param_store 0.0.1 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 333fc97381cc05055d9111ff26983d53d34fe14964c3498c21b0c4d182dc64e3
-  data.tar.gz: 3d08af6a980db816dda1149254674332f3fd7a0cf050924542377872b31688ea
+  metadata.gz: 6a193054830d20294dc6f7beac7466aefd0dc0f34371ddcf97542277e5bcc76c
+  data.tar.gz: 97afce05344af92e41b85d673c95d718f1ca8bfa3e2793f8d047bdfa718dad1e
 SHA512:
-  metadata.gz: d548fbcd4dbe959756ed0721e3d9c7b64159fea2dcf30b4fe1c779770fe11d2f36bd0a1071353aeaeba547e29428ae33c7f86a7b25c91b42e85c00b1793207c4
-  data.tar.gz: '080a2b1a10b421e327474adb36ea24f49ed60e17209eb3883c3894e9f0082677f84320ac978e55826a73a329b5314a61960b1dd184c826cfb2de18ae93d4c95b'
+  metadata.gz: c92d7d8b694ec738a2ba1e34d4f0366ceb2e2180e6332afaec9aef022899fd54e4610abe845130209bc85cf4a982e7598954bda98cc616846b9f2d6f6580ae7e
+  data.tar.gz: ce6bbe962abbf9e76ca08e7f268b763b25e0b7ef4e98c8b4df83c0ff33604e72702af33b56967e7110ec35cb6b6d91d0be73b49475d2c06167ed39504635ff76

data/Gemfile

@@ -6,6 +6,9 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 gemspec
 
 group :development, :test do
+  gem 'aws-sdk-secretsmanager', '~> 1'
+  gem 'aws-sdk-ssm', '~> 1'
+  gem 'ejson_wrapper', '~> 0.3.1'
   gem 'pry-byebug'
 end
 
@@ -13,4 +16,4 @@ group :test do
   gem 'rspec', '~> 3.0'
   gem 'rspec_junit_formatter'
   gem 'stub_env'
-end
+end

data/Gemfile.lock

@@ -1,8 +1,7 @@
 PATH
   remote: .
   specs:
-    param_store (0.0.1)
-      aws-sdk-ssm (~> 1)
+    param_store (1.0.0)
 
 GEM
   remote: https://rubygems.org/
@@ -14,6 +13,12 @@ GEM
       aws-partitions (~> 1.0)
       aws-sigv4 (~> 1.0)
       jmespath (~> 1.0)
+    aws-sdk-kms (1.13.0)
+      aws-sdk-core (~> 3, >= 3.39.0)
+      aws-sigv4 (~> 1.0)
+    aws-sdk-secretsmanager (1.20.0)
+      aws-sdk-core (~> 3, >= 3.39.0)
+      aws-sigv4 (~> 1.0)
     aws-sdk-ssm (1.34.0)
       aws-sdk-core (~> 3, >= 3.39.0)
       aws-sigv4 (~> 1.0)
@@ -21,6 +26,10 @@ GEM
     byebug (10.0.2)
     coderay (1.1.2)
     diff-lcs (1.3)
+    ejson (1.2.1)
+    ejson_wrapper (0.3.1)
+      aws-sdk-kms
+      ejson
     jmespath (1.4.0)
     method_source (0.9.2)
     pry (0.12.2)
@@ -52,7 +61,10 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  aws-sdk-secretsmanager (~> 1)
+  aws-sdk-ssm (~> 1)
   bundler (~> 1.16)
+  ejson_wrapper (~> 0.3.1)
   param_store!
   pry-byebug
   rake (~> 10.0)
@@ -61,4 +73,4 @@ DEPENDENCIES
   stub_env
 
 BUNDLED WITH
-   1.17.2
+   1.17.3

data/README.md

@@ -2,10 +2,9 @@
 
 # ParamStore
 
-This gem goal is to <strike>DRY some code I have been copying around for a while</strike> make easy switching in between ENV and [AWS Parameter Store (SSM)](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-paramstore.html) for retrieving parameters.
-
-This gem is not a replacement for [dotenv](https://github.com/bkeepers/dotenv). I still use and recommend it in development, in case it is "safe" to save your keys in `.env` files. Otherwise, you could also use AWS Parameter Store for development.
+This gem goal is to <strike>DRY some code I have been copying around for a while</strike> make easy switching in between ENV, [AWS Parameter Store (SSM)](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-paramstore.html), [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/) and [EJSON](https://github.com/Shopify/ejson) for retrieving parameters.
 
+This gem is not a replacement for [dotenv](https://github.com/bkeepers/dotenv). I still use and recommend it in development, in case it is "safe" to save your keys in `.env` files.
 
 ## Installation
 
@@ -17,46 +16,79 @@ gem 'param_store'
 
 ## Usage
 
-For switching in between ENV and SSM, you need you set which adapter you want to use.
+### Configuring adapters
+
+Available adapters: `:env`, `:aws_ssm`, `:aws_secrets_manager` and `:ejson_wrapper`.
 
 ```ruby
-# read from SSM
-# i.e. config/environments/production.rb
-ParamStore.adapter = :aws_ssm
-# default path for SSM Hierarchies
-# see https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-su-organize.html
-ParamStore.path = '/Environment/Type of computer/Application/'
+ParamStore.adapter = adapter
+```
 
-# read from ENV
-# i.e. config/environments/[development, test].rb
-ParamStore.adapter = :env
+### Retrieving parameters
+
+```ruby
+# ParamStore.fetch is similar to Hash#fetch,
+# If the key is not found and there's no default given, it will raise a `KeyError`
+ParamStore.fetch('name')
+ParamStore.fetch('name', 'default value')
+ParamStore.fetch('name') { 'default value' }
 ```
 
-For retrieving parameters:
+### Copying from any adapter to ENV
 
 ```ruby
-# fetch is similar to Hash#fetch,
-# if the key is not found and there's no default defined, it raises an error
-ParamStore.fetch('my_secret_key')
+ParamStore.copy_to_env('name1', 'name2', 'name3')
+
+ENV['name1'] # => value for name1
+ENV['name2'] # => value for name2
+ENV['name3'] # => value for name3
 ```
 
-### SSM to ENV
+## Adapters
 
-You can also make SSM compatible with `ENV` by copying parameters to `ENV`.
+### ENV
 
 ```ruby
-# i.e. config/application.rb
-# Bundler.require(*Rails.groups)
-ParamStore.copy_to_env('key1', 'key2', 'key3')
+ParamStore.adapter :env
+```
 
-ENV['key1'] # => value for key1
-ENV['key2'] # => value for key2
-ENV['key3'] # => value for key3
+### AWS Parameter Store (SSM)
+
+Add to your Gemfile:
+
+```ruby
+gem 'aws-sdk-ssm', '~> 1'
+```
+
+Configure the adapter:
+
+```ruby
+ParamStore.adapter :aws_ssm, default_path: '/Prod/App/'
+```
+
+#### Retrieving parameters
+
+```ruby
+ParamStore.fetch('name')
+# => get parameter name, if default_path /Prod/App/ get parameter /Prod/App/name
+ParamStore.fetch('name', path: '/Prod/App/')
+# => get parameter /Prod/App/name
+```
+
+#### Copying from SSM adapter to ENV
+
+```ruby
+ParamStore.copy_to_env('name1', 'name2', 'name3', path: '/Environment/Type of computer/Application/')
+# path overrides default_path
+
+ENV['name1'] # => value for name1
+ENV['name2'] # => value for name2
+ENV['name3'] # => value for name3
 ```
 
-### SSM client
+#### SSM client
 
-By default `ParamStore` will initiate `Aws::SSM::Client.new` without supplying any parameter. If you want to control the initiation of the SSM client, you can define it by setting `ssm_client`.
+By default ParamStore will initiate `Aws::SSM::Client.new` without supplying any argument. If you want to control the initiation of the SSM client, you can define it by setting `ssm_client`.
 
 
 ```ruby
@@ -67,25 +99,100 @@ ParamStore.ssm_client = Aws::SSM::Client.new(
 )
 ```
 
-### Fail-fast
+#### CLI
 
-You can configure the required parameters for an app and fail at startup.
+A few useful [aws ssm](https://docs.aws.amazon.com/cli/latest/reference/ssm/index.html) commands:
+
+```sh
+aws ssm get-parameters-by-path --path /Prod/ERP/SAP --with-decryption
+aws ssm put-parameter --name /Prod/ERP/SAP --value ... --type SecureString
+```
+
+### Secrets Manager
+
+Add to your Gemfile:
 
 ```ruby
-# i.e. config/application.rb
-# Bundler.require(*Rails.groups)
-ParamStore.require_keys!('key1', 'key2', 'key3')
+gem 'aws-sdk-secretsmanager', '~> 1'
 ```
 
-#### aws ssm
+Configure the adapter:
 
-A few useful [aws ssm](https://docs.aws.amazon.com/cli/latest/reference/ssm/index.html) commands:
+```ruby
+ParamStore.adapter :aws_secrets_manager
+# ParaStore.fetch('secret_id')
+# => {\n  \"password\":\"pwd\"\n}\n
 
-```sh
-aws ssm get-parameters-by-path --path /Prod/ERP/SAP --with-decryption
-aws ssm put-parameter --name /Prod/ERP/SAP --value ... --type SecureString
+ParamStore.adapter :aws_secrets_manager, default_secret_id: 'secret_id'
+# ParaStore.fetch('password')
+# => pwd
+```
+
+#### Retrieving parameters
+
+```ruby
+ParamStore.fetch('secret_id')
+ParamStore.fetch('password', secret_id: 'secret_id')
+```
+
+#### Copying from Secrets Manager adapter to ENV
+
+```ruby
+ParamStore.copy_to_env('key1', 'key2', 'key3', secret_id: 'secret_id')
+# secret_id overrides default_secret_id
+
+ENV['key1'] # => value for key1
+ENV['key2'] # => value for key2
+ENV['key3'] # => value for key3
+```
+
+### EJSON
+
+Add to your Gemfile:
+
+```ruby
+gem 'ejson_wrapper', '~> 0.3.1'
+```
+
+Configure the adapter:
+
+```ruby
+ParamStore.adapter(
+  :ejson_wrapper,
+  file_path: '...',
+  key_dir: '...',
+  private_key: '...',
+  use_kms: '...',
+  region: '...'
+)
+# see https://github.com/envato/ejson_wrapper#usage
+```
+
+#### Rails
+
+If you are using ParamStore in prod and dotenv in dev:
+
+```ruby
+# config/application.rb
+# Bundler.require(*Rails.groups)
+if Rails.env.production?
+  ParamStore.adapter(:aws_ssm)
+  ParamStore.copy_to_env('DATABASE_URL', require_keys: true, path: '/Prod/MyApp/')
+else
+  Dotenv::Railtie.load
+end
 ```
 
+### Fail-fast
+
+You can configure the required parameters for an app and fail at startup.
+
+```ruby
+# config/application.rb
+# Bundler.require(*Rails.groups)
+ParamStore.require_keys!('key1', 'key2', 'key3')
+# this will raise an error if any key is missing
+```
 
 ## Development
 

data/lib/param_store/adapters/ejson_wrapper.rb

@@ -0,0 +1,26 @@
+module ParamStore
+  module Adapters
+    class EJSONWrapper
+      attr_reader :file_path, :options
+
+      def initialize(**opts)
+        @file_path = opts.delete(:file_path)
+        @options = opts
+      end
+
+      def fetch(key, *args, **_opts, &block)
+        decrypt.fetch(key, *args, &block)
+      end
+
+      def fetch_all(*keys, **_opts)
+        decrypt.select { |key, _value| keys.flatten.include?(key) }
+      end
+
+      private
+
+      def decrypt
+        @_decrypt ||= ::EJSONWrapper.decrypt(file_path, options)
+      end
+    end
+  end
+end

data/lib/param_store/adapters/env.rb

@@ -1,11 +1,13 @@
 module ParamStore
   module Adapters
     class Env
-      def fetch(key, *args, &block)
+      def initialize(**_opts); end
+
+      def fetch(key, *args, **_opts, &block)
         ENV.fetch(key, *args, &block)
       end
 
-      def fetch_all(*keys)
+      def fetch_all(*keys, **_opts)
         keys = keys.flatten
         keys.each_with_object({}) do |key, result|
           result[key] = ENV[key]

data/lib/param_store/adapters/secrets_manager.rb

@@ -0,0 +1,46 @@
+module ParamStore
+  module Adapters
+    class SecretsManager
+      attr_reader :default_secret_id
+
+      def initialize(default_secret_id: nil)
+        @default_secret_id = default_secret_id
+      end
+
+      def fetch(key, *args, secret_id: nil, version_id: nil, version_stage: nil, &block)
+        get_key = secret_id || default_secret_id || key
+
+        if cache[get_key].nil? &&
+           string = get_secret_value(get_key, version_id, version_stage)
+          cache[get_key] = JSON.parse(string)
+        end
+
+        (
+          secret_id.nil? && default_secret_id.nil? ? cache : cache[get_key]
+        ).fetch(key, *args, &block)
+      end
+
+      def fetch_all(*keys, **opts)
+        # poor man's fetch all
+        # I couldn't find a batch get for secrets manager :/
+        keys.map { |key| fetch(key, {}, **opts) }.inject(:merge)
+      end
+
+      private
+
+      def get_secret_value(secret_id, version_id, version_stage)
+        ParamStore.secrets_manager_client.get_secret_value(
+          secret_id: secret_id,
+          version_id: version_id,
+          version_stage: version_stage
+        ).secret_string
+      rescue Aws::SecretsManager::Errors::ResourceNotFoundException
+        # let the tmp.fetch below deal with key not found and defaults
+      end
+
+      def cache
+        @_cache ||= {}
+      end
+    end
+  end
+end

data/lib/param_store/adapters/ssm.rb

@@ -1,24 +1,40 @@
 module ParamStore
   module Adapters
     class SSM
-      def fetch(key, *args, &block)
+      attr_reader :default_path
+
+      def initialize(default_path: nil)
+        @default_path = default_path
+      end
+
+      def fetch(key, *args, path: nil, &block)
+        key = prepend_path(path, key)
         tmp = {}
-        key = "#{ParamStore.path}#{key}" unless ParamStore.path.nil?
-        begin
-          tmp[key] = ParamStore.ssm_client.get_parameter(name: key, with_decryption: true).parameter.value
-        rescue Aws::SSM::Errors::ParameterNotFound
-          # let the tmp.fetch below deal with not found key and defaults
+        if string = get_parameter(key)
+          tmp[key] = string
         end
         tmp.fetch(key, *args, &block)
       end
 
-      def fetch_all(*keys)
+      def fetch_all(*keys, path: nil)
         keys = keys.flatten
-        keys = keys.map { |key| "#{ParamStore.path}#{key}" } if ParamStore.path
+        keys = keys.map { |key| prepend_path(path, key) } if path
         ParamStore.ssm_client.get_parameters(names: keys, with_decryption: true).parameters.each_with_object({}) do |param, result|
-          result[param.name.gsub(ParamStore.path.to_s, '')] = param.value
+          result[param.name.gsub(path.to_s, '')] = param.value
         end
       end
+
+      private
+
+      def get_parameter(key)
+        ParamStore.ssm_client.get_parameter(name: key, with_decryption: true).parameter.value
+      rescue Aws::SSM::Errors::ParameterNotFound
+        # let the tmp.fetch below deal with key not found and defaults
+      end
+
+      def prepend_path(path, key)
+        "#{path || default_path}#{key}"
+      end
     end
   end
 end

data/lib/param_store/version.rb

@@ -1,3 +1,3 @@
 module ParamStore
-  VERSION = '0.0.1'.freeze
+  VERSION = '1.0.0'.freeze
 end

data/lib/param_store/wrapper.rb

@@ -1,28 +1,31 @@
 module ParamStore
   class Wrapper
-    def initialize(adapter_class)
+    def initialize(adapter_class, **opts)
       @adapter_class = adapter_class
+      @opts = opts
     end
 
-    def fetch(key, *args, &block)
+    def fetch(key, *args, **opts, &block)
       key = key.to_s
       unless cache.key?(key)
         # cache params to minimize number of requests
-        cache[key] = adapter_instance.fetch(key, *args, &block)
+        cache[key] = adapter_instance.fetch(key, *args, **opts, &block)
       end
       cache[key]
     end
 
-    def copy_to_env(*keys, require_keys: false)
-      cache_all(*keys)
+    def copy_to_env(*keys, **opts)
+      require_keys = opts.delete(:require_keys)
 
-      require_keys!(*keys) if require_keys
+      cache_all(*keys, **opts)
+
+      require_keys!(*keys, **opts) if require_keys
 
       keys.each { |key| ENV[key] = cache[key] }
     end
 
-    def require_keys!(*keys)
-      cache_all(*keys)
+    def require_keys!(*keys, **opts)
+      cache_all(*keys, **opts)
 
       missing = keys.flatten.map!(&:to_s) - cache.keys
 
@@ -35,9 +38,9 @@ module ParamStore
 
     attr_accessor :adapter, :cache
 
-    def cache_all(*keys)
+    def cache_all(*keys, **opts)
       keys.flatten.map!(&:to_s)
-      adapter_instance.fetch_all(*keys).each do |key, value|
+      adapter_instance.fetch_all(*keys, **opts).each do |key, value|
         cache[key] = value
       end
     end
@@ -47,7 +50,7 @@ module ParamStore
     end
 
     def adapter_instance
-      @_adapter_instance ||= @adapter_class.new
+      @_adapter_instance ||= @adapter_class.new(**@opts)
     end
   end
 end

data/lib/param_store.rb

@@ -1,10 +1,11 @@
-require 'aws-sdk-ssm'
 require 'forwardable'
 
 require 'param_store/version'
 require 'param_store/wrapper'
 require 'param_store/adapters/env'
 require 'param_store/adapters/ssm'
+require 'param_store/adapters/secrets_manager'
+require 'param_store/adapters/ejson_wrapper'
 
 module ParamStore
   extend SingleForwardable
@@ -17,16 +18,20 @@ module ParamStore
   )
 
   class << self
-    attr_accessor :path
     attr_reader :adapter, :wrapper
+    attr_writer :ssm_client, :secrets_manager_client
 
     def ssm_client
-      @_ssm_client ||= Aws::SSM::Client.new
+      @ssm_client ||= Aws::SSM::Client.new
     end
 
-    def adapter=(adapter)
+    def secrets_manager_client
+      @secrets_manager_client ||= Aws::SecretsManager::Client.new
+    end
+
+    def adapter(adapter, **opts)
       @adapter = adapter
-      @wrapper = Wrapper.new(adapter_class(adapter))
+      @wrapper = Wrapper.new(adapter_class(adapter), **opts)
     end
 
     def adapter_class(adapter)
@@ -34,10 +39,25 @@ module ParamStore
       when :env
         Adapters::Env
       when :aws_ssm
+        require_adapter_dependency(adapter, 'aws-sdk-ssm')
         Adapters::SSM
+      when :aws_secrets_manager
+        require_adapter_dependency(adapter, 'aws-sdk-secretsmanager')
+        Adapters::SecretsManager
+      when :ejson_wrapper
+        require_adapter_dependency(adapter, 'ejson_wrapper')
+        Adapters::EJSONWrapper
       else
         raise "Invalid adapter: #{adapter}"
       end
     end
+
+    private
+
+    def require_adapter_dependency(adapter, dependency)
+      require dependency
+    rescue LoadError
+      fail "#{adapter} requires #{dependency} to be installed separately. Please add gem '#{dependency}' to your Gemfile"
+    end
   end
 end

data/param_store.gemspec

@@ -21,8 +21,6 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'aws-sdk-ssm', '~> 1'
-
   spec.add_development_dependency 'bundler', '~> 1.16'
   spec.add_development_dependency 'rake', '~> 10.0'
 end

metadata

@@ -1,29 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: param_store
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 1.0.0
 platform: ruby
 authors:
 - Pablo Cantero
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-12-26 00:00:00.000000000 Z
+date: 2020-02-12 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: aws-sdk-ssm
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -73,7 +59,9 @@ files:
 - bin/console
 - bin/setup
 - lib/param_store.rb
+- lib/param_store/adapters/ejson_wrapper.rb
 - lib/param_store/adapters/env.rb
+- lib/param_store/adapters/secrets_manager.rb
 - lib/param_store/adapters/ssm.rb
 - lib/param_store/version.rb
 - lib/param_store/wrapper.rb
@@ -97,7 +85,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
+rubyforge_project: 
+rubygems_version: 2.7.6.2
 signing_key: 
 specification_version: 4
 summary: Easy switch in between ENV and AWS Parameter Store (SSM)