hekate 0.1.0.pre9 → 0.1.0.pre10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +3 -1
- data/README.md +23 -11
- data/bin/hekate +2 -2
- data/docs/delete.md +25 -0
- data/docs/delete_all.md +22 -0
- data/docs/export.md +25 -0
- data/docs/get.md +25 -0
- data/docs/import.md +25 -0
- data/docs/put.md +28 -0
- data/hekate.gemspec +3 -2
- data/lib/hekate/engine.rb +61 -33
- data/lib/hekate/railtie.rb +1 -1
- data/lib/hekate/version.rb +1 -1
- metadata +30 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5e421cf40f19f3a6b58e2de1433c8961f8b65070
|
4
|
+
data.tar.gz: 22512f20df4ab3c7c89ae15c3237cbf3599261b4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: da498c3707e99df15c5fecf3dca7151d323ee471454ff23412f5b7a119f69730033df9d8d8e237a6b0cc1dc5658d2cdee4fffdace5a40e7e2ca8b90604efd997
|
7
|
+
data.tar.gz: 2680c8a1e65ba867b3a462a82b1ee17f8851eb3b0da22ab9f1a57c7037b3d3cf601be7ed336ab1c933e7b9931f37a16eb20bb3dd91cdf134154fc7ad325834cf
|
data/Gemfile.lock
CHANGED
@@ -1,9 +1,10 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
hekate (0.1.0.
|
4
|
+
hekate (0.1.0.10)
|
5
5
|
aws-sdk (~> 2.9, >= 2.9.0)
|
6
6
|
commander (~> 4.4, >= 4.4.0)
|
7
|
+
dotenv
|
7
8
|
ec2-metadata (~> 0.2, >= 0.2.0)
|
8
9
|
rails (~> 4)
|
9
10
|
railties (~> 4.2, >= 4.2.0)
|
@@ -63,6 +64,7 @@ GEM
|
|
63
64
|
crack (0.4.3)
|
64
65
|
safe_yaml (~> 1.0.0)
|
65
66
|
diff-lcs (1.3)
|
67
|
+
dotenv (2.2.1)
|
66
68
|
ec2-metadata (0.2.2)
|
67
69
|
erubis (2.7.0)
|
68
70
|
globalid (0.4.0)
|
data/README.md
CHANGED
@@ -23,26 +23,31 @@ Add the following to application.rb
|
|
23
23
|
require "hekate"
|
24
24
|
Hekate::Engine.application = "yourapplicationname"
|
25
25
|
|
26
|
-
When included in a rails application Hekate will read
|
26
|
+
When included in a rails application Hekate will read application secrets directly from AWS SMS Parameter Store based on the RAILS_ENV, AWS_REGION environment variables and store them as ENV variables
|
27
27
|
|
28
|
-
SSM parameters are loaded in much the same fashion as with the dotenv gem. Root items are loaded first, then overloaded with more specific settings.
|
28
|
+
SSM parameters are loaded in much the same fashion as with the dotenv gem. Root items are loaded first, then overloaded with more specific settings.
|
29
29
|
|
30
|
-
|
30
|
+
For example, when the following keys exist in the parameter store
|
31
31
|
|
32
32
|
myapp.root.SOMEKEY = basevalue
|
33
|
-
myapp.staging.
|
33
|
+
myapp.staging.SOMEKEY = stagingvalue
|
34
34
|
|
35
|
-
The resulting
|
35
|
+
The resulting environment settings would be
|
36
36
|
|
37
37
|
ENV["SOMEKEY"] = stagingvalue
|
38
38
|
|
39
39
|
|
40
40
|
## Usage
|
41
|
-
|
41
|
+
### AWS Authentication
|
42
|
+
Hekate requires AWS authentication in order to read or set parameters and assumes credentials are provided via one of the available amazon authentication methods. Please see amazon documentation for more details
|
42
43
|
|
43
|
-
|
44
|
+
### AWS Security
|
45
|
+
Note: this gem takes no responsibility for the security of your stored secrets/parameters. You will need to configure IAM security policies to provide read/write access to the kms encryption keys and parameters as necessary.
|
44
46
|
|
45
|
-
|
47
|
+
Below are some sample amazon iam security policies to get you started. These could be made more secure by restricting to specific resources rather than specifying a wild card.
|
48
|
+
|
49
|
+
|
50
|
+
Hekate User - read only parameter access for developers or servers
|
46
51
|
```json
|
47
52
|
{
|
48
53
|
"Version": "2012-10-17",
|
@@ -67,7 +72,8 @@ It is recommended that you use 2 different roles in IAM similar to the following
|
|
67
72
|
]
|
68
73
|
}
|
69
74
|
```
|
70
|
-
|
75
|
+
|
76
|
+
Hekate Admin - read/write access for a parameter maintainer
|
71
77
|
```json
|
72
78
|
{
|
73
79
|
"Version": "2012-10-17",
|
@@ -93,14 +99,20 @@ It is recommended that you use 2 different roles in IAM similar to the following
|
|
93
99
|
]
|
94
100
|
}
|
95
101
|
```
|
96
|
-
### Commands
|
102
|
+
### Binary Commands
|
103
|
+
Hekate provides a command line interface for reading and writing secrets to the parameter store. Note that it will automatically create an amazon kms key with the following naming convention as needed `application.environment`
|
97
104
|
|
98
|
-
|
105
|
+
|
106
|
+
help - lists avalable commands. For help on a specific command issue `hekate command --help` or see documentation in the docs folder.
|
99
107
|
|
100
108
|
put - adds one item to the parameter store
|
101
109
|
|
110
|
+
get - reads one item from the parameter store
|
111
|
+
|
102
112
|
delete - deletes on item from the parameter store
|
103
113
|
|
114
|
+
delete_all - deletes all parameters for the given application and environment combination
|
115
|
+
|
104
116
|
import - imports a .env formatted secrets file
|
105
117
|
|
106
118
|
export - exports to a .env formatted secrets file
|
data/bin/hekate
CHANGED
@@ -81,7 +81,7 @@ command :delete do |c|
|
|
81
81
|
c.syntax = 'hekate delete --region us-west-2 --environment development --application mycoolapp --key somekey'
|
82
82
|
c.description = 'deletes an environment secret'
|
83
83
|
CommandProcessor.add_default_options c
|
84
|
-
c.option '--key STRING', String, 'The
|
84
|
+
c.option '--key STRING', String, 'The name of the secret to delete'
|
85
85
|
c.action do |_args, options|
|
86
86
|
CommandProcessor.add_default_values options
|
87
87
|
|
@@ -97,7 +97,7 @@ command :delete do |c|
|
|
97
97
|
end
|
98
98
|
end
|
99
99
|
|
100
|
-
command :
|
100
|
+
command :delete_all do |c|
|
101
101
|
c.syntax = 'hekate delete_all --region us-west-2 --environment development --application mycoolapp'
|
102
102
|
c.description = 'deletes all secrets for the give environment'
|
103
103
|
CommandProcessor.add_default_options c
|
data/docs/delete.md
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
NAME:
|
2
|
+
|
3
|
+
delete
|
4
|
+
|
5
|
+
SYNOPSIS:
|
6
|
+
|
7
|
+
hekate delete --region us-west-2 --environment development --application mycoolapp --key somekey
|
8
|
+
|
9
|
+
DESCRIPTION:
|
10
|
+
|
11
|
+
deletes an a parameter
|
12
|
+
|
13
|
+
OPTIONS:
|
14
|
+
|
15
|
+
--application STRING
|
16
|
+
The application name for which the imported secrets will be used
|
17
|
+
|
18
|
+
--environment STRING
|
19
|
+
The rails environment for which the imported secrets will be used. Defaults to development
|
20
|
+
|
21
|
+
--region STRING
|
22
|
+
The aws region to import into. Defaults to ENV["AWS_REGION"] || "us-east-1"
|
23
|
+
|
24
|
+
--key STRING
|
25
|
+
The name of the secret to delete
|
data/docs/delete_all.md
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
NAME:
|
2
|
+
|
3
|
+
delete
|
4
|
+
|
5
|
+
SYNOPSIS:
|
6
|
+
|
7
|
+
hekate delete_all --region us-west-2 --environment development --application mycoolapp
|
8
|
+
|
9
|
+
DESCRIPTION:
|
10
|
+
|
11
|
+
deletes all secrets for the give environment
|
12
|
+
|
13
|
+
OPTIONS:
|
14
|
+
|
15
|
+
--application STRING
|
16
|
+
The application name for which the imported secrets will be used
|
17
|
+
|
18
|
+
--environment STRING
|
19
|
+
The rails environment for which the imported secrets will be used. Defaults to development
|
20
|
+
|
21
|
+
--region STRING
|
22
|
+
The aws region to import into. Defaults to ENV["AWS_REGION"] || "us-east-1"
|
data/docs/export.md
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
NAME:
|
2
|
+
|
3
|
+
export
|
4
|
+
|
5
|
+
SYNOPSIS:
|
6
|
+
|
7
|
+
hekate export --region us-west-2 --environment development --application mycoolapp --file .env
|
8
|
+
|
9
|
+
DESCRIPTION:
|
10
|
+
|
11
|
+
exports Amazon SSM parameters to a .env formatted file
|
12
|
+
|
13
|
+
OPTIONS:
|
14
|
+
|
15
|
+
--application STRING
|
16
|
+
The application name for which the imported secrets will be used
|
17
|
+
|
18
|
+
--environment STRING
|
19
|
+
The rails environment for which the imported secrets will be used. Defaults to development
|
20
|
+
|
21
|
+
--region STRING
|
22
|
+
The aws region to import into. Defaults to ENV["AWS_REGION"] || "us-east-1"
|
23
|
+
|
24
|
+
--file STRING
|
25
|
+
The dotenv formatted file to export to
|
data/docs/get.md
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
NAME:
|
2
|
+
|
3
|
+
get
|
4
|
+
|
5
|
+
SYNOPSIS:
|
6
|
+
|
7
|
+
hekate get --region us-west-2 --environment development --application mycoolapp --key somekey
|
8
|
+
|
9
|
+
DESCRIPTION:
|
10
|
+
|
11
|
+
retrieves an unencrypted environment secret
|
12
|
+
|
13
|
+
OPTIONS:
|
14
|
+
|
15
|
+
--application STRING
|
16
|
+
The application name for which the imported secrets will be used
|
17
|
+
|
18
|
+
--environment STRING
|
19
|
+
The rails environment for which the imported secrets will be used. Defaults to development
|
20
|
+
|
21
|
+
--region STRING
|
22
|
+
The aws region to import into. Defaults to ENV["AWS_REGION"] || "us-east-1"
|
23
|
+
|
24
|
+
--key STRING
|
25
|
+
The environment name of the secret to delete
|
data/docs/import.md
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
NAME:
|
2
|
+
|
3
|
+
import
|
4
|
+
|
5
|
+
SYNOPSIS:
|
6
|
+
|
7
|
+
hekate import --region us-west-2 --environment development --application mycoolapp --file .env
|
8
|
+
|
9
|
+
DESCRIPTION:
|
10
|
+
|
11
|
+
imports a .env formatted file into Amazon SSM
|
12
|
+
|
13
|
+
OPTIONS:
|
14
|
+
|
15
|
+
--application STRING
|
16
|
+
The application name for which the imported secrets will be used
|
17
|
+
|
18
|
+
--environment STRING
|
19
|
+
The rails environment for which the imported secrets will be used. Defaults to development
|
20
|
+
|
21
|
+
--region STRING
|
22
|
+
The aws region to import into. Defaults to ENV["AWS_REGION"] || "us-east-1"
|
23
|
+
|
24
|
+
--file STRING
|
25
|
+
The dotenv formatted file to import
|
data/docs/put.md
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
NAME:
|
2
|
+
|
3
|
+
put
|
4
|
+
|
5
|
+
SYNOPSIS:
|
6
|
+
|
7
|
+
hekate put --region us-west-2 --environment development --application mycoolapp --key somekey --value somevalue
|
8
|
+
|
9
|
+
DESCRIPTION:
|
10
|
+
|
11
|
+
adds a new environment secret and value
|
12
|
+
|
13
|
+
OPTIONS:
|
14
|
+
|
15
|
+
--application STRING
|
16
|
+
The application name for which the imported secrets will be used
|
17
|
+
|
18
|
+
--environment STRING
|
19
|
+
The rails environment for which the imported secrets will be used. Defaults to development
|
20
|
+
|
21
|
+
--region STRING
|
22
|
+
The aws region to import into. Defaults to ENV["AWS_REGION"] || "us-east-1"
|
23
|
+
|
24
|
+
--key STRING
|
25
|
+
The environment name of the secret to store
|
26
|
+
|
27
|
+
--value STRING
|
28
|
+
The environment value of the secret to store
|
data/hekate.gemspec
CHANGED
@@ -26,10 +26,11 @@ Gem::Specification.new do |spec|
|
|
26
26
|
spec.add_runtime_dependency 'ec2-metadata', '~> 0.2', '>= 0.2.0'
|
27
27
|
spec.add_runtime_dependency 'railties', '~> 4.2', '>= 4.2.0'
|
28
28
|
spec.add_runtime_dependency 'rails', '~> 4'
|
29
|
+
spec.add_runtime_dependency 'dotenv', '~> 0'
|
29
30
|
|
30
31
|
spec.add_development_dependency 'bundler', '~> 1.15'
|
31
32
|
spec.add_development_dependency 'rake', '~> 10.0'
|
32
33
|
spec.add_development_dependency 'rspec', '~> 3.0'
|
33
|
-
spec.add_development_dependency 'webmock'
|
34
|
-
spec.add_development_dependency 'vcr'
|
34
|
+
spec.add_development_dependency 'webmock', '~>3.0.0'
|
35
|
+
spec.add_development_dependency 'vcr', '~>3.0.0'
|
35
36
|
end
|
data/lib/hekate/engine.rb
CHANGED
@@ -1,52 +1,81 @@
|
|
1
1
|
require 'aws-sdk'
|
2
|
-
require 'ec2_metadata'
|
3
2
|
require 'commander/user_interaction'
|
3
|
+
require 'dotenv'
|
4
|
+
require 'ec2_metadata'
|
5
|
+
require 'open-uri'
|
4
6
|
|
5
7
|
module Hekate
|
6
8
|
class Engine
|
7
9
|
class << self
|
8
10
|
attr_accessor :application
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
11
|
+
|
12
|
+
def get_region
|
13
|
+
if ec2?
|
14
|
+
Ec2Metadata[:placement]['availability-zone'][0...-1]
|
15
|
+
else
|
16
|
+
ENV['AWS_REGION'] || 'us-east-1'
|
17
|
+
end
|
16
18
|
end
|
17
|
-
end
|
18
19
|
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
20
|
+
def ec2?
|
21
|
+
Ec2Metadata[:instance_id]
|
22
|
+
true
|
23
|
+
rescue
|
24
|
+
false
|
25
|
+
end
|
26
|
+
|
27
|
+
def online?
|
28
|
+
require 'socket'
|
29
|
+
begin
|
30
|
+
socket = TCPSocket.new 'ssm.us-east-1.amazonaws.com', 443
|
31
|
+
socket.close
|
32
|
+
true
|
33
|
+
rescue SocketError
|
34
|
+
false
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
def dotenv_files
|
39
|
+
root = Rails::Engine.find_root_with_flag("config.ru", File.dirname($0))
|
40
|
+
[
|
41
|
+
root.join(".env.#{Rails.env}.local"),
|
42
|
+
(root.join('.env.local') unless Rails.env.test?),
|
43
|
+
root.join(".env.#{Rails.env}"),
|
44
|
+
root.join('.env')
|
45
|
+
].compact
|
46
|
+
end
|
24
47
|
end
|
25
|
-
|
48
|
+
|
26
49
|
def initialize(region, environment, application = nil)
|
27
|
-
@region = region
|
50
|
+
@region = region || Hekate::Engine.get_region
|
28
51
|
@environment = environment || Rails.env
|
29
52
|
Hekate::Engine.application = application
|
30
53
|
end
|
31
54
|
|
32
55
|
def load_environment
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
56
|
+
if Hekate::Engine.online?
|
57
|
+
['root', @environment].each do |env|
|
58
|
+
parameter_key = "#{Hekate::Engine.application}.#{env}."
|
59
|
+
|
60
|
+
parameters = get_app_env_parameters(env)
|
61
|
+
parameters = parameters.map(&:name)
|
62
|
+
|
63
|
+
parameters.each_slice(10) do |slice|
|
64
|
+
result = ssm.get_parameters(
|
65
|
+
names: slice,
|
66
|
+
with_decryption: true
|
67
|
+
).parameters
|
68
|
+
|
69
|
+
result.each do |parameter|
|
70
|
+
parameter_name = parameter.name.gsub(parameter_key, '')
|
71
|
+
ENV[parameter_name] = parameter.value
|
72
|
+
end
|
48
73
|
end
|
49
74
|
end
|
75
|
+
elsif Rails.env.development? || Rails.env.test?
|
76
|
+
Dotenv.load(*Hekate::Engine.dotenv_files)
|
77
|
+
else
|
78
|
+
Fail 'Could not find an internet connection or .env files'
|
50
79
|
end
|
51
80
|
end
|
52
81
|
|
@@ -183,6 +212,5 @@ module Hekate
|
|
183
212
|
|
184
213
|
parameters
|
185
214
|
end
|
186
|
-
|
187
|
-
end
|
215
|
+
end
|
188
216
|
end
|
data/lib/hekate/railtie.rb
CHANGED
data/lib/hekate/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hekate
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.0.
|
4
|
+
version: 0.1.0.pre10
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- jasonrisch
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-08-
|
11
|
+
date: 2017-08-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk
|
@@ -104,6 +104,20 @@ dependencies:
|
|
104
104
|
- - "~>"
|
105
105
|
- !ruby/object:Gem::Version
|
106
106
|
version: '4'
|
107
|
+
- !ruby/object:Gem::Dependency
|
108
|
+
name: dotenv
|
109
|
+
requirement: !ruby/object:Gem::Requirement
|
110
|
+
requirements:
|
111
|
+
- - "~>"
|
112
|
+
- !ruby/object:Gem::Version
|
113
|
+
version: '0'
|
114
|
+
type: :runtime
|
115
|
+
prerelease: false
|
116
|
+
version_requirements: !ruby/object:Gem::Requirement
|
117
|
+
requirements:
|
118
|
+
- - "~>"
|
119
|
+
- !ruby/object:Gem::Version
|
120
|
+
version: '0'
|
107
121
|
- !ruby/object:Gem::Dependency
|
108
122
|
name: bundler
|
109
123
|
requirement: !ruby/object:Gem::Requirement
|
@@ -150,30 +164,30 @@ dependencies:
|
|
150
164
|
name: webmock
|
151
165
|
requirement: !ruby/object:Gem::Requirement
|
152
166
|
requirements:
|
153
|
-
- - "
|
167
|
+
- - "~>"
|
154
168
|
- !ruby/object:Gem::Version
|
155
|
-
version:
|
169
|
+
version: 3.0.0
|
156
170
|
type: :development
|
157
171
|
prerelease: false
|
158
172
|
version_requirements: !ruby/object:Gem::Requirement
|
159
173
|
requirements:
|
160
|
-
- - "
|
174
|
+
- - "~>"
|
161
175
|
- !ruby/object:Gem::Version
|
162
|
-
version:
|
176
|
+
version: 3.0.0
|
163
177
|
- !ruby/object:Gem::Dependency
|
164
178
|
name: vcr
|
165
179
|
requirement: !ruby/object:Gem::Requirement
|
166
180
|
requirements:
|
167
|
-
- - "
|
181
|
+
- - "~>"
|
168
182
|
- !ruby/object:Gem::Version
|
169
|
-
version:
|
183
|
+
version: 3.0.0
|
170
184
|
type: :development
|
171
185
|
prerelease: false
|
172
186
|
version_requirements: !ruby/object:Gem::Requirement
|
173
187
|
requirements:
|
174
|
-
- - "
|
188
|
+
- - "~>"
|
175
189
|
- !ruby/object:Gem::Version
|
176
|
-
version:
|
190
|
+
version: 3.0.0
|
177
191
|
description:
|
178
192
|
email:
|
179
193
|
- krimsonkla@yahoo.com
|
@@ -194,6 +208,12 @@ files:
|
|
194
208
|
- bin/console
|
195
209
|
- bin/hekate
|
196
210
|
- bin/setup
|
211
|
+
- docs/delete.md
|
212
|
+
- docs/delete_all.md
|
213
|
+
- docs/export.md
|
214
|
+
- docs/get.md
|
215
|
+
- docs/import.md
|
216
|
+
- docs/put.md
|
197
217
|
- hekate.gemspec
|
198
218
|
- lib/hekate.rb
|
199
219
|
- lib/hekate/engine.rb
|