config = {})
           # take a subcommand:command and splits them so Thor knows how to hand off to the subcommand class

data/lib/chronicle/etl/cli/plugins.rb

@@ -15,15 +15,25 @@ module Chronicle
         def install(*plugins)
           cli_fail(message: "Please specify a plugin to install") unless plugins.any?
 
-          spinner = TTY::Spinner.new("[:spinner] Installing #{plugins.join(", ")}...", format: :dots_2)
+          installed, not_installed = plugins.partition do |plugin|
+            Chronicle::ETL::Registry::PluginRegistry.installed?(plugin)
+          end
+
+          puts "Already installed: #{installed.join(", ")}" if installed.any?
+          cli_exit unless not_installed.any?
+
+          spinner = TTY::Spinner.new("[:spinner] Installing #{not_installed.join(", ")}...", format: :dots_2)
           spinner.auto_spin
-          plugins.each do |plugin|
+
+          not_installed.each do |plugin|
             spinner.update(title: "Installing #{plugin}")
             Chronicle::ETL::Registry::PluginRegistry.install(plugin)
+
           rescue Chronicle::ETL::PluginError => e
             spinner.error("Error".red)
             cli_fail(message: "Plugin '#{plugin}' could not be installed", exception: e)
           end
+
           spinner.success("(#{'successful'.green})")
         end
 

data/lib/chronicle/etl/cli/secrets.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+require "tty-prompt"
+
+module Chronicle
+  module ETL
+    module CLI
+      # CLI commands for working with ETL plugins
+      class Secrets < SubcommandBase
+        default_task 'list'
+        namespace :secrets
+
+        desc "set NAMESPACE KEY [VALUE]", "Add a secret. VALUE can be set as argument or from stdin"
+        def set(namespace, key, value=nil)
+          validate_namespace(namespace)
+
+          if value
+            # came as argument
+          elsif $stdin.respond_to?(:stat) && $stdin.stat.pipe?
+            value = $stdin.read
+          else
+            prompt = TTY::Prompt.new
+            value = prompt.mask("Please enter #{key} for #{namespace}:")
+          end
+
+          Chronicle::ETL::Secrets.set(namespace, key, value.strip)
+          cli_exit(message: "Secret set")
+        rescue TTY::Reader::InputInterrupt
+          cli_fail(message: "\nSecret not set")
+        end
+
+        desc "unset NAMESPACE KEY", "Remove a secret"
+        def unset(namespace, key)
+          validate_namespace(namespace)
+
+          Chronicle::ETL::Secrets.unset(namespace, key)
+          cli_exit(message: "Secret unset")
+        end
+
+        desc "list", "List available secrets"
+        def list(namespace=nil)
+          all_secrets = Chronicle::ETL::Secrets.all(namespace)
+          cli_exit(message: "No secrets are stored") unless all_secrets.any?
+
+          rows = []
+          all_secrets.each do |namespace, secrets|
+            rows += secrets.map do |key, value|
+              # hidden_value = (value[0..5] + ("*" * [0, [value.length - 5, 30].min].max)).truncate(30)
+              truncated_value = value.truncate(30)
+              [namespace, key, truncated_value]
+            end
+          end
+
+          headers = ['namespace', 'key', 'value'].map { |h| h.upcase.bold }
+
+          puts "Available secrets:"
+          table = TTY::Table.new(headers, rows)
+          puts table.render(indent: 0, padding: [0, 2])
+        end
+
+        private
+
+        def validate_namespace(namespace)
+          cli_fail(message: "'#{namespace}' is not a valid namespace") unless Chronicle::ETL::Secrets.valid_namespace_name?(namespace)
+        end
+      end
+    end
+  end
+end

data/lib/chronicle/etl/cli.rb

@@ -7,4 +7,5 @@ require 'chronicle/etl/cli/subcommand_base'
 require 'chronicle/etl/cli/connectors'
 require 'chronicle/etl/cli/jobs'
 require 'chronicle/etl/cli/plugins'
+require 'chronicle/etl/cli/secrets'
 require 'chronicle/etl/cli/main'