rails_kms_credentials 0.4.0 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +18 -0
- data/lib/rails_kms_credentials/store/azure_key_vault/client/env_access_token.rb +47 -0
- data/lib/rails_kms_credentials/store/azure_key_vault/client.rb +1 -0
- data/lib/rails_kms_credentials/version.rb +1 -1
- data/lib/rails_kms_credentials.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1541f2dec831dfac6b5ffeefb2655fb54ebb25fe13b3dadbc180a0d665d6e135
|
4
|
+
data.tar.gz: 00e4ab56b77cbf3a92aaf0a1d833aab2984bc37fd834d97d8dcefe87fb1c853d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 901b2ddeae2dd1a8e1c6394abde690aa73000620cad2e1485f9ce65d0835c355602de47357742f84233a2fcf9d884835cdbe534783edb79d62f3cdc0c3ce47be
|
7
|
+
data.tar.gz: f391e7dbd037edcd8f6608e92bc994a7508ae91605d329c9bb29aca1380a973a6b10960e59a5b8f9431f3ba312210595fcb1a47a51893a0460368d6e71d61e92
|
data/README.md
CHANGED
@@ -44,6 +44,7 @@ Client | `client.type`
|
|
44
44
|
---|---
|
45
45
|
[Managed Identity](#managed-identity) | `managed_identity`
|
46
46
|
[Client Credentials](#client-credentials) | `client_credentials`
|
47
|
+
[Environment Access Token](#environment-access-token) | `env_access_token`
|
47
48
|
|
48
49
|
|
49
50
|
##### Managed Identity
|
@@ -58,9 +59,26 @@ Key | Description
|
|
58
59
|
##### Client Credentials
|
59
60
|
This is the client to use when connecting from outside of Azure. [See here](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow).
|
60
61
|
|
62
|
+
You'll need to register an "App Registration" in Azure and grant it permission to access the Key vault secrets. [See the wiki page for morehelp](https://nuancewiki.atlassian.net/wiki/spaces/EN/pages/797409849/Azure+KMS+Credentials)
|
63
|
+
|
61
64
|
**Config**
|
62
65
|
Key | Description
|
63
66
|
---|---
|
64
67
|
`client.tenant_id` | The directory tenant the application plans to operate against, in GUID or domain-name format.
|
65
68
|
`client.client_id` | The application ID that's assigned to your app. You can find this information in the portal where you registered your app.
|
66
69
|
`client.client_secret` | The client secret that you generated for your app in the app registration portal.
|
70
|
+
|
71
|
+
##### Environment Access Token
|
72
|
+
This is the client to use when you have an access token that can be loaded by setting an Environment variable.
|
73
|
+
|
74
|
+
The `access_token` may be fetched via Azure CLI. For example, you could
|
75
|
+
authenticate via `az login`, then export the `access_token` into your session:
|
76
|
+
|
77
|
+
```
|
78
|
+
az account get-access-token --resource "https://vault.azure.net" --query "accessToken" -o tsv
|
79
|
+
```
|
80
|
+
|
81
|
+
**Config:**
|
82
|
+
Key | Description
|
83
|
+
---|---
|
84
|
+
`client.type` | `env_access_token`
|
@@ -0,0 +1,47 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module RailsKmsCredentials
|
4
|
+
module Store
|
5
|
+
module AzureKeyVault
|
6
|
+
module Client
|
7
|
+
class EnvAccessToken < Base
|
8
|
+
def initialize(*)
|
9
|
+
super
|
10
|
+
end
|
11
|
+
|
12
|
+
def get_secrets_list(url)
|
13
|
+
HTTParty.get(
|
14
|
+
url,
|
15
|
+
headers: {
|
16
|
+
Authorization: "Bearer #{access_token}",
|
17
|
+
},
|
18
|
+
)
|
19
|
+
end
|
20
|
+
|
21
|
+
def get_secret(url)
|
22
|
+
HTTParty.get(
|
23
|
+
url,
|
24
|
+
headers: {
|
25
|
+
Authorization: "Bearer #{access_token}",
|
26
|
+
},
|
27
|
+
)
|
28
|
+
end
|
29
|
+
|
30
|
+
private
|
31
|
+
|
32
|
+
def access_token
|
33
|
+
return @access_token if instance_variable_defined?(:@access_token)
|
34
|
+
@access_token = ENV['AZURE_KEY_VAULT_ACCESS_TOKEN']
|
35
|
+
|
36
|
+
raise 'KmsCredentials AzureKeyVault EnvAccessToken unable to get access token' unless @access_token
|
37
|
+
@access_token
|
38
|
+
end
|
39
|
+
|
40
|
+
end
|
41
|
+
|
42
|
+
add(:env_access_token, EnvAccessToken)
|
43
|
+
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
@@ -28,3 +28,4 @@ require 'rails_kms_credentials/store/azure_key_vault/client/base'
|
|
28
28
|
require 'rails_kms_credentials/store/azure_key_vault/client/aks_workload_identity'
|
29
29
|
require 'rails_kms_credentials/store/azure_key_vault/client/client_credentials'
|
30
30
|
require 'rails_kms_credentials/store/azure_key_vault/client/managed_identity'
|
31
|
+
require 'rails_kms_credentials/store/azure_key_vault/client/env_access_token'
|
@@ -14,4 +14,4 @@ require 'rails_kms_credentials/railtie'
|
|
14
14
|
require 'rails_kms_credentials/version'
|
15
15
|
|
16
16
|
Rails::Application::Configuration.send(:include, RailsKmsCredentials::Configuration)
|
17
|
-
Rails::Application.send(:include, RailsKmsCredentials::Application)
|
17
|
+
Rails::Application.send(:include, RailsKmsCredentials::Application)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rails_kms_credentials
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Taylor Yelverton
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-07-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -82,6 +82,7 @@ files:
|
|
82
82
|
- lib/rails_kms_credentials/store/azure_key_vault/client/aks_workload_identity.rb
|
83
83
|
- lib/rails_kms_credentials/store/azure_key_vault/client/base.rb
|
84
84
|
- lib/rails_kms_credentials/store/azure_key_vault/client/client_credentials.rb
|
85
|
+
- lib/rails_kms_credentials/store/azure_key_vault/client/env_access_token.rb
|
85
86
|
- lib/rails_kms_credentials/store/azure_key_vault/client/managed_identity.rb
|
86
87
|
- lib/rails_kms_credentials/store/base.rb
|
87
88
|
- lib/rails_kms_credentials/version.rb
|