kichi 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 39626d63d4bfa5a2dc6bf730be34c7c2f6649f24
+  data.tar.gz: db73efece42506cde24e7751b8496ac3d6cba0d7
+SHA512:
+  metadata.gz: ee71404a51c8625fc09f23db1fe61d82e4dc7c43dd0990a6ba11197f638c85213dc80cfa7d624f56336b3e248fb32eb8d9f8c657ab14e9fa4b596a2053a5a76d
+  data.tar.gz: 0fe0698693d9729d2659e59e7013f709314805019f2d8af61104788e12c45a3e8df33a0bf48f0e197d7ad16ad73c27a6c470209ca61bf5f2090ae8bc680be005

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.2.5
+before_install: gem install bundler -v 1.12.5

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in kichi.gemspec
+gemspec

data/README.md

@@ -0,0 +1,106 @@
+# Kichi
+
+Kichi is a simple commandline tool to manage application secrets for your applications using AWS.
+
+Often you have shell scripts like:
+
+```
+USERNAME=mytzypdlk \
+PASSWORD=aliceinwonderland1923 \
+SENDGRID_USER=koouser \
+SENDGRID_PASSWORD=koolpassword \
+bash deploy.sh
+```
+
+Which are your base things.
+
+Sometimes you might even commit them by accident.
+
+To test different environments with different environment variables that contain sensitive information, it is a pain to keep having to export them, and keeping files and updating them with your secrets around is a manual step no one needs to have. Even worse, sending them over chat programs and giving third parties access to your info.
+
+Kichi reduces this to:
+
+	$ kichi in my_env run bash deploy.sh
+
+And you can provide your colleagues with AWS keys access to your secrets bucket and have them run this instead, without having to send secrets to them over third party services.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'kichi'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install kichi
+
+## Usage
+
+To use kichi with an S3 bucket, you need to have your aws credentials set up with `aws configure`
+
+	$ kichi use s3
+
+To set environment variables
+
+	$ kichi set USERNAME pikachu
+	$ kichi set PASSWORD youwashock
+
+To view environment variables
+
+	$ kichi get USERNAME
+
+To set files
+
+	$ kichi cp key.pem PRIVATE_KEY
+
+> when you set a file, the env var will come up as PRIVATE_KEY_PATH. This env var will be your path to the actual file that was downloaded
+
+To get files
+
+	$ kichi dl PRIVATE_KEY
+
+> this will download to a file called PRIVATE_KEY on your current directory.
+
+To create a new environment
+
+	$ kichi create my_env
+
+To add environment variables to an environment
+
+	$ kichi add USERNAME my_env
+	$ kichi add PASSWORD my_env
+
+To add a file to an environment
+
+	$ kichi addfile PRIVATE_KEY my_env
+
+To list the variable names in an environment
+
+	$ kichi list my_env
+
+To run a program using an environment
+
+	$ kichi in my_env run ./server
+
+
+## Kichi
+
+Kichi means "base" as in "military base" in Japanese. I chose the word because military bases generally have lots of secrets.
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/davidsiaw/kichi.
+

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "kichi"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/exe/kichi

@@ -0,0 +1,161 @@
+#!/usr/bin/env ruby
+
+require "kichi"
+require "aws-sdk-core"
+require "yaml"
+require "fileutils"
+require 'shellwords'
+
+module Kichi
+
+subcommand = ARGV.shift
+
+class Commands
+	def initialize
+		@settings_dir = File.join(Dir.home, ".kichi")
+	end
+
+	def use
+		what = ARGV.shift
+		case what
+		when "s3"
+			sts = Aws::STS::Client.new
+			s3 = Aws::S3::Client.new
+
+			account_id = sts.get_caller_identity.account
+			begin
+				bucket_name = "kichi-store-#{account_id}"
+				s3.head_bucket(bucket: bucket_name)
+			rescue Aws::S3::Errors::NotFound => e
+				puts "Bucket not found, creating..."
+				s3.create_bucket(bucket: bucket_name)
+			rescue => e
+				puts "You may not have permission to view the kichi bucket"
+			end
+
+			FileUtils.mkdir_p @settings_dir
+			File.write(File.join(@settings_dir, "settings"), {s3_bucket: bucket_name}.to_yaml)
+
+		else
+			puts "Unknown store '#{what}'"
+		end
+	end
+
+	def set
+		var_name = ARGV.shift
+		var_content = ARGV.join(" ")
+		kichi.set_var(var_name, var_content)
+	end
+
+	def get
+		var_name = ARGV.shift
+		var_content = kichi.get_var(var_name)
+		puts "#{var_name}=#{Shellwords.escape(var_content)}"
+	end
+
+	def create
+		var_name = ARGV.shift
+		kichi.create_env(var_name)
+	end
+
+	def add
+		var_name = ARGV.shift
+		env_name = ARGV.shift
+		alias_name = ARGV.shift
+		kichi.add_to_env(env_name, var_name, alias_name)
+	end
+
+	def addfile
+		var_name = ARGV.shift
+		env_name = ARGV.shift
+		alias_name = ARGV.shift
+		kichi.add_to_env(env_name, var_name, alias_name, true)
+	end
+
+	def remove
+		var_name = ARGV.shift
+		env_name = ARGV.shift
+		kichi.remove_from_env(env_name, var_name)
+	end
+	
+	def list
+		env_name = ARGV.shift
+		kichi.get_env(env_name).each do |k,v|
+			if v[:type] == :file
+				if v[:alias]
+					puts "#{v[:alias]} (#{k}_PATH)"
+				else
+					puts "#{k}_PATH"
+				end
+			else
+				if v[:alias]
+					puts "#{v[:alias]} (#{k})"
+				else
+					puts "#{k}"
+				end
+			end
+		end
+	end
+
+	def in
+		env_name = ARGV.shift
+		action = ARGV.shift
+		if action != "run"
+			throw "Expected run command after env_name"
+		end
+		file_dir = File.join(@settings_dir, "files")
+		FileUtils.mkdir_p file_dir
+		envs = kichi.get_env(env_name).map do |k,v|
+			key = k
+			if v[:type] == :envvar
+				value = kichi.get_var(k)
+				if v[:alias]
+					key = v[:alias]
+				end
+				[key, value]
+			elsif v[:type] == :file
+				contents = kichi.download(k)
+				location = File.join(file_dir, k)
+				File.write(location, contents)
+				if v[:alias]
+					key = v[:alias]
+				end
+				["#{key}_PATH", location]
+
+			end
+		end.to_h
+		exec(envs, ARGV.join(" "))
+	end
+
+	def cp
+		filename = ARGV.shift
+		var_name = ARGV.shift
+		kichi.upload(var_name, filename)
+	end
+
+	def dl
+		var_name = ARGV.shift
+		content = kichi.download(var_name)
+		File.write(var_name, content)
+		puts "File saved to #{var_name}"
+	end
+
+	def method_missing(name,*args,&block)
+		puts "Unknown command '#{name}'"
+	end
+
+	private
+
+	def kichi
+		if !File.exists?(File.join(@settings_dir, "settings"))
+			puts "Please setup kichi by calling kichi use s3"
+			exit!
+		end
+		settings = YAML.load_file(File.join(@settings_dir, "settings"))
+		Kichi.new settings
+	end
+end
+
+Commands.new.send(:"#{subcommand}")
+
+end

data/kichi.gemspec

@@ -0,0 +1,35 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'kichi/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "kichi"
+  spec.version       = Kichi::VERSION
+  spec.authors       = ["David Siaw"]
+  spec.email         = ["davidsiaw@gmail.com"]
+
+  spec.summary       = %q{Simple commandline key management system}
+  spec.description   = %q{Kichi is a simple commandline tool that allows you to store secrets and retrieve them as environment variables for working with them}
+  spec.homepage      = "https://github.com/davidsiaw/kichi"
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  if spec.respond_to?(:metadata)
+    spec.metadata['allowed_push_host'] = "https://rubygems.org"
+  else
+    raise "RubyGems 2.0 or newer is required to protect against public gem pushes."
+  end
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.12"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+
+  spec.add_dependency "aws-sdk", "~> 2.6"
+  
+end

data/lib/kichi.rb

@@ -0,0 +1,97 @@
+require "kichi/version"
+
+module Kichi
+	class Kichi
+		def initialize(settings)
+			@settings = settings
+			@s3 = Aws::S3::Client.new
+		end
+
+		def s3
+			@s3
+		end
+
+		def is_valid_env_name?(env_name)
+			/[a-z0-9\-_]+/.match(env_name) != nil
+		end
+
+		def is_valid_var_name?(var_name)
+			/[A-Z][A-Z0-9_]+/.match(var_name) != nil
+		end
+
+		def set_var(var_name, var_content)
+			if !is_valid_var_name?(var_name)
+				throw "Variable name must contain only capital letters, numbers and underscores"
+			end
+			s3.put_object(bucket: @settings[:s3_bucket], key: "variables/#{var_name}", body: var_content)
+		end
+
+		def get_var(var_name)
+			begin
+				s3.get_object(bucket: @settings[:s3_bucket], key: "variables/#{var_name}").body.read
+			rescue Aws::S3::Errors::NoSuchKey
+				throw "Variable #{var_name} does not exist"
+			end
+		end
+
+		def create_env(env_name)
+			if !is_valid_env_name?(env_name)
+				throw "Environment name must contain only letters, numbers, hypens and underscores"
+			end
+			begin
+				s3.head_object(bucket: @settings[:s3_bucket], key: "environments/#{env_name}")
+				throw "Environment #{env_name} already exists"
+			rescue Aws::S3::Errors::NotFound
+				s3.put_object(bucket: @settings[:s3_bucket], key: "environments/#{env_name}", body: {}.to_yaml)
+			end
+		end
+
+		def get_env(env_name)
+			begin
+				YAML.load(s3.get_object(bucket: @settings[:s3_bucket], key: "environments/#{env_name}").body.read)
+			rescue Aws::S3::Errors::NoSuchKey
+				throw "Environment #{env_name} does not exist"
+			end
+		end
+
+		def add_to_env(env_name, var_name, alias_name=nil, is_file=false)
+			env = get_env(env_name)
+
+			if is_file
+				download(var_name)
+				env[var_name] = {alias: alias_name, type: :file}
+			else
+				get_var(var_name)
+				env[var_name] = {alias: alias_name, type: :envvar}
+			end
+
+			s3.put_object(bucket: @settings[:s3_bucket], key: "environments/#{env_name}", body: env.to_yaml)
+		end
+
+		def remove_from_env(env_name, var_name)
+			env = get_env(env_name)
+			if env[var_name]
+				env.delete(var_name)
+				s3.put_object(bucket: @settings[:s3_bucket], key: "environments/#{env_name}", body: env.to_yaml)
+			end
+		end
+
+		def upload(var_name, filename)
+			if !File.exists? filename
+				throw "File #{filename} does not exist"
+			end
+			if !is_valid_var_name?(var_name)
+				throw "Variable name must contain only capital letters, numbers and underscores"
+			end
+			s3.put_object(bucket: @settings[:s3_bucket], key: "files/#{var_name}", body: File.read(filename))
+		end
+
+		def download(var_name)
+			begin
+				s3.get_object(bucket: @settings[:s3_bucket], key: "files/#{var_name}").body.read
+			rescue Aws::S3::Errors::NoSuchKey
+				throw "File #{var_name} does not exist"
+			end
+		end
+	end
+end

data/lib/kichi/version.rb

@@ -0,0 +1,3 @@
+module Kichi
+  VERSION = "0.2.0"
+end

metadata

@@ -0,0 +1,114 @@
+--- !ruby/object:Gem::Specification
+name: kichi
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- David Siaw
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-05-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+description: Kichi is a simple commandline tool that allows you to store secrets and
+  retrieve them as environment variables for working with them
+email:
+- davidsiaw@gmail.com
+executables:
+- kichi
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- exe/kichi
+- kichi.gemspec
+- lib/kichi.rb
+- lib/kichi/version.rb
+homepage: https://github.com/davidsiaw/kichi
+licenses: []
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.11
+signing_key: 
+specification_version: 4
+summary: Simple commandline key management system
+test_files: []