conf_conf 1.0.2 → 2.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5ae8997ac5c6fb20fe8a764c3cdcc8b1ef08a07e
-  data.tar.gz: 0d96b60522f33f63984c9e1bda6b2aa106f5353e
+  metadata.gz: 6266749f82f44ef3b88a7d50bfb5ad35f2ecbedc
+  data.tar.gz: c9d7fa66ba405015c4546d4f36777d3b1494b19f
 SHA512:
-  metadata.gz: 38d308e844b7cf90e7dbc58ca78465bde0cdbd6f4277193886520ccc48779d15aca22454ef9726206892f30fb02cc0129f2c86f92bebdd4eabaf8c064f0b1bd2
-  data.tar.gz: 5ddbb1345649fa3564c3abb98d7cfc0e2c8e791ca230ce25f2238d6f9e88dda5ccab3bafb73088e0aa8445c94a0c9b7e8ba690bd152a216ac52bdbde26ffb211
+  metadata.gz: a90bb66f10350795befb7573066f7f7883fd3c28028860aaceea3ebc05b45d7110e4d187ec6ea03da7039020fda67c02a14ec6d9c162772b6eb4f6ed0e47a504
+  data.tar.gz: 8325c29e6630c1a2589a665ce82ced86914999b22ea323ab3f417cc94131894dd9859344c78650f9ad996a80ec86082b4efc76a780cadcbb9e30e71a32d73bc7

data/.gitignore

@@ -0,0 +1,4 @@
+.bundle/
+Gemfile.lock
+vendor/
+*.un~

data/README.md

@@ -1,83 +1,271 @@
 # ConfConf
 
-Twelve factor applications pull configuration values from the 
-environment. These variables should be verified at application
-boot to prevent exceptions and unexpected behavior during
-run time.
+Securely store, manage, and verify availability of environment variables for your
+application over multiple environments.
 
-ConfConf is a simple pattern and utility for verifying the
-correctness of the environment variables at application boot so
-we can fail fast when there's a configuration problem.
+ConfConf encrypts the configuration values it stores, and intends to allow this
+configuration to contain sensitive information while living in source control.
 
-## Installation
+Set a variable:
 
-Add `gem 'conf_conf'` to your application's Gemfile.
+```
+$ conf_conf variables set --env=development MANDRILL_SECRET=XYZ
+```
+
+Check environment consistency:
+
+```
+$ conf_conf environments check
+  {
+    "production":{
+      "missing":[
+        "MANDRILL_SECRET"
+      ]
+    }
+  }
+```
+
+Export a .env file:
+
+```
+$ conf_conf export development > .env
+  MANDRILL_SECRET=XYZ
+```
+
+Fail fast:
+
+```
+$ bundle exec rails c
+fail: ConfConf::InconsistentConfigurationError
+```
+
+## Install ConfConf
+
+```
+$ gem install conf_conf
+$ conf_conf --help
+```
+
+ConfConf can manage configuration variables as a standalone application, but if
+you're using Ruby, ConfConf can load yoru configuration directly from the
+encrypted files.
+
+Add `gem 'conf_conf'` to your application's Gemfile and `bundle install`
+
+Better yet, go to https://rubygems.org/gems/conf_conf and configure a specific version requirement.
 
 ## Usage
 
-Add a new initializer - if you use conf_conf.rb , as a matter of 
-convention you shouldn't add ConfConf configuration blocks to
-other initializers.
+Initialize storage and key management:
+
+```
+$ conf_conf init
+```
+
+This creates the `config/conf_conf` directory, where environments are encrypted
+and subsequently stored. Additionally, if ~/.conf_conf.json was not present,
+init will write a keypair to the file.
+
+## Initialize Environments
+
+For each of the environments your application runs under, add an environment to
+ConfConf:
+
+```
+$ conf_conf environments add development
+$ conf_conf environments add production
+$ conf_conf environments list
+  [
+    "development",
+    "production"
+  ]
+```
+
+## Load Configuration
+
+Set up two variables that should be available for both the production and
+development environments:
+
+```
+$ conf_conf variables set USE_HEADER_BLOCK=true ENABLE_JSON_RESPONSES=true
+```
+
+Check that they're in place:
+
+```
+$ conf_conf info
+  {
+    "environments":[
+      "development",
+      "production"
+    ],
+    "variables":{
+      "USE_HEADER_BLOCK":[
+        "development",
+        "production"
+      ],
+      "ENABLE_JSON_RESPONSES":[
+        "development",
+        "production"
+      ]
+    }
+  }
+```
+
+Disable JSON responses in production:
+
+```
+$ conf_conf variables set --env=production ENABLE_JSON_RESPONSES=false
+```
+
+## Importing .env
+
+If a dotenv file (.env) exists, variables defined there can be merged into the
+ConfConf container:
+
+```
+$ cat .env
+  USE_FOOTER_BLOCK=true
+
+$ conf_conf import development
+  {
+    "USE_HEADER_BLOCK":"true",
+    "ENABLE_JSON_RESPONSES":"true",
+    "USE_FOOTER_BLOCK":"true"
+  }
+```
+
+## Exporting .env
+
+The development environment:
+
+```
+$ conf_conf export development > .env
+$ cat .env
+  USE_HEADER_BLOCK=true
+  ENABLE_JSON_RESPONSES=true
+  USE_FOOTER_BLOCK=true
+```
+
+And the production environment:
+
+```
+$ conf_conf export production > .env
+$ cat .env
+  USE_HEADER_BLOCK=true
+  ENABLE_JSON_RESPONSES=false
+```
+
+## Detecting Configuration Inconsistencies
+
+An application running in the development environment has access to the
+USE_FOOTER_BLOCK variable. When the application runs in production, it may not
+have access to the proper configuration:
+
+```
+$ conf_conf environments check
+  {
+    "production":{
+      "missing":[
+        "USE_FOOTER_BLOCK"
+      ]
+    }
+  }
+```
+
+## Multiple Developers / Keys
+
+Additional access keys can be configured to allow access to the encrypted
+configuration. Given the other developers public key from the ~/.conf_conf.json
+file (or by running `conf_conf developers key`). Permit two other developers
+access to the environment configurations:
+
+```
+$ conf_conf developers permit <developer-key>
+$ conf_conf developers permit <developer-key2>
+```
+
+Revoke access:
+
+```
+$ conf_conf developers revoke <developer-key2>
+```
+
+Revoking a key will update all environments, and the key will no longer be able
+to access any content within them. The key still had access to the values at one
+point, so they should be changed promptly.
+
+ConfConf tracks variable values that have not changed since the revokation. An
+interface for viewing these variables is planned.
+
+## Add ConfConf to your Rails/Ruby Project
+
+You don't need an application to use ConfConf, but if you're using Ruby,
+ConfConf can load your environment variables directly from the encrypted
+files.
+
+Add `gem 'conf_conf'` to your application's Gemfile and `bundle install`
+
+Better yet, go to https://rubygems.org/gems/conf_conf and configure a specific version requirement.
+
+
+## Loading Environments with Ruby
+
+Add a new initializer and within it a ConfConf configuration block:
 
 ```ruby
 # config/initializers/conf_conf.rb
-$configuration = ConfConf.configuration do
-  # Sets $configuration.secret_key, app fails to boot if not present
-  config :secret_key
-end
+environment = Rails.env
+ConfConf.configuration(environment)
 ```
 
-In the case above, if SECRET_KEY is not present, then
-`ConfConf::MissingConfigurationValueError` is raised:
+To access configuration values through a configuration object and not ENV:
 
-```
-  $ bin/rails s
-  ...
-  Exiting
-  conf_conf/lib/conf_conf.rb:50:in `default_value': Please set SECRET_KEY or supply a default value
-(ConfConf::MissingConfigurationValueError)
-    from conf_conf/lib/conf_conf.rb:42
-    ...
+```ruby
+# config/initializers/conf_conf.rb
+$configuration = ConfConf.configuration('production') do
+  config :secret_key
+end
 ```
 
+In the case above, if `SECRET_KEY` is not present, `ConfConf::MissingConfigurationValueError` is raised. If it is, then $configuration.secret_key will contain the value from `ENV["SECRET_KEY"]`.
+
 ### Default Values
 
+Pass an options hash with the `:default` key set to  a default value to prevent
+the boot from raising an error when the value isn't available from the
+environment. This will prevent inconsistency exceptions.
+
 ```ruby
-# Sets $configuration.public_key from ENV["PUBLIC_KEY"], or uses the default if not available in ENV
 config :public_key, default: "XYZ123"
 ```
 
 ### Casting
 
-You can adjust the value from the environment and typecast it or perform
-additional validation by passing a block to `config`:
+You can adjust the value from the environment and typecast it or perform additional validation by passing a block to `config`:
 
 ```ruby
-# Sets $configuration.admin to a boolean value of true or false based on truthiness of ENV key, app fails to boot if not present
-config(:admin) { |admin| 
-  admin ? true : false 
+config(:admin) { |admin|
+  admin ? true : false
 }
 ```
 
 ### Varying Names
 
-If you'd like to reference a configuration value with a different name, you can
-use the `from` key as an option to `config` and pass it the name to expect from
-the environment.
+If you'd like to reference a configuration value with a different name, you can use the `:from` key as an option to `config` and pass it the name to expect from the environment.
 
 ```ruby
-# Sets $configuration.public_key from ENV["PUBLIC_KEY_WITH_ALT_NAME"]
 config :public_key, from: "PUBLIC_KEY_WITH_ALT_NAME"
 ```
 
 ## Rails.configuration
 
-To assign directly to Rails.configuration instead of CONFCONF, you can
-use `ConfConf.rails_configuration` method.
+To assign directly to Rails.configuration instead of $configuration, you can use `ConfConf.rails_configuration` method.
 
 ```ruby
 # config/initializers/conf_conf.rb
-ConfConf.rails_configuration do
+environment = ENV['RAILS_ENV'] # ConfConf values are merged, so this can still be part of the system's environment
+ConfConf.rails_configuration(environment) do
   # Sets Rails.configuration.secret_key
   config :secret_key
 end

data/bin/conf_conf

@@ -0,0 +1,136 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib'
+
+require 'rubygems'
+require 'thor'
+require 'highline/import'
+require 'fileutils'
+require 'conf_conf'
+
+##
+# Domain Language:
+#   Instance                    A running version of the Project with its own Environment
+#   Environment                 A set of Environment Variables
+#   Environment Name            The name of an Environment (production/development/staging,etc)
+#   Environment Variable        A combination of a Config Key and a config Value
+#   Variable Name               The name of an Environment Variable
+#   Variable Value              The value of an Environment Variable
+#   Project                     An application that can can run under multiple Environments
+#
+# State Files:
+#   User Key                    Keypair for the current system user
+#   User Key File               ~/.conf_conf.json
+#
+#     {
+#       public_key: '',
+#       private_key: ''
+#     }
+#
+#   Config Directory            ./config/conf_conf
+#
+#   Developer Keys              ./config/conf_conf/developers.json
+#     [<public_key1>, <public_key2>, <public_key3>]
+#
+#   Environment Config File     ./config/conf_conf/environments/#{environment}.json
+#     {
+#       author_public_key: { author_pretty_public_key },
+#
+#       encrypted_environment_secret_key: {
+#         public_key1: encrypted(environment_secret_key),
+#         public_key2: encrypted(environment_secret_key),
+#         public_key3: encrypted(environment_secret_key)
+#       },
+#
+#       schema: {
+#         'RAILS_ENV':    { access: [<public_key1>,<public_key2>,<public_key3>,<public_key5>] },
+#         'SUPER_SECRET': { access: [<public_key1>,<public_key2>,<public_key3>] }
+#       },
+#
+#       encrypted_environment: encrypted(environment, with: environment_secret_key)
+#     }
+#
+#     ConfConf::Developer
+#       #public_key
+#       #secret_key
+#       #pretty_public_key
+#       .current
+#
+#     ConfConf::Project
+#       - developers   => [ConfConf::developer,...]
+#       - environments => ConfConf::Project::environments
+#
+#     ConfConf::Project::Developers
+#       - new(project)      => ConfConf::Project::developers
+#       - add(developer)    => ConfConf::Project::developer
+#       - remove(developer) => ConfConf::Project::developer
+#
+#     ConfConf::Project::Environments
+#       - length
+#       - [](name)
+#
+#     ConfConf::Project::Environment
+#       - new(project, name, variables)
+#       - set(variable_name, variable_value)
+#       - get(variable_name)
+#       - remove(variable_name)
+#       - variables => Hash
+#       - save
+#
+#  System:
+#
+#   Securely stores Environment Variables for each Environment, encrypted with multi-user
+#   access.
+#
+#   Each Developer is a User on their development system. This User has a public key and
+#   a private key.
+#
+#   When an environment is changed:
+#     1) Choose a random Secret Key, K
+#     2) Encrypt the key for all Developers with access to the Project.
+#     3) Store a map of Developer Keys to the Encrypted Secret Key in the Secret Key File
+#     4) Encrypt the changed environment, store or replace it in the Environments File
+#
+#   When an environment is loaded:
+#     1) Find the Encrypted Key from the Secret Key File with User Public Key
+#     2) Decrypt the Encrypted Secret Key to get the Secret Key
+#     3) Decrypt the environment file with the Secret Key
+#
+# Features:
+#   1) Initialize conf_conf for the Project
+#     $ conf_conf init
+#
+#   2) Configure Environments
+#     $ conf_conf env add production development staging
+#     $ conf_conf env remove production
+#
+#   3) Defining Config Values
+#     $ conf_conf set RAILS_ADMIN=true
+#     $ conf_conf set --env=production PRIVATE_KEY=xyz
+#     $ conf_conf set --env=development PRIVATE_KEY=xyz
+#     $ conf_conf remove --env=production RAILS_ADMIN
+#
+#   4) Checking Environment for consistency with all environments
+#     $ conf_conf check
+#        [ERROR]: RAILS_ADMIN not set in production.
+#          > Run `conf_conf set --env=production RAILS_ADMIN=X` to set it
+#        [WARN]: RAILS_SESSION_SECRET not changed since revoking XYZ's access
+
+#   5) Developers
+#     Print current key
+#     $ conf_conf key
+#
+#     Permit the key
+#     $ conf_conf permit <key>
+#
+#     Revoke the key
+#     $ conf_conf revoke <key>
+#
+#   6) Loading Environments
+#     $ conf_conf dump development > .env
+#
+# conf_conf/capistrano provides utilities to check for configuration
+# errors prior to deployment.
+
+require 'conf_conf/cli'
+ConfConf::CLI::Root.start(ARGV)