rails_kms_credentials 0.3.1 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: de88f7dce4457c9f658840f71929a0c6aa0673e30788aae0ea2a5bc3f02a36c2
-  data.tar.gz: abea6732234392d3fd6b61d4cb2cc5677021d40243986e2f6a8f090ef213642f
+  metadata.gz: 1541f2dec831dfac6b5ffeefb2655fb54ebb25fe13b3dadbc180a0d665d6e135
+  data.tar.gz: 00e4ab56b77cbf3a92aaf0a1d833aab2984bc37fd834d97d8dcefe87fb1c853d
 SHA512:
-  metadata.gz: d32fd25ff4c82aee6d86d6e46080d88e07127a988b2400ca30146a895a64339e90e3b23ef898ef8bd38c1ceb09b101b9cdeabfa31febe8969403fd1a723fe1ed
-  data.tar.gz: fdc5491be4b98e9e25e4a3066b7c541a10cc7961ee85a98c3c9e4a5d8b53f4206c10d6b712dc59f889e0827d164099ce73e1489254be6fab126d2d10404526b7
+  metadata.gz: 901b2ddeae2dd1a8e1c6394abde690aa73000620cad2e1485f9ce65d0835c355602de47357742f84233a2fcf9d884835cdbe534783edb79d62f3cdc0c3ce47be
+  data.tar.gz: f391e7dbd037edcd8f6608e92bc994a7508ae91605d329c9bb29aca1380a973a6b10960e59a5b8f9431f3ba312210595fcb1a47a51893a0460368d6e71d61e92

data/README.md

@@ -44,6 +44,7 @@ Client | `client.type`
 ---|---
 [Managed Identity](#managed-identity) | `managed_identity`
 [Client Credentials](#client-credentials) | `client_credentials`
+[Environment Access Token](#environment-access-token) | `env_access_token`
 
 
 ##### Managed Identity
@@ -58,9 +59,26 @@ Key | Description
 ##### Client Credentials
 This is the client to use when connecting from outside of Azure. [See here](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow).
 
+You'll need to register an "App Registration" in Azure and grant it permission to access the Key vault secrets. [See the wiki page for morehelp](https://nuancewiki.atlassian.net/wiki/spaces/EN/pages/797409849/Azure+KMS+Credentials)
+
 **Config**
 Key | Description
 ---|---
 `client.tenant_id` | The directory tenant the application plans to operate against, in GUID or domain-name format.
 `client.client_id` | The application ID that's assigned to your app. You can find this information in the portal where you registered your app.
 `client.client_secret` | The client secret that you generated for your app in the app registration portal.
+
+##### Environment Access Token
+This is the client to use when you have an access token that can be loaded by setting an Environment variable.
+
+The `access_token` may be fetched via Azure CLI. For example, you could
+authenticate via `az login`, then export the `access_token` into your session:
+
+```
+az account get-access-token --resource "https://vault.azure.net" --query "accessToken" -o tsv
+```
+
+**Config:**
+Key | Description
+---|---
+`client.type` | `env_access_token`

data/lib/rails_kms_credentials/store/azure_key_vault/client/env_access_token.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module RailsKmsCredentials
+  module Store
+    module AzureKeyVault
+      module Client
+        class EnvAccessToken < Base
+          def initialize(*)
+            super
+          end
+
+          def get_secrets_list(url)
+            HTTParty.get(
+              url,
+              headers: {
+                Authorization: "Bearer #{access_token}",
+              },
+            )
+          end
+
+          def get_secret(url)
+            HTTParty.get(
+              url,
+              headers: {
+                Authorization: "Bearer #{access_token}",
+              },
+            )
+          end
+
+          private
+
+            def access_token
+              return @access_token if instance_variable_defined?(:@access_token)
+              @access_token = ENV['AZURE_KEY_VAULT_ACCESS_TOKEN']
+
+              raise 'KmsCredentials AzureKeyVault EnvAccessToken unable to get access token' unless @access_token
+              @access_token
+            end
+
+        end
+
+        add(:env_access_token, EnvAccessToken)
+
+      end
+    end
+  end
+end

data/lib/rails_kms_credentials/store/azure_key_vault/client.rb

@@ -28,3 +28,4 @@ require 'rails_kms_credentials/store/azure_key_vault/client/base'
 require 'rails_kms_credentials/store/azure_key_vault/client/aks_workload_identity'
 require 'rails_kms_credentials/store/azure_key_vault/client/client_credentials'
 require 'rails_kms_credentials/store/azure_key_vault/client/managed_identity'
+require 'rails_kms_credentials/store/azure_key_vault/client/env_access_token'

data/lib/rails_kms_credentials/version.rb

@@ -4,8 +4,8 @@ module RailsKmsCredentials
 
   module Version
     MAJOR = 0
-    MINOR = 3
-    PATCH = 1
+    MINOR = 5
+    PATCH = 0
 
   end
 

data/lib/rails_kms_credentials.rb

@@ -3,6 +3,7 @@
 # Container Module
 module RailsKmsCredentials; end
 
+require 'httparty'
 require 'active_support/concern'
 
 require 'rails_kms_credentials/application'
@@ -13,4 +14,4 @@ require 'rails_kms_credentials/railtie'
 require 'rails_kms_credentials/version'
 
 Rails::Application::Configuration.send(:include, RailsKmsCredentials::Configuration)
-Rails::Application.send(:include, RailsKmsCredentials::Application)
+Rails::Application.send(:include, RailsKmsCredentials::Application)

data/rails_kms_credentials.gemspec

@@ -27,8 +27,8 @@ Gem::Specification.new do |s|
 
   s.required_ruby_version = '>= 2.7.0'
 
-  s.add_dependency('activesupport', '>= 5.0.0')
-  s.add_dependency('railties', '>= 5.0.0')
+  s.add_dependency('activesupport', '>= 5.0.0', '< 8.0.0')
+  s.add_dependency('railties', '>= 5.0.0', '< 8.0.0')
 
   s.add_dependency('httparty', '~> 0.21.0')
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_kms_credentials
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.5.0
 platform: ruby
 authors:
 - Taylor Yelverton
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-02-13 00:00:00.000000000 Z
+date: 2024-07-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -17,6 +17,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 5.0.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 8.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -24,6 +27,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 5.0.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 8.0.0
 - !ruby/object:Gem::Dependency
   name: railties
   requirement: !ruby/object:Gem::Requirement
@@ -31,6 +37,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 5.0.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 8.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -38,6 +47,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 5.0.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 8.0.0
 - !ruby/object:Gem::Dependency
   name: httparty
   requirement: !ruby/object:Gem::Requirement
@@ -70,6 +82,7 @@ files:
 - lib/rails_kms_credentials/store/azure_key_vault/client/aks_workload_identity.rb
 - lib/rails_kms_credentials/store/azure_key_vault/client/base.rb
 - lib/rails_kms_credentials/store/azure_key_vault/client/client_credentials.rb
+- lib/rails_kms_credentials/store/azure_key_vault/client/env_access_token.rb
 - lib/rails_kms_credentials/store/azure_key_vault/client/managed_identity.rb
 - lib/rails_kms_credentials/store/base.rb
 - lib/rails_kms_credentials/version.rb