heroku-config 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +11 -11
- data/lib/heroku_config/aws_key.rb +5 -0
- data/lib/heroku_config/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9f2111e59e572f3463941128576134d04698f17a13fd133c1213a420b8aa59dd
|
|
4
|
+
data.tar.gz: 77deca42ebf969b897016d61895c61c9c401a0d1833e5f0a2bbbb2a65a021e51
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 077a3d0563fb87a77786a1e714a0c1674f6efbcf0deb97df964d02cb32018ceb9d77dcb9b6234a95db9ac2f5e9c8e61f5698e8542ad0746d7025325740e8db71
|
|
7
|
+
data.tar.gz: b2f1d704ee3de001475569491e09368c41ba22258d64d15b88e0e1a4ff92f44f8553d1007d6f1b1472e816963837320bf40f3b5e357fb280b3f0568c193f3648
|
data/CHANGELOG.md
CHANGED
|
@@ -3,5 +3,8 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
|
5
5
|
|
|
6
|
+
## [0.2.0]
|
|
7
|
+
- check if new key is useable before completing rotation
|
|
8
|
+
|
|
6
9
|
## [0.1.0]
|
|
7
10
|
- Initial release.
|
data/README.md
CHANGED
|
@@ -1,8 +1,12 @@
|
|
|
1
|
-
#
|
|
1
|
+
# heroku-config
|
|
2
2
|
|
|
3
3
|
[](http://badge.fury.io/rb/heroku-config)
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
Quickly rotate [AWS credential keys](https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html) and [heroku configs](https://devcenter.heroku.com/articles/config-vars).
|
|
6
|
+
|
|
7
|
+
Do you have long-term AWS credentials like `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` deployed to your Heroku applications? When was the last time they were rotated?
|
|
8
|
+
|
|
9
|
+
Rotating AWS keys is one of the simplest security measures to take. Usually though, we're too busy with developing features and rotating keys take a back seat. This tool automates the boring and manual process of rotating keys. Run this on your CodeBuild, jenkins server, a lambda function, or just manually when you have to.
|
|
6
10
|
|
|
7
11
|
## Usage
|
|
8
12
|
|
|
@@ -20,22 +24,18 @@ Easily rotate AWS keys and heroku configs.
|
|
|
20
24
|
|
|
21
25
|
AWS_ACCESS_KEY_ID: AKIAXZ6ODJLQQEXAMPLE
|
|
22
26
|
AWS_SECRET_ACCESS_KEY: sp4gmsuif0XgYG2cPiZbkvl93kTGaeDDhEXAMPLE
|
|
23
|
-
Old access key deleted:
|
|
27
|
+
Old access key deleted: AKIAXZ6ODJLQSGEXAMPLE
|
|
24
28
|
$
|
|
25
29
|
|
|
26
30
|
## Installation
|
|
27
31
|
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
gem "heroku-config"
|
|
32
|
+
Or install with RubyGems.
|
|
31
33
|
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
bundle
|
|
34
|
+
gem install heroku-config
|
|
35
35
|
|
|
36
|
-
|
|
36
|
+
Prerequisite:
|
|
37
37
|
|
|
38
|
-
|
|
38
|
+
[The heroku CLI](https://devcenter.heroku.com/articles/heroku-cli) must be installed. This tool calls out to it.
|
|
39
39
|
|
|
40
40
|
## Contributing
|
|
41
41
|
|
|
@@ -36,7 +36,12 @@ module HerokuConfig
|
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
def wait_until_usable(key, secret)
|
|
39
|
+
puts "Checking if new AWS key is usable yet."
|
|
39
40
|
delay, retries = 5, 0
|
|
41
|
+
sts = Aws::STS::Client.new(
|
|
42
|
+
access_key_id: key,
|
|
43
|
+
secret_access_key: secret,
|
|
44
|
+
)
|
|
40
45
|
begin
|
|
41
46
|
sts.get_caller_identity
|
|
42
47
|
true
|