conf_conf 1.0.2 → 2.0.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 5ae8997ac5c6fb20fe8a764c3cdcc8b1ef08a07e
4
- data.tar.gz: 0d96b60522f33f63984c9e1bda6b2aa106f5353e
3
+ metadata.gz: 6266749f82f44ef3b88a7d50bfb5ad35f2ecbedc
4
+ data.tar.gz: c9d7fa66ba405015c4546d4f36777d3b1494b19f
5
5
  SHA512:
6
- metadata.gz: 38d308e844b7cf90e7dbc58ca78465bde0cdbd6f4277193886520ccc48779d15aca22454ef9726206892f30fb02cc0129f2c86f92bebdd4eabaf8c064f0b1bd2
7
- data.tar.gz: 5ddbb1345649fa3564c3abb98d7cfc0e2c8e791ca230ce25f2238d6f9e88dda5ccab3bafb73088e0aa8445c94a0c9b7e8ba690bd152a216ac52bdbde26ffb211
6
+ metadata.gz: a90bb66f10350795befb7573066f7f7883fd3c28028860aaceea3ebc05b45d7110e4d187ec6ea03da7039020fda67c02a14ec6d9c162772b6eb4f6ed0e47a504
7
+ data.tar.gz: 8325c29e6630c1a2589a665ce82ced86914999b22ea323ab3f417cc94131894dd9859344c78650f9ad996a80ec86082b4efc76a780cadcbb9e30e71a32d73bc7
data/.gitignore ADDED
@@ -0,0 +1,4 @@
1
+ .bundle/
2
+ Gemfile.lock
3
+ vendor/
4
+ *.un~
data/README.md CHANGED
@@ -1,83 +1,271 @@
1
1
  # ConfConf
2
2
 
3
- Twelve factor applications pull configuration values from the
4
- environment. These variables should be verified at application
5
- boot to prevent exceptions and unexpected behavior during
6
- run time.
3
+ Securely store, manage, and verify availability of environment variables for your
4
+ application over multiple environments.
7
5
 
8
- ConfConf is a simple pattern and utility for verifying the
9
- correctness of the environment variables at application boot so
10
- we can fail fast when there's a configuration problem.
6
+ ConfConf encrypts the configuration values it stores, and intends to allow this
7
+ configuration to contain sensitive information while living in source control.
11
8
 
12
- ## Installation
9
+ Set a variable:
13
10
 
14
- Add `gem 'conf_conf'` to your application's Gemfile.
11
+ ```
12
+ $ conf_conf variables set --env=development MANDRILL_SECRET=XYZ
13
+ ```
14
+
15
+ Check environment consistency:
16
+
17
+ ```
18
+ $ conf_conf environments check
19
+ {
20
+ "production":{
21
+ "missing":[
22
+ "MANDRILL_SECRET"
23
+ ]
24
+ }
25
+ }
26
+ ```
27
+
28
+ Export a .env file:
29
+
30
+ ```
31
+ $ conf_conf export development > .env
32
+ MANDRILL_SECRET=XYZ
33
+ ```
34
+
35
+ Fail fast:
36
+
37
+ ```
38
+ $ bundle exec rails c
39
+ fail: ConfConf::InconsistentConfigurationError
40
+ ```
41
+
42
+ ## Install ConfConf
43
+
44
+ ```
45
+ $ gem install conf_conf
46
+ $ conf_conf --help
47
+ ```
48
+
49
+ ConfConf can manage configuration variables as a standalone application, but if
50
+ you're using Ruby, ConfConf can load yoru configuration directly from the
51
+ encrypted files.
52
+
53
+ Add `gem 'conf_conf'` to your application's Gemfile and `bundle install`
54
+
55
+ Better yet, go to https://rubygems.org/gems/conf_conf and configure a specific version requirement.
15
56
 
16
57
  ## Usage
17
58
 
18
- Add a new initializer - if you use conf_conf.rb , as a matter of
19
- convention you shouldn't add ConfConf configuration blocks to
20
- other initializers.
59
+ Initialize storage and key management:
60
+
61
+ ```
62
+ $ conf_conf init
63
+ ```
64
+
65
+ This creates the `config/conf_conf` directory, where environments are encrypted
66
+ and subsequently stored. Additionally, if ~/.conf_conf.json was not present,
67
+ init will write a keypair to the file.
68
+
69
+ ## Initialize Environments
70
+
71
+ For each of the environments your application runs under, add an environment to
72
+ ConfConf:
73
+
74
+ ```
75
+ $ conf_conf environments add development
76
+ $ conf_conf environments add production
77
+ $ conf_conf environments list
78
+ [
79
+ "development",
80
+ "production"
81
+ ]
82
+ ```
83
+
84
+ ## Load Configuration
85
+
86
+ Set up two variables that should be available for both the production and
87
+ development environments:
88
+
89
+ ```
90
+ $ conf_conf variables set USE_HEADER_BLOCK=true ENABLE_JSON_RESPONSES=true
91
+ ```
92
+
93
+ Check that they're in place:
94
+
95
+ ```
96
+ $ conf_conf info
97
+ {
98
+ "environments":[
99
+ "development",
100
+ "production"
101
+ ],
102
+ "variables":{
103
+ "USE_HEADER_BLOCK":[
104
+ "development",
105
+ "production"
106
+ ],
107
+ "ENABLE_JSON_RESPONSES":[
108
+ "development",
109
+ "production"
110
+ ]
111
+ }
112
+ }
113
+ ```
114
+
115
+ Disable JSON responses in production:
116
+
117
+ ```
118
+ $ conf_conf variables set --env=production ENABLE_JSON_RESPONSES=false
119
+ ```
120
+
121
+ ## Importing .env
122
+
123
+ If a dotenv file (.env) exists, variables defined there can be merged into the
124
+ ConfConf container:
125
+
126
+ ```
127
+ $ cat .env
128
+ USE_FOOTER_BLOCK=true
129
+
130
+ $ conf_conf import development
131
+ {
132
+ "USE_HEADER_BLOCK":"true",
133
+ "ENABLE_JSON_RESPONSES":"true",
134
+ "USE_FOOTER_BLOCK":"true"
135
+ }
136
+ ```
137
+
138
+ ## Exporting .env
139
+
140
+ The development environment:
141
+
142
+ ```
143
+ $ conf_conf export development > .env
144
+ $ cat .env
145
+ USE_HEADER_BLOCK=true
146
+ ENABLE_JSON_RESPONSES=true
147
+ USE_FOOTER_BLOCK=true
148
+ ```
149
+
150
+ And the production environment:
151
+
152
+ ```
153
+ $ conf_conf export production > .env
154
+ $ cat .env
155
+ USE_HEADER_BLOCK=true
156
+ ENABLE_JSON_RESPONSES=false
157
+ ```
158
+
159
+ ## Detecting Configuration Inconsistencies
160
+
161
+ An application running in the development environment has access to the
162
+ USE_FOOTER_BLOCK variable. When the application runs in production, it may not
163
+ have access to the proper configuration:
164
+
165
+ ```
166
+ $ conf_conf environments check
167
+ {
168
+ "production":{
169
+ "missing":[
170
+ "USE_FOOTER_BLOCK"
171
+ ]
172
+ }
173
+ }
174
+ ```
175
+
176
+ ## Multiple Developers / Keys
177
+
178
+ Additional access keys can be configured to allow access to the encrypted
179
+ configuration. Given the other developers public key from the ~/.conf_conf.json
180
+ file (or by running `conf_conf developers key`). Permit two other developers
181
+ access to the environment configurations:
182
+
183
+ ```
184
+ $ conf_conf developers permit <developer-key>
185
+ $ conf_conf developers permit <developer-key2>
186
+ ```
187
+
188
+ Revoke access:
189
+
190
+ ```
191
+ $ conf_conf developers revoke <developer-key2>
192
+ ```
193
+
194
+ Revoking a key will update all environments, and the key will no longer be able
195
+ to access any content within them. The key still had access to the values at one
196
+ point, so they should be changed promptly.
197
+
198
+ ConfConf tracks variable values that have not changed since the revokation. An
199
+ interface for viewing these variables is planned.
200
+
201
+ ## Add ConfConf to your Rails/Ruby Project
202
+
203
+ You don't need an application to use ConfConf, but if you're using Ruby,
204
+ ConfConf can load your environment variables directly from the encrypted
205
+ files.
206
+
207
+ Add `gem 'conf_conf'` to your application's Gemfile and `bundle install`
208
+
209
+ Better yet, go to https://rubygems.org/gems/conf_conf and configure a specific version requirement.
210
+
211
+
212
+ ## Loading Environments with Ruby
213
+
214
+ Add a new initializer and within it a ConfConf configuration block:
21
215
 
22
216
  ```ruby
23
217
  # config/initializers/conf_conf.rb
24
- $configuration = ConfConf.configuration do
25
- # Sets $configuration.secret_key, app fails to boot if not present
26
- config :secret_key
27
- end
218
+ environment = Rails.env
219
+ ConfConf.configuration(environment)
28
220
  ```
29
221
 
30
- In the case above, if SECRET_KEY is not present, then
31
- `ConfConf::MissingConfigurationValueError` is raised:
222
+ To access configuration values through a configuration object and not ENV:
32
223
 
33
- ```
34
- $ bin/rails s
35
- ...
36
- Exiting
37
- conf_conf/lib/conf_conf.rb:50:in `default_value': Please set SECRET_KEY or supply a default value
38
- (ConfConf::MissingConfigurationValueError)
39
- from conf_conf/lib/conf_conf.rb:42
40
- ...
224
+ ```ruby
225
+ # config/initializers/conf_conf.rb
226
+ $configuration = ConfConf.configuration('production') do
227
+ config :secret_key
228
+ end
41
229
  ```
42
230
 
231
+ In the case above, if `SECRET_KEY` is not present, `ConfConf::MissingConfigurationValueError` is raised. If it is, then $configuration.secret_key will contain the value from `ENV["SECRET_KEY"]`.
232
+
43
233
  ### Default Values
44
234
 
235
+ Pass an options hash with the `:default` key set to a default value to prevent
236
+ the boot from raising an error when the value isn't available from the
237
+ environment. This will prevent inconsistency exceptions.
238
+
45
239
  ```ruby
46
- # Sets $configuration.public_key from ENV["PUBLIC_KEY"], or uses the default if not available in ENV
47
240
  config :public_key, default: "XYZ123"
48
241
  ```
49
242
 
50
243
  ### Casting
51
244
 
52
- You can adjust the value from the environment and typecast it or perform
53
- additional validation by passing a block to `config`:
245
+ You can adjust the value from the environment and typecast it or perform additional validation by passing a block to `config`:
54
246
 
55
247
  ```ruby
56
- # Sets $configuration.admin to a boolean value of true or false based on truthiness of ENV key, app fails to boot if not present
57
- config(:admin) { |admin|
58
- admin ? true : false
248
+ config(:admin) { |admin|
249
+ admin ? true : false
59
250
  }
60
251
  ```
61
252
 
62
253
  ### Varying Names
63
254
 
64
- If you'd like to reference a configuration value with a different name, you can
65
- use the `from` key as an option to `config` and pass it the name to expect from
66
- the environment.
255
+ If you'd like to reference a configuration value with a different name, you can use the `:from` key as an option to `config` and pass it the name to expect from the environment.
67
256
 
68
257
  ```ruby
69
- # Sets $configuration.public_key from ENV["PUBLIC_KEY_WITH_ALT_NAME"]
70
258
  config :public_key, from: "PUBLIC_KEY_WITH_ALT_NAME"
71
259
  ```
72
260
 
73
261
  ## Rails.configuration
74
262
 
75
- To assign directly to Rails.configuration instead of CONFCONF, you can
76
- use `ConfConf.rails_configuration` method.
263
+ To assign directly to Rails.configuration instead of $configuration, you can use `ConfConf.rails_configuration` method.
77
264
 
78
265
  ```ruby
79
266
  # config/initializers/conf_conf.rb
80
- ConfConf.rails_configuration do
267
+ environment = ENV['RAILS_ENV'] # ConfConf values are merged, so this can still be part of the system's environment
268
+ ConfConf.rails_configuration(environment) do
81
269
  # Sets Rails.configuration.secret_key
82
270
  config :secret_key
83
271
  end
data/bin/conf_conf ADDED
@@ -0,0 +1,136 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ $LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib'
4
+
5
+ require 'rubygems'
6
+ require 'thor'
7
+ require 'highline/import'
8
+ require 'fileutils'
9
+ require 'conf_conf'
10
+
11
+ ##
12
+ # Domain Language:
13
+ # Instance A running version of the Project with its own Environment
14
+ # Environment A set of Environment Variables
15
+ # Environment Name The name of an Environment (production/development/staging,etc)
16
+ # Environment Variable A combination of a Config Key and a config Value
17
+ # Variable Name The name of an Environment Variable
18
+ # Variable Value The value of an Environment Variable
19
+ # Project An application that can can run under multiple Environments
20
+ #
21
+ # State Files:
22
+ # User Key Keypair for the current system user
23
+ # User Key File ~/.conf_conf.json
24
+ #
25
+ # {
26
+ # public_key: '',
27
+ # private_key: ''
28
+ # }
29
+ #
30
+ # Config Directory ./config/conf_conf
31
+ #
32
+ # Developer Keys ./config/conf_conf/developers.json
33
+ # [<public_key1>, <public_key2>, <public_key3>]
34
+ #
35
+ # Environment Config File ./config/conf_conf/environments/#{environment}.json
36
+ # {
37
+ # author_public_key: { author_pretty_public_key },
38
+ #
39
+ # encrypted_environment_secret_key: {
40
+ # public_key1: encrypted(environment_secret_key),
41
+ # public_key2: encrypted(environment_secret_key),
42
+ # public_key3: encrypted(environment_secret_key)
43
+ # },
44
+ #
45
+ # schema: {
46
+ # 'RAILS_ENV': { access: [<public_key1>,<public_key2>,<public_key3>,<public_key5>] },
47
+ # 'SUPER_SECRET': { access: [<public_key1>,<public_key2>,<public_key3>] }
48
+ # },
49
+ #
50
+ # encrypted_environment: encrypted(environment, with: environment_secret_key)
51
+ # }
52
+ #
53
+ # ConfConf::Developer
54
+ # #public_key
55
+ # #secret_key
56
+ # #pretty_public_key
57
+ # .current
58
+ #
59
+ # ConfConf::Project
60
+ # - developers => [ConfConf::developer,...]
61
+ # - environments => ConfConf::Project::environments
62
+ #
63
+ # ConfConf::Project::Developers
64
+ # - new(project) => ConfConf::Project::developers
65
+ # - add(developer) => ConfConf::Project::developer
66
+ # - remove(developer) => ConfConf::Project::developer
67
+ #
68
+ # ConfConf::Project::Environments
69
+ # - length
70
+ # - [](name)
71
+ #
72
+ # ConfConf::Project::Environment
73
+ # - new(project, name, variables)
74
+ # - set(variable_name, variable_value)
75
+ # - get(variable_name)
76
+ # - remove(variable_name)
77
+ # - variables => Hash
78
+ # - save
79
+ #
80
+ # System:
81
+ #
82
+ # Securely stores Environment Variables for each Environment, encrypted with multi-user
83
+ # access.
84
+ #
85
+ # Each Developer is a User on their development system. This User has a public key and
86
+ # a private key.
87
+ #
88
+ # When an environment is changed:
89
+ # 1) Choose a random Secret Key, K
90
+ # 2) Encrypt the key for all Developers with access to the Project.
91
+ # 3) Store a map of Developer Keys to the Encrypted Secret Key in the Secret Key File
92
+ # 4) Encrypt the changed environment, store or replace it in the Environments File
93
+ #
94
+ # When an environment is loaded:
95
+ # 1) Find the Encrypted Key from the Secret Key File with User Public Key
96
+ # 2) Decrypt the Encrypted Secret Key to get the Secret Key
97
+ # 3) Decrypt the environment file with the Secret Key
98
+ #
99
+ # Features:
100
+ # 1) Initialize conf_conf for the Project
101
+ # $ conf_conf init
102
+ #
103
+ # 2) Configure Environments
104
+ # $ conf_conf env add production development staging
105
+ # $ conf_conf env remove production
106
+ #
107
+ # 3) Defining Config Values
108
+ # $ conf_conf set RAILS_ADMIN=true
109
+ # $ conf_conf set --env=production PRIVATE_KEY=xyz
110
+ # $ conf_conf set --env=development PRIVATE_KEY=xyz
111
+ # $ conf_conf remove --env=production RAILS_ADMIN
112
+ #
113
+ # 4) Checking Environment for consistency with all environments
114
+ # $ conf_conf check
115
+ # [ERROR]: RAILS_ADMIN not set in production.
116
+ # > Run `conf_conf set --env=production RAILS_ADMIN=X` to set it
117
+ # [WARN]: RAILS_SESSION_SECRET not changed since revoking XYZ's access
118
+
119
+ # 5) Developers
120
+ # Print current key
121
+ # $ conf_conf key
122
+ #
123
+ # Permit the key
124
+ # $ conf_conf permit <key>
125
+ #
126
+ # Revoke the key
127
+ # $ conf_conf revoke <key>
128
+ #
129
+ # 6) Loading Environments
130
+ # $ conf_conf dump development > .env
131
+ #
132
+ # conf_conf/capistrano provides utilities to check for configuration
133
+ # errors prior to deployment.
134
+
135
+ require 'conf_conf/cli'
136
+ ConfConf::CLI::Root.start(ARGV)