openbox 0.4.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c3b2286d2b3b83ce60a50ead93f7f3b293612cd7a9386f21309b2078467acf3e
-  data.tar.gz: e1b3b12fe3c36503c9cfe1c72ac38163b1c7850eeda7e4395adf79c665abc19e
+  metadata.gz: 2c0d83b1900aaf94e908bf6cdca2c74226a6e3634a43e22799b98ec6e7d6b0bc
+  data.tar.gz: 5061979673b6b027be1d4926dec24dcd54d0bf1d52b6d862641bd2579f8154bf
 SHA512:
-  metadata.gz: 741418382ee5a71631d3ff8303ea421091527338f72b6a42cfc441c94acdad51b7ede680b44515724bacd3c715e8878e339ed84b80b16186f14750c2c4f3edb9
-  data.tar.gz: ba0bfebc3ed03a62a4321e389202992f7bf988cf00a3a99d6651569fedd46d1496839a35d037f7815e5b336c5ca2af54ae5e60cdd46544b2fdb87d28a128d381
+  metadata.gz: '09da76c126d5e6b30d27153db1f8ac4415a134b7c427485dd8f740d1aacd186d6311a9bde8a26dabba17ba4a048cf3837367baa2bf0eec6e23094ffd3d986a9a'
+  data.tar.gz: 1f2389789c16745950eadb85a69406a95b24a71cd4a54e13568e62c20ab97c24d7b743bdac03dec7e6036681cfc4f802f3f92fee151cf91b1e6f3a259d0e271b

data/Gemfile.lock

@@ -1,7 +1,8 @@
 PATH
   remote: .
   specs:
-    openbox (0.4.0)
+    openbox (0.5.0)
+      dotenv
       thor (~> 1.0)
 
 GEM
@@ -14,6 +15,7 @@ GEM
     childprocess (4.1.0)
     diff-lcs (1.4.4)
     docile (1.4.0)
+    dotenv (2.7.6)
     iniparse (1.5.0)
     overcommit (0.58.0)
       childprocess (>= 0.6.3, < 5)

data/README.md

@@ -44,14 +44,7 @@ The commands are pre-defined for the Rack and Rails applications.
 | `seed`    | `rails`           | Run database seed        |
 | `sidekiq` | `sidekiq`         | Run sidekiq server       |
 
-### Environments
-
-| Name             | Description                                                                          |
-|------------------|--------------------------------------------------------------------------------------|
-| `AUTO_MIGRATION` | When present, the `migrate` will run before `server` started                         |
-| `DATABASE_URL`   | When `pg` or `mysql2` gem present, Openbox will use it to ensure database connection |
-
-### Customize Commands
+#### Customize Commands
 
 When `openbox` execute, the `lib/openbox/commands/*/**.rb` will be scanned and require before started.
 We can register new command by adding files to `lib/openbox/commands` directory.
@@ -70,6 +63,33 @@ Openbox::Entrypoint.register Daemon, :daemon, :daemon, 'Run a daemon'
 
 > The Rails are not loaded to speed up bootstrap, if you need Rails please load by yourself.
 
+### Environments
+
+| Name             | Example                                | Description                                                                          |
+|------------------|----------------------------------------|--------------------------------------------------------------------------------------|
+| `AUTO_MIGRATION` | `yes`                                  | When present, the `migrate` will run before `server` started                         |
+| `DATABASE_URL`   | `postgres://user:pass@postgres/dbname` | When `pg` or `mysql2` gem present, Openbox will use it to ensure database connection |
+| `SWARM_SECRETS`  | `app-env`                              | List the Docker Swarm secret names to load as environment file                       |
+
+## Environment Loader
+
+To rotate secrets easier, we may not use Rails credentials but inject secrets via the environment variables.
+
+Openbox provides a before hook before the command is executed and load the environments from a security source.
+
+### Docker Swarm
+
+When use Docker Swarm, the secret will put into `/run/secrets` directory, you can load these files via Dotenv.
+
+```yaml
+# Docker Swarm Stack
+services:
+  application:
+    environment:
+      - SWARM_SECRETS=sahred-secret,applicate-secret
+    # ...
+```
+
 ## Roadmap
 
 * [ ] `config/openbox.rb` config
@@ -87,7 +107,10 @@ Openbox::Entrypoint.register Daemon, :daemon, :daemon, 'Run a daemon'
   * [x] `openbox migrate` to `rails db:migrate`
   * [x] `openbox seed` to `rails db:seed`
   * [x] Use `AUTO_MIGRATION` to run migration before server started
-
+* [ ] Load Secrets as Environment
+  * [ ] AWS Secrets Manager
+  * [ ] Hashicorp Valut
+  * [ ] Docker Swarm Secrets
 
 ## Development
 

data/lib/openbox/command.rb

@@ -1,12 +1,24 @@
 # frozen_string_literal: true
 
 require 'thor'
+require 'dotenv'
 
 module Openbox
   # The base command of openbox
   #
   # @since 0.1.0
   class Command < Thor::Group
+    # Before execute command
+    #
+    # @since 0.5.0
+    def before_execute
+      # TODO: Add AWS KMS, Vault support
+      return if ENV['SWARM_SECRETS'].nil?
+
+      paths = ENV['SWARM_SECRETS'].split(',').map { |name| "/run/secrets/#{name}" }
+      Dotenv.load(*paths)
+    end
+
     # Execute command
     #
     # @since 0.1.0

data/lib/openbox/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Openbox
-  VERSION = '0.4.0'
+  VERSION = '0.5.0'
 end

data/openbox.gemspec

@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  # Uncomment to register a new dependency of your gem
+  spec.add_dependency 'dotenv'
   spec.add_dependency 'thor', '~> 1.0'
 
   # For more information and examples about making a new gem, checkout our

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: openbox
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
 platform: ruby
 authors:
 - 蒼時弦也
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-02-22 00:00:00.000000000 Z
+date: 2022-02-25 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: dotenv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement