rails_kms_credentials 0.0.3 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +65 -0
- data/lib/rails_kms_credentials/railtie.rb +0 -4
- data/lib/rails_kms_credentials/version.rb +2 -2
- metadata +2 -3
- data/lib/tasks/credentials.rake +0 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ffcfd3a08a85870fd8b6766fe27ab31e56f3955e3ab896017ea9d2589da1ca01
|
|
4
|
+
data.tar.gz: b50ad3a3cef7961756cac6b67c3dee6819755310bd4941897d6fdd8a3d5741d4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fdfe4826eed0375403edbfaa0a308c937fe7d611eb8017ce8db072b9d93400b6033bcf806c311777dd75f38c4e965d9c3c5e06384cb1dc609c6b64366b58259d
|
|
7
|
+
data.tar.gz: b66eb3b4d6c86d2d218f427b31647844efc89d7dc0b13e8489296c6a63071f71b3cca15da2664de4c1189b9f6dc14b604e64f75b2689d0e0dcfc265e1c7cd242
|
data/README.md
CHANGED
|
@@ -1 +1,66 @@
|
|
|
1
1
|
# rails-kms-credentials
|
|
2
|
+
|
|
3
|
+
This gem expands the capabilities of `Rails.application.credentials` to support fetching the credentials from a Key Management System.
|
|
4
|
+
|
|
5
|
+
## Configuration
|
|
6
|
+
This gem will read `config/kms_credentials.yml` using `Rails.application.config_for`.
|
|
7
|
+
|
|
8
|
+
Key | Description
|
|
9
|
+
---|---
|
|
10
|
+
`store` | [Stores](#stores) The Key Managedment System to use.
|
|
11
|
+
|
|
12
|
+
## Stores
|
|
13
|
+
|
|
14
|
+
Key Management System | Config Value
|
|
15
|
+
---|---
|
|
16
|
+
[Azure Key Vault](#azure-key-vault) | `azure_key_vault`
|
|
17
|
+
|
|
18
|
+
### Azure Key Vault
|
|
19
|
+
Credentials will be loaded from a Key Vault's Secrets.
|
|
20
|
+
|
|
21
|
+
All hyphens (`-`) in a secret name will be replaced with underscores (`_`) when put into credentials (ex. `foo-bar` -> `foo_bar`).
|
|
22
|
+
|
|
23
|
+
Credentials can be nested by separating the parent key from the child key with `--` (ex. secret `foo--bar--baz` with a value of `test` will become `{foo: {bar: {baz: "test"}}}`.
|
|
24
|
+
|
|
25
|
+
Since Secrets cannot be empty in Azure Key Vault, if you need a key to show up in credentials, but need its value to be empty, then set the Secret's value to `--EMPTY--`.
|
|
26
|
+
|
|
27
|
+
#### Config
|
|
28
|
+
Key | Description
|
|
29
|
+
---|---
|
|
30
|
+
`vault` | The name of the Key Vault
|
|
31
|
+
`client` | Client specific configuration. See [Client Types](#client-types).
|
|
32
|
+
`client.type` | The [Client Type](#client-types) to use.
|
|
33
|
+
`client.secret_prefix` | The prefix that all secrets for this application will have. See [Secret Prefix](#secret-prefix).
|
|
34
|
+
|
|
35
|
+
#### Secret Prefix
|
|
36
|
+
The prefix along with `----` will be added to the beginning of the secret name (ex. `prefix: abc123` -> `abc123----some-secret`). May be specified with a string, or using your application's name by passing `true` (will use `Rails.application.class.parent.to_s.underscore.dasherize`).
|
|
37
|
+
|
|
38
|
+
|
|
39
|
+
#### Client Types
|
|
40
|
+
|
|
41
|
+
How to connect/authenticate to Azure Ket Vault.
|
|
42
|
+
|
|
43
|
+
Client | `client.type`
|
|
44
|
+
---|---
|
|
45
|
+
[Managed Identity](#managed-identity) | `managed_identity`
|
|
46
|
+
[Client Credentials](#client-credentials) | `client_credentials`
|
|
47
|
+
|
|
48
|
+
|
|
49
|
+
##### Managed Identity
|
|
50
|
+
This is the client to use when running on an [Azure VM](https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token).
|
|
51
|
+
|
|
52
|
+
**Config:**
|
|
53
|
+
Key | Description
|
|
54
|
+
---|---
|
|
55
|
+
`client.type` | `managed_identity`
|
|
56
|
+
|
|
57
|
+
|
|
58
|
+
##### Client Credentials
|
|
59
|
+
This is the client to use when connecting from outside of Azure. [See here](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow).
|
|
60
|
+
|
|
61
|
+
**Config**
|
|
62
|
+
Key | Description
|
|
63
|
+
---|---
|
|
64
|
+
`client.tenant_id` | The directory tenant the application plans to operate against, in GUID or domain-name format.
|
|
65
|
+
`client.client_id` | The application ID that's assigned to your app. You can find this information in the portal where you registered your app.
|
|
66
|
+
`client.client_secret` | The client secret that you generated for your app in the app registration portal.
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rails_kms_credentials
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Taylor Yelverton
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-11-
|
|
11
|
+
date: 2022-11-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -72,7 +72,6 @@ files:
|
|
|
72
72
|
- lib/rails_kms_credentials/store/azure_key_vault/client/managed_identity.rb
|
|
73
73
|
- lib/rails_kms_credentials/store/base.rb
|
|
74
74
|
- lib/rails_kms_credentials/version.rb
|
|
75
|
-
- lib/tasks/credentials.rake
|
|
76
75
|
- rails_kms_credentials.gemspec
|
|
77
76
|
homepage: https://github.com/ComplyMD/rails_kms_credentials
|
|
78
77
|
licenses:
|
data/lib/tasks/credentials.rake
DELETED
|
@@ -1,8 +0,0 @@
|
|
|
1
|
-
namespace :kms_creds do
|
|
2
|
-
task :show, [:environment] do |_, args|
|
|
3
|
-
end
|
|
4
|
-
|
|
5
|
-
task :edit, [:environment] do |_, args|
|
|
6
|
-
ENV['EDITOR'] += ' --wait' if ENV['EDITOR'].present? && (ENV['EDITOR'] == 'code' || ENV['EDITOR'].ends_with?('/code')) # Stupid fix for vscode exiting too quickly
|
|
7
|
-
end
|
|
8
|
-
end
|