rails_kms_credentials 0.4.0 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +18 -0
  3. data/lib/rails_kms_credentials/store/azure_key_vault/client/env_access_token.rb +47 -0
  4. data/lib/rails_kms_credentials/store/azure_key_vault/client.rb +1 -0
  5. data/lib/rails_kms_credentials/version.rb +1 -1
  6. data/lib/rails_kms_credentials.rb +1 -1
  7. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '0213877dcffaf1fdd9c7fd105e3672896af45bac98016950253e51cc4506981e'
4
- data.tar.gz: 33db35c6bba9e87d1225d2bc9c69e6238079ff7e5c14aee0bbe78c08f382b4e7
3
+ metadata.gz: 1541f2dec831dfac6b5ffeefb2655fb54ebb25fe13b3dadbc180a0d665d6e135
4
+ data.tar.gz: 00e4ab56b77cbf3a92aaf0a1d833aab2984bc37fd834d97d8dcefe87fb1c853d
5
5
  SHA512:
6
- metadata.gz: 9d485d0f78de0d8c1f168ea1f3009a429e3bb0e7bac71ead622bf227f05509861c7525208532dd26c7a2330e48e062f06b751b1cfeba7e04d1e01c14e09c4a83
7
- data.tar.gz: ec94f342392a7d003b94cdd5e29c0409a4c6d6c9158a0fdc5b3cd459b779823f8fec577c29c7f51c6a54d13a0366ca54e4e7596a0093c5fb2ae99513272526ad
6
+ metadata.gz: 901b2ddeae2dd1a8e1c6394abde690aa73000620cad2e1485f9ce65d0835c355602de47357742f84233a2fcf9d884835cdbe534783edb79d62f3cdc0c3ce47be
7
+ data.tar.gz: f391e7dbd037edcd8f6608e92bc994a7508ae91605d329c9bb29aca1380a973a6b10960e59a5b8f9431f3ba312210595fcb1a47a51893a0460368d6e71d61e92
data/README.md CHANGED
@@ -44,6 +44,7 @@ Client | `client.type`
44
44
  ---|---
45
45
  [Managed Identity](#managed-identity) | `managed_identity`
46
46
  [Client Credentials](#client-credentials) | `client_credentials`
47
+ [Environment Access Token](#environment-access-token) | `env_access_token`
47
48
 
48
49
 
49
50
  ##### Managed Identity
@@ -58,9 +59,26 @@ Key | Description
58
59
  ##### Client Credentials
59
60
  This is the client to use when connecting from outside of Azure. [See here](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow).
60
61
 
62
+ You'll need to register an "App Registration" in Azure and grant it permission to access the Key vault secrets. [See the wiki page for morehelp](https://nuancewiki.atlassian.net/wiki/spaces/EN/pages/797409849/Azure+KMS+Credentials)
63
+
61
64
  **Config**
62
65
  Key | Description
63
66
  ---|---
64
67
  `client.tenant_id` | The directory tenant the application plans to operate against, in GUID or domain-name format.
65
68
  `client.client_id` | The application ID that's assigned to your app. You can find this information in the portal where you registered your app.
66
69
  `client.client_secret` | The client secret that you generated for your app in the app registration portal.
70
+
71
+ ##### Environment Access Token
72
+ This is the client to use when you have an access token that can be loaded by setting an Environment variable.
73
+
74
+ The `access_token` may be fetched via Azure CLI. For example, you could
75
+ authenticate via `az login`, then export the `access_token` into your session:
76
+
77
+ ```
78
+ az account get-access-token --resource "https://vault.azure.net" --query "accessToken" -o tsv
79
+ ```
80
+
81
+ **Config:**
82
+ Key | Description
83
+ ---|---
84
+ `client.type` | `env_access_token`
data/lib/rails_kms_credentials/store/azure_key_vault/client/env_access_token.rb ADDED
@@ -0,0 +1,47 @@
1
+ # frozen_string_literal: true
2
+
3
+ module RailsKmsCredentials
4
+ module Store
5
+ module AzureKeyVault
6
+ module Client
7
+ class EnvAccessToken < Base
8
+ def initialize(*)
9
+ super
10
+ end
11
+
12
+ def get_secrets_list(url)
13
+ HTTParty.get(
14
+ url,
15
+ headers: {
16
+ Authorization: "Bearer #{access_token}",
17
+ },
18
+ )
19
+ end
20
+
21
+ def get_secret(url)
22
+ HTTParty.get(
23
+ url,
24
+ headers: {
25
+ Authorization: "Bearer #{access_token}",
26
+ },
27
+ )
28
+ end
29
+
30
+ private
31
+
32
+ def access_token
33
+ return @access_token if instance_variable_defined?(:@access_token)
34
+ @access_token = ENV['AZURE_KEY_VAULT_ACCESS_TOKEN']
35
+
36
+ raise 'KmsCredentials AzureKeyVault EnvAccessToken unable to get access token' unless @access_token
37
+ @access_token
38
+ end
39
+
40
+ end
41
+
42
+ add(:env_access_token, EnvAccessToken)
43
+
44
+ end
45
+ end
46
+ end
47
+ end
data/lib/rails_kms_credentials/store/azure_key_vault/client.rb CHANGED
@@ -28,3 +28,4 @@ require 'rails_kms_credentials/store/azure_key_vault/client/base'
28
28
  require 'rails_kms_credentials/store/azure_key_vault/client/aks_workload_identity'
29
29
  require 'rails_kms_credentials/store/azure_key_vault/client/client_credentials'
30
30
  require 'rails_kms_credentials/store/azure_key_vault/client/managed_identity'
31
+ require 'rails_kms_credentials/store/azure_key_vault/client/env_access_token'
data/lib/rails_kms_credentials/version.rb CHANGED
@@ -4,7 +4,7 @@ module RailsKmsCredentials
4
4
 
5
5
  module Version
6
6
  MAJOR = 0
7
- MINOR = 4
7
+ MINOR = 5
8
8
  PATCH = 0
9
9
 
10
10
  end
data/lib/rails_kms_credentials.rb CHANGED
@@ -14,4 +14,4 @@ require 'rails_kms_credentials/railtie'
14
14
  require 'rails_kms_credentials/version'
15
15
 
16
16
  Rails::Application::Configuration.send(:include, RailsKmsCredentials::Configuration)
17
- Rails::Application.send(:include, RailsKmsCredentials::Application)
17
+ Rails::Application.send(:include, RailsKmsCredentials::Application)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails_kms_credentials
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Taylor Yelverton
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-04-05 00:00:00.000000000 Z
11
+ date: 2024-07-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -82,6 +82,7 @@ files:
82
82
  - lib/rails_kms_credentials/store/azure_key_vault/client/aks_workload_identity.rb
83
83
  - lib/rails_kms_credentials/store/azure_key_vault/client/base.rb
84
84
  - lib/rails_kms_credentials/store/azure_key_vault/client/client_credentials.rb
85
+ - lib/rails_kms_credentials/store/azure_key_vault/client/env_access_token.rb
85
86
  - lib/rails_kms_credentials/store/azure_key_vault/client/managed_identity.rb
86
87
  - lib/rails_kms_credentials/store/base.rb
87
88
  - lib/rails_kms_credentials/version.rb