credman 0.0.5 → 0.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f25d3191780d08906d8892c1f95ad775b11bebef09037be0bb93118bf3d86886
-  data.tar.gz: b07393ac4330ee9aaa4bc9b022ab9a64f7330cbea16f130b8a00886fa76dcdcd
+  metadata.gz: 7091148f095fc916aa4cf688580c55738c3e5729a151b0cd13641f56f6555800
+  data.tar.gz: f491e43c418467b63854fe11a796e0bd53a23d32e2bfee1451584a27045b63d7
 SHA512:
-  metadata.gz: 32b50f324c60ae1257b2838cc596d30d5c6681351885cb0f0b9f98f7ee6d6d8ee6df053ee6b0d593574567cca3008b3878e4c2e99b20ff83c2af6d04979f6644
-  data.tar.gz: 24389f20374400c35c28813bd463f41f51af0f807cda971aa8e1c9d29f39542956596cd2bc69abedd7feb912db2f189a9531279cefa2b75dd9fc9b969153d445
+  metadata.gz: 5847672f5ff43eccece5a745b247348384feaf4df52d15e84d6a4b37bd50eac8793272abe2231ffe93542be4fde2c6c4db8e23d6851459c4cea63a59230d95ea
+  data.tar.gz: 835d72fe2686d7aa562c28bbe956d1d867833d0bfb1d1df52b7fa6127a22b3186e48dd756d8bc606a91a99da28994607d7e39a8e418e4868653e0549c3f85f34

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+## [0.0.6] - 2022-09-19
+
+- Cover all commands by specs (PR #11)
+- Small refactoring with extracting common methods into Credman::Base class (PR #11)
+- default `default_diff_branch` changed to `origin/main` (PR #11)
+- `version` command added (PR #13)
+
 ## [0.0.5] - 2022-09-06
 
 - Introduce config with `default_diff_branch` and `available_environments` options (PR #9)

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    credman (0.0.5)
+    credman (0.0.6)
       activesupport (>= 6.0)
       dry-cli (~> 0.7)
       hash_diff (~> 1.0)
@@ -11,7 +11,7 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (7.0.3.1)
+    activesupport (7.0.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)

data/README.md

@@ -1,6 +1,20 @@
+[![Gem Version](https://badge.fury.io/rb/credman.svg)](https://badge.fury.io/rb/credman)
+
 # Credman
 
-Handy console command for developers to manage Rails credentials.
+Handy console tool for developers to manage Rails credentials.
+
+## Motivation
+
+Rails credentials is a nice tool to store encrypted credentials directly in your repo. Starting with Rails 6.0 it brings multi environment credentials feature that allows us to split credentials into separate files.
+
+But it also brought a lot of pain for developers:
+- Each enviroment credentials file must have a complete list of all keys. It's easy to forget to add a key into one of the environments (see [set](#credman-set) and [delete](#credman-delete) command)
+- You have to manually open each environment file. It's ok for one file but not for 3 or more. It also brings mistakes you might miss until deploy to production. (see [set](#credman-set) and [delete](#credman-delete) command)
+- Merge conflicts become a hell since files are encrypted (see [conflicts](#credman-conflicts) command)
+- You can't easily see what keys were added/changed/deleted in the current branch (see [diff](#credman-diff) command)
+
+This gem is designed to solve all these problems and make life easier for developers who use multi environment credentials.
 
 ## Installation
 
@@ -25,12 +39,51 @@ or
 bundle exec credman usage
 ```
 
+<details>
+  <summary>Output</summary>
+
+```
+Commands:
+  credman conflicts                # Help to resolve merge conflicts for credentials
+  credman delete KEYS              # Delete keys for given environments
+  credman diff [BRANCH]            # Show credentials diff between given branch (heroku by default) and current changes
+  credman get KEYS                 # Find keys in credentials files for each environment
+  credman list                     # List of all keys for each environment
+  credman set KEY VALUE            # Set a value to the key provided for given environments
+```
+
+</details>
+
 Details of any command:
 
 ```
 bundle exec credman set -h
 ```
 
+<details>
+  <summary>Output</summary>
+
+```
+Command:
+  credman set
+
+Usage:
+  credman set KEY VALUE
+
+Description:
+  Set a value to the key provided for given environments
+
+Arguments:
+  KEY                               # REQUIRED
+  VALUE                             # REQUIRED
+
+Options:
+  --environments=VALUE1,VALUE2,.., -e VALUE  # filter for environments, default: []
+  --help, -h
+```
+
+</details>
+
 ### credman list
 List all your keys for all environments.
 
@@ -38,48 +91,138 @@ List all your keys for all environments.
 bundle exec credman list
 ```
 
+<details>
+  <summary>Output</summary>
+
+```
+development:
+	aws.api_key:	123
+	...
+test:
+	aws.api_key:	nil
+	...
+production:
+	aws.api_key:	nil
+	...
+```
+</details>
+
 ### credman get
 Getting a particular key's values.
 
 ```
-bundle exec credman get google.maps.api_key github.private_key
+bundle exec credman get google.recaptcha.secret circle_ci.token
 ```
 
+<details>
+  <summary>Output</summary>
+
+```
+development:
+	google.recaptcha.secret:	nil
+	circle_ci.token:	<secret>
+test:
+	google.recaptcha.secret:	nil
+	circle_ci.token:	nil
+production:
+	google.recaptcha.secret:	<secret>
+	circle_ci.token:	<secret>
+```
+</details>
+
 ### credman set
 
 Add/change a value for a particular key. `-e` attribute is mandatory for this command.
 
 
 ```
-bundle exec credman set new_service.super_key new_secret_value -e development,test,staging,production
+bundle exec credman set new_service.super_key new_secret_value -e development,test,production
 ```
 
+<details>
+  <summary>Output</summary>
+
+```
+development:
+	new_service.super_key:	ADDED: new_secret_value
+test:
+	new_service.super_key:	ADDED: new_secret_value
+production:
+	new_service.super_key:	ADDED: new_secret_value
+```
+</details>
+
 ### credman delete
 
 Delete for keys. `-e` attribute is mandatory for this command.
 
 ```
-bundle exec credman delete new_service.super_key new_service.another_key -e development,test,staging,production
+bundle exec credman delete new_service.super_key new_service.another_key -e development,test,production
+```
+
+<details>
+  <summary>Output</summary>
+
+```
+development:
+	new_service.super_key:	✅ deleted
+	new_service.another_key:	❌ key not found, can't delete
+test:
+	new_service.super_key:	✅ deleted
+	new_service.another_key:	❌ key not found, can't delete
+production:
+	new_service.super_key:	✅ deleted
+	new_service.another_key:	❌ key not found, can't delete
 ```
+</details>
 
 ### credman diff
 
-Shows all keys changed compared with `heroku` branch by default. You can specify any branch from origin you want to. For example `bin/earl diff my_branch`
+Shows all keys changed compared with `main` branch by default.
+You can set the default branch by adding `config/credman.yml` file with `default_diff_branch: your_branch`
+You can specify any branch from origin you want to. For example `credman diff my_branch`
+
+```
+bundle exec credman diff
+```
+
+<details>
+  <summary>Output</summary>
 
 ```
-> bundle exec credman diff
 development:
 	new_service.super_key:	 ADDED: "new_secret_value"
 test:
 	new_service.super_key:	 ADDED: "new_secret_value"
-staging:
-	new_service.super_key:	 ADDED: "new_secret_value"
 production:
 	new_service.super_key:	 ADDED: "new_secret_value"
 ```
+</details>
 
 ### credman conflicts
-Run it if you have merge conflicts in `configs/credentials/*.yml.enc`. That interactive tool will help you resolve the conflict.
+
+Run it if you have merge conflicts in `configs/credentials/*.yml.enc`.
+That interactive tool will help you resolve the conflict.
+In most of cases it will just automagically resolve the conflicts.
+In case of a key was changed in both branches it will ask you to choose the correct value.
+
+```
+bundle exec credman conflicts
+```
+
+<details>
+  <summary>Output</summary>
+
+```
+development:
+        ❗️ The key another_key changed in both branches, their: "another_value", our: "conflicting_value"
+Which one should we use? Please type `their` or `our` to apply particular change or enter to abort.
+> their
+✅ another_key set as "another_value"
+✅ Merged config for rspec has been saved
+          resolves conflict with user input
+```
+</details>
 
 ## Development
 

data/config/credman.yml

@@ -1,4 +1,4 @@
-default_diff_branch: main
+default_diff_branch: origin/main
 available_environments:
   - development
   - test

data/lib/credman/base.rb

@@ -35,15 +35,35 @@ module Credman
       config.dig(*dig_keys)&.key?(keys_path.last)
     end
 
+    def rewrite_config_for(environment, new_config)
+      # removes "---\n" in the very beginning
+      config_as_string = new_config.deep_stringify_keys.to_yaml[4..]
+
+      encrypted_configuration(environment).write(config_as_string)
+    end
+
+    def key_for(environment)
+      ENV["RAILS_MASTER_KEY"] || Pathname.new("config/credentials/#{environment}.key").binread.strip
+    end
+
+    def decript(key, content)
+      ActiveSupport::MessageEncryptor.new([key].pack("H*"), cipher: "aes-128-gcm")
+        .decrypt_and_verify(content)
+    end
+
     private
 
     def config_for(environment)
+      encrypted_configuration(environment).config
+    end
+
+    def encrypted_configuration(environment)
       ActiveSupport::EncryptedConfiguration.new(
         config_path: "config/credentials/#{environment}.yml.enc",
         key_path: "config/credentials/#{environment}.key",
         env_key: "RAILS_MASTER_KEY",
         raise_if_missing_key: true
-      ).config
+      )
     end
   end
 end

data/lib/credman/commands.rb

@@ -93,6 +93,14 @@ module Credman
           Credman::Conflicts.new(environments).perform
         end
       end
+
+      class Version < Dry::CLI::Command
+        desc "Print current version"
+
+        def call(*)
+          puts Credman::VERSION
+        end
+      end
     end
   end
 end

data/lib/credman/configuration.rb

@@ -36,7 +36,7 @@ module Credman
       end
     end
 
-    add_setting :default_diff_branch, "main"
+    add_setting :default_diff_branch, "origin/main"
     add_setting :available_environments, %w[development test production]
   end
 end

data/lib/credman/conflicts.rb

@@ -20,9 +20,7 @@ module Credman
         @merged_config = our_config.deep_merge(their_config)
         deep_print_diff(HashDiff.diff(their_config, our_config))
 
-        # removes "---\n" in the very beginning
-        merged_config_as_string = @merged_config.deep_stringify_keys.to_yaml[4..]
-        rewrite_config_for(env, merged_config_as_string)
+        rewrite_config_for(env, @merged_config)
         puts "✅ Merged config for #{env} has been saved"
       end
     end
@@ -33,15 +31,6 @@ module Credman
       deserialize(decript(key_for(environment), encripted_file_content)).deep_symbolize_keys
     end
 
-    def key_for(environment)
-      Pathname.new("config/credentials/#{environment}.key").binread.strip
-    end
-
-    def decript(key, content)
-      ActiveSupport::MessageEncryptor.new([key].pack("H*"), cipher: "aes-128-gcm")
-        .decrypt_and_verify(content)
-    end
-
     def deserialize(raw_config)
       YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(raw_config) : YAML.safe_load(raw_config)
     end
@@ -105,14 +94,5 @@ module Credman
         deep_set!(obj[key], keys.slice(1..-1), value)
       end
     end
-
-    def rewrite_config_for(environment, new_config)
-      ActiveSupport::EncryptedFile.new(
-        content_path: "config/credentials/#{environment}.yml.enc",
-        key_path: "config/credentials/#{environment}.key",
-        env_key: "RAILS_MASTER_KEY",
-        raise_if_missing_key: true
-      ).write(new_config)
-    end
   end
 end

data/lib/credman/delete.rb

@@ -20,23 +20,10 @@ module Credman
           end
         end
 
-        if is_updated
-          # removes "---\n" in the very beginning
-          config_as_string = updated_config.deep_stringify_keys.to_yaml[4..]
-          rewrite_config_for(env, config_as_string)
-        end
+        rewrite_config_for(env, updated_config) if is_updated
       end
     end
 
-    def rewrite_config_for(environment, new_config)
-      ActiveSupport::EncryptedConfiguration.new(
-        config_path: "config/credentials/#{environment}.yml.enc",
-        key_path: "config/credentials/#{environment}.key",
-        env_key: "RAILS_MASTER_KEY",
-        raise_if_missing_key: true
-      ).write(new_config)
-    end
-
     def deep_delete!(obj, keys)
       key = keys.first
       if keys.length == 1

data/lib/credman/diff.rb

@@ -8,11 +8,11 @@ module Credman
       configs.each do |env, config|
         puts pastel.green("#{env}:")
 
-        result = cmd.run!("echo `git show origin/#{branch_to_compare}:config/credentials/#{env}.yml.enc`")
+        result = cmd.run!("echo `git show #{branch_to_compare}:config/credentials/#{env}.yml.enc`")
         encripted_file_content = result.out.strip
 
         if encripted_file_content.blank?
-          puts "❗️ Can not find #{env} credentials file in origin/#{branch_to_compare} branch"
+          puts "❗️ Can not find #{env} credentials file in #{branch_to_compare} branch"
           next
         end
         branch_config = config_to_compare_for(env, encripted_file_content)
@@ -27,15 +27,6 @@ module Credman
       deserialize(decript(key_for(environment), encripted_file_content)).deep_symbolize_keys
     end
 
-    def key_for(environment)
-      Pathname.new("config/credentials/#{environment}.key").binread.strip
-    end
-
-    def decript(key, content)
-      ActiveSupport::MessageEncryptor.new([key].pack("H*"), cipher: "aes-128-gcm")
-        .decrypt_and_verify(content)
-    end
-
     def deserialize(raw_config)
       YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(raw_config) : YAML.safe_load(raw_config)
     end

data/lib/credman/set.rb

@@ -3,6 +3,7 @@ module Credman
     def perform(key, new_value)
       key_with_path = key.split(".").map(&:to_sym)
       new_value = normalize_new_value(new_value)
+      abort pastel.red("Invalid key") if key.blank?
 
       configs.each do |env, config|
         puts pastel.green("#{env}:")
@@ -25,22 +26,11 @@ module Credman
         if update_config
           updated_config = config.dup
           deep_set!(updated_config, key_with_path, new_value)
-          # removes "---\n" in the very beginning
-          config_as_string = updated_config.deep_stringify_keys.to_yaml[4..]
-          rewrite_config_for(env, config_as_string)
+          rewrite_config_for(env, updated_config)
         end
       end
     end
 
-    def rewrite_config_for(environment, new_config)
-      ActiveSupport::EncryptedConfiguration.new(
-        config_path: "config/credentials/#{environment}.yml.enc",
-        key_path: "config/credentials/#{environment}.key",
-        env_key: "RAILS_MASTER_KEY",
-        raise_if_missing_key: true
-      ).write(new_config)
-    end
-
     def deep_set!(obj, keys, value)
       key = keys.first
       if keys.length == 1

data/lib/credman/version.rb

@@ -1,3 +1,3 @@
 module Credman
-  VERSION = "0.0.5".freeze
+  VERSION = "0.0.6".freeze
 end

data/lib/credman.rb

@@ -35,6 +35,7 @@ module Credman
       register "delete", Delete
       register "diff", Diff
       register "conflicts", Conflicts
+      register "version", Version, aliases: ["v", "-v", "--version"]
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: credman
 version: !ruby/object:Gem::Version
-  version: 0.0.5
+  version: 0.0.6
 platform: ruby
 authors:
 - Sergey Andronov
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-09-09 00:00:00.000000000 Z
+date: 2022-09-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -157,6 +157,7 @@ files:
 - bin/credman
 - bin/rspec
 - bin/setup
+- config/credentials/.gitkeep
 - config/credman.yml
 - credman.gemspec
 - gemfiles/.bundle/config