heroku-config 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +11 -11
- data/lib/heroku_config/aws_key.rb +5 -0
- data/lib/heroku_config/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9f2111e59e572f3463941128576134d04698f17a13fd133c1213a420b8aa59dd
|
|
4
|
+
data.tar.gz: 77deca42ebf969b897016d61895c61c9c401a0d1833e5f0a2bbbb2a65a021e51
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 077a3d0563fb87a77786a1e714a0c1674f6efbcf0deb97df964d02cb32018ceb9d77dcb9b6234a95db9ac2f5e9c8e61f5698e8542ad0746d7025325740e8db71
|
|
7
|
+
data.tar.gz: b2f1d704ee3de001475569491e09368c41ba22258d64d15b88e0e1a4ff92f44f8553d1007d6f1b1472e816963837320bf40f3b5e357fb280b3f0568c193f3648
|
data/CHANGELOG.md
CHANGED
|
@@ -3,5 +3,8 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
|
5
5
|
|
|
6
|
+
## [0.2.0]
|
|
7
|
+
- check if new key is useable before completing rotation
|
|
8
|
+
|
|
6
9
|
## [0.1.0]
|
|
7
10
|
- Initial release.
|
data/README.md
CHANGED
|
@@ -1,8 +1,12 @@
|
|
|
1
|
-
#
|
|
1
|
+
# heroku-config
|
|
2
2
|
|
|
3
3
|
[](http://badge.fury.io/rb/heroku-config)
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
Quickly rotate [AWS credential keys](https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html) and [heroku configs](https://devcenter.heroku.com/articles/config-vars).
|
|
6
|
+
|
|
7
|
+
Do you have long-term AWS credentials like `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` deployed to your Heroku applications? When was the last time they were rotated?
|
|
8
|
+
|
|
9
|
+
Rotating AWS keys is one of the simplest security measures to take. Usually though, we're too busy with developing features and rotating keys take a back seat. This tool automates the boring and manual process of rotating keys. Run this on your CodeBuild, jenkins server, a lambda function, or just manually when you have to.
|
|
6
10
|
|
|
7
11
|
## Usage
|
|
8
12
|
|
|
@@ -20,22 +24,18 @@ Easily rotate AWS keys and heroku configs.
|
|
|
20
24
|
|
|
21
25
|
AWS_ACCESS_KEY_ID: AKIAXZ6ODJLQQEXAMPLE
|
|
22
26
|
AWS_SECRET_ACCESS_KEY: sp4gmsuif0XgYG2cPiZbkvl93kTGaeDDhEXAMPLE
|
|
23
|
-
Old access key deleted:
|
|
27
|
+
Old access key deleted: AKIAXZ6ODJLQSGEXAMPLE
|
|
24
28
|
$
|
|
25
29
|
|
|
26
30
|
## Installation
|
|
27
31
|
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
gem "heroku-config"
|
|
32
|
+
Or install with RubyGems.
|
|
31
33
|
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
bundle
|
|
34
|
+
gem install heroku-config
|
|
35
35
|
|
|
36
|
-
|
|
36
|
+
Prerequisite:
|
|
37
37
|
|
|
38
|
-
|
|
38
|
+
[The heroku CLI](https://devcenter.heroku.com/articles/heroku-cli) must be installed. This tool calls out to it.
|
|
39
39
|
|
|
40
40
|
## Contributing
|
|
41
41
|
|
|
@@ -36,7 +36,12 @@ module HerokuConfig
|
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
def wait_until_usable(key, secret)
|
|
39
|
+
puts "Checking if new AWS key is usable yet."
|
|
39
40
|
delay, retries = 5, 0
|
|
41
|
+
sts = Aws::STS::Client.new(
|
|
42
|
+
access_key_id: key,
|
|
43
|
+
secret_access_key: secret,
|
|
44
|
+
)
|
|
40
45
|
begin
|
|
41
46
|
sts.get_caller_identity
|
|
42
47
|
true
|