hekate 0.1.0.pre6 → 0.1.0.pre7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +65 -7
- data/lib/hekate/engine.rb +8 -2
- data/lib/hekate/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 20df888c0a62cc6f59feb453035229be2abea3aa
|
4
|
+
data.tar.gz: 9955e6f9662c80458c789c35cc324956621400fd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 95dab678895dbcb99efeacee42ccaab1ea0d66883ab2d9579f8b44e3450dc7d71c16bcc0abaf099686d95584e251243afe43fff3ff9c2d5da43e70849d30eaac
|
7
|
+
data.tar.gz: 2095bc4ae40024a1c04dd2c2180c9333685833c818cb5f365d5df35d30b065e006d9518cd22699152d97b0c09ba064d811a64cd73f093380e289b2da5176bff9
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -1,8 +1,6 @@
|
|
1
1
|
# Hekate
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
TODO: Delete this and the text above, and describe your gem
|
3
|
+
Hekate is a gem for encrypting, storing and consuming rails application secrets as Amazon SSM parameters
|
6
4
|
|
7
5
|
## Installation
|
8
6
|
|
@@ -20,15 +18,75 @@ Or install it yourself as:
|
|
20
18
|
|
21
19
|
$ gem install hekate
|
22
20
|
|
21
|
+
When included in a rails application Hekate will read credentials directly from AWS SMS Parameter store based on the RAILS_ENV, HEKATE_APPLICATION and AWS_REGION environment variables and store them as local ENV variables available to the rails applicaiton.
|
22
|
+
|
23
23
|
## Usage
|
24
|
+
Hekate requires AWS authentication and assumes credentials are provided to the executing system via one of the available amazon authentication methods. It does not ever accept credentials via command line.
|
25
|
+
|
26
|
+
It is recommended that you use 2 different roles in IAM similar to the following.
|
27
|
+
|
28
|
+
#### Hekate User - read only parameter access
|
29
|
+
```json
|
30
|
+
{
|
31
|
+
"Version": "2012-10-17",
|
32
|
+
"Statement": [
|
33
|
+
{
|
34
|
+
"Sid": "Stmt1497208350000",
|
35
|
+
"Effect": "Allow",
|
36
|
+
"Action": [
|
37
|
+
"ssm:DescribeParameters",
|
38
|
+
"ssm:GetParameters"
|
39
|
+
],
|
40
|
+
"Resource": [
|
41
|
+
"*"
|
42
|
+
]
|
43
|
+
},
|
44
|
+
{
|
45
|
+
"Sid": "Stmt1497208350001",
|
46
|
+
"Effect": "Allow",
|
47
|
+
"Action": "kms:Decrypt",
|
48
|
+
"Resource": "*"
|
49
|
+
}
|
50
|
+
]
|
51
|
+
}
|
52
|
+
```
|
53
|
+
#### Hekate Admin
|
54
|
+
```json
|
55
|
+
{
|
56
|
+
"Version": "2012-10-17",
|
57
|
+
"Statement": [
|
58
|
+
{
|
59
|
+
"Sid": "Stmt1497208350000",
|
60
|
+
"Effect": "Allow",
|
61
|
+
"Action": [
|
62
|
+
"ssm:DescribeParameters",
|
63
|
+
"ssm:GetParameters",
|
64
|
+
"ssm:PutParameter"
|
65
|
+
],
|
66
|
+
"Resource": [
|
67
|
+
"*"
|
68
|
+
]
|
69
|
+
},
|
70
|
+
{
|
71
|
+
"Sid": "Stmt1497208350001",
|
72
|
+
"Effect": "Allow",
|
73
|
+
"Action": "kms:*",
|
74
|
+
"Resource": "*"
|
75
|
+
}
|
76
|
+
]
|
77
|
+
}
|
78
|
+
```
|
79
|
+
### Commands
|
80
|
+
|
81
|
+
help - lists avalable commands. For help on a specific command issue `hekate command --help`
|
24
82
|
|
25
|
-
|
83
|
+
put - adds one item to the parameter store
|
26
84
|
|
27
|
-
|
85
|
+
delete - deletes on item from the parameter store
|
28
86
|
|
29
|
-
|
87
|
+
import - imports a .env formatted secrets file
|
30
88
|
|
31
|
-
|
89
|
+
export - exports to a .env formatted secrets file
|
32
90
|
|
33
91
|
## Contributing
|
34
92
|
|
data/lib/hekate/engine.rb
CHANGED
@@ -67,10 +67,16 @@ module Hekate
|
|
67
67
|
|
68
68
|
def get_parameter(key)
|
69
69
|
parameter_key = "#{@application}.#{@environment}.#{key}"
|
70
|
-
ssm.get_parameters(
|
70
|
+
parameters = ssm.get_parameters(
|
71
71
|
names: [parameter_key],
|
72
72
|
with_decryption: true
|
73
|
-
).parameters
|
73
|
+
).parameters
|
74
|
+
|
75
|
+
if parameters.to_a.empty?
|
76
|
+
puts "Could not find parameter #{parameter_key}"
|
77
|
+
else
|
78
|
+
puts parameters.first["value"]
|
79
|
+
end
|
74
80
|
end
|
75
81
|
|
76
82
|
def delete_parameter(key)
|
data/lib/hekate/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hekate
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.0.
|
4
|
+
version: 0.1.0.pre7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- jasonrisch
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-07-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk
|
@@ -191,7 +191,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
191
191
|
version: 1.3.1
|
192
192
|
requirements: []
|
193
193
|
rubyforge_project:
|
194
|
-
rubygems_version: 2.
|
194
|
+
rubygems_version: 2.5.1
|
195
195
|
signing_key:
|
196
196
|
specification_version: 4
|
197
197
|
summary: A simple rails interface for hiding secrets in AWS EC2 Parameters
|