rails_kms_credentials 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '0213877dcffaf1fdd9c7fd105e3672896af45bac98016950253e51cc4506981e'
4
- data.tar.gz: 33db35c6bba9e87d1225d2bc9c69e6238079ff7e5c14aee0bbe78c08f382b4e7
3
+ metadata.gz: 1541f2dec831dfac6b5ffeefb2655fb54ebb25fe13b3dadbc180a0d665d6e135
4
+ data.tar.gz: 00e4ab56b77cbf3a92aaf0a1d833aab2984bc37fd834d97d8dcefe87fb1c853d
5
5
  SHA512:
6
- metadata.gz: 9d485d0f78de0d8c1f168ea1f3009a429e3bb0e7bac71ead622bf227f05509861c7525208532dd26c7a2330e48e062f06b751b1cfeba7e04d1e01c14e09c4a83
7
- data.tar.gz: ec94f342392a7d003b94cdd5e29c0409a4c6d6c9158a0fdc5b3cd459b779823f8fec577c29c7f51c6a54d13a0366ca54e4e7596a0093c5fb2ae99513272526ad
6
+ metadata.gz: 901b2ddeae2dd1a8e1c6394abde690aa73000620cad2e1485f9ce65d0835c355602de47357742f84233a2fcf9d884835cdbe534783edb79d62f3cdc0c3ce47be
7
+ data.tar.gz: f391e7dbd037edcd8f6608e92bc994a7508ae91605d329c9bb29aca1380a973a6b10960e59a5b8f9431f3ba312210595fcb1a47a51893a0460368d6e71d61e92
data/README.md CHANGED
@@ -44,6 +44,7 @@ Client | `client.type`
44
44
  ---|---
45
45
  [Managed Identity](#managed-identity) | `managed_identity`
46
46
  [Client Credentials](#client-credentials) | `client_credentials`
47
+ [Environment Access Token](#environment-access-token) | `env_access_token`
47
48
 
48
49
 
49
50
  ##### Managed Identity
@@ -58,9 +59,26 @@ Key | Description
58
59
  ##### Client Credentials
59
60
  This is the client to use when connecting from outside of Azure. [See here](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow).
60
61
 
62
+ You'll need to register an "App Registration" in Azure and grant it permission to access the Key vault secrets. [See the wiki page for morehelp](https://nuancewiki.atlassian.net/wiki/spaces/EN/pages/797409849/Azure+KMS+Credentials)
63
+
61
64
  **Config**
62
65
  Key | Description
63
66
  ---|---
64
67
  `client.tenant_id` | The directory tenant the application plans to operate against, in GUID or domain-name format.
65
68
  `client.client_id` | The application ID that's assigned to your app. You can find this information in the portal where you registered your app.
66
69
  `client.client_secret` | The client secret that you generated for your app in the app registration portal.
70
+
71
+ ##### Environment Access Token
72
+ This is the client to use when you have an access token that can be loaded by setting an Environment variable.
73
+
74
+ The `access_token` may be fetched via Azure CLI. For example, you could
75
+ authenticate via `az login`, then export the `access_token` into your session:
76
+
77
+ ```
78
+ az account get-access-token --resource "https://vault.azure.net" --query "accessToken" -o tsv
79
+ ```
80
+
81
+ **Config:**
82
+ Key | Description
83
+ ---|---
84
+ `client.type` | `env_access_token`
@@ -0,0 +1,47 @@
1
+ # frozen_string_literal: true
2
+
3
+ module RailsKmsCredentials
4
+ module Store
5
+ module AzureKeyVault
6
+ module Client
7
+ class EnvAccessToken < Base
8
+ def initialize(*)
9
+ super
10
+ end
11
+
12
+ def get_secrets_list(url)
13
+ HTTParty.get(
14
+ url,
15
+ headers: {
16
+ Authorization: "Bearer #{access_token}",
17
+ },
18
+ )
19
+ end
20
+
21
+ def get_secret(url)
22
+ HTTParty.get(
23
+ url,
24
+ headers: {
25
+ Authorization: "Bearer #{access_token}",
26
+ },
27
+ )
28
+ end
29
+
30
+ private
31
+
32
+ def access_token
33
+ return @access_token if instance_variable_defined?(:@access_token)
34
+ @access_token = ENV['AZURE_KEY_VAULT_ACCESS_TOKEN']
35
+
36
+ raise 'KmsCredentials AzureKeyVault EnvAccessToken unable to get access token' unless @access_token
37
+ @access_token
38
+ end
39
+
40
+ end
41
+
42
+ add(:env_access_token, EnvAccessToken)
43
+
44
+ end
45
+ end
46
+ end
47
+ end
@@ -28,3 +28,4 @@ require 'rails_kms_credentials/store/azure_key_vault/client/base'
28
28
  require 'rails_kms_credentials/store/azure_key_vault/client/aks_workload_identity'
29
29
  require 'rails_kms_credentials/store/azure_key_vault/client/client_credentials'
30
30
  require 'rails_kms_credentials/store/azure_key_vault/client/managed_identity'
31
+ require 'rails_kms_credentials/store/azure_key_vault/client/env_access_token'
@@ -4,7 +4,7 @@ module RailsKmsCredentials
4
4
 
5
5
  module Version
6
6
  MAJOR = 0
7
- MINOR = 4
7
+ MINOR = 5
8
8
  PATCH = 0
9
9
 
10
10
  end
@@ -14,4 +14,4 @@ require 'rails_kms_credentials/railtie'
14
14
  require 'rails_kms_credentials/version'
15
15
 
16
16
  Rails::Application::Configuration.send(:include, RailsKmsCredentials::Configuration)
17
- Rails::Application.send(:include, RailsKmsCredentials::Application)
17
+ Rails::Application.send(:include, RailsKmsCredentials::Application)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails_kms_credentials
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Taylor Yelverton
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-04-05 00:00:00.000000000 Z
11
+ date: 2024-07-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -82,6 +82,7 @@ files:
82
82
  - lib/rails_kms_credentials/store/azure_key_vault/client/aks_workload_identity.rb
83
83
  - lib/rails_kms_credentials/store/azure_key_vault/client/base.rb
84
84
  - lib/rails_kms_credentials/store/azure_key_vault/client/client_credentials.rb
85
+ - lib/rails_kms_credentials/store/azure_key_vault/client/env_access_token.rb
85
86
  - lib/rails_kms_credentials/store/azure_key_vault/client/managed_identity.rb
86
87
  - lib/rails_kms_credentials/store/base.rb
87
88
  - lib/rails_kms_credentials/version.rb