ruby_secret_store 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +50 -0
- data/Gemfile +4 -0
- data/LICENSE +21 -0
- data/README.md +34 -0
- data/Rakefile +8 -0
- data/lib/secret_store/reader.rb +74 -0
- data/lib/secret_store/version.rb +3 -0
- data/lib/secret_store.rb +14 -0
- data/ruby_secret_store.gemspec +23 -0
- metadata +82 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 73335efc8d4d7fc459accbb0a351b4686b3d07c5
|
4
|
+
data.tar.gz: 839b82b6e4b75dff84d28bb8289214c305086856
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 3b960ff42ca01e93aa836e7b70ca735ccd2b01ede04d23d98adf52d77af11743a5dd5b606027b04ee8342818cc74e41b7ef06bbb4acd6933094f73649e84e219
|
7
|
+
data.tar.gz: 15f8c9fc958ca21d4fefd17169ae1ea0542cc8919caf19373948c9be20edeb54a2a8e51cf9ed5345b4bce0c3210bc18ed48afc6780f49bd43219661abc448e37
|
data/.gitignore
ADDED
@@ -0,0 +1,50 @@
|
|
1
|
+
*.gem
|
2
|
+
*.rbc
|
3
|
+
/.config
|
4
|
+
/coverage/
|
5
|
+
/InstalledFiles
|
6
|
+
/pkg/
|
7
|
+
/spec/reports/
|
8
|
+
/spec/examples.txt
|
9
|
+
/test/tmp/
|
10
|
+
/test/version_tmp/
|
11
|
+
/tmp/
|
12
|
+
|
13
|
+
# Used by dotenv library to load environment variables.
|
14
|
+
# .env
|
15
|
+
|
16
|
+
## Specific to RubyMotion:
|
17
|
+
.dat*
|
18
|
+
.repl_history
|
19
|
+
build/
|
20
|
+
*.bridgesupport
|
21
|
+
build-iPhoneOS/
|
22
|
+
build-iPhoneSimulator/
|
23
|
+
|
24
|
+
## Specific to RubyMotion (use of CocoaPods):
|
25
|
+
#
|
26
|
+
# We recommend against adding the Pods directory to your .gitignore. However
|
27
|
+
# you should judge for yourself, the pros and cons are mentioned at:
|
28
|
+
# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
|
29
|
+
#
|
30
|
+
# vendor/Pods/
|
31
|
+
|
32
|
+
## Documentation cache and generated files:
|
33
|
+
/.yardoc/
|
34
|
+
/_yardoc/
|
35
|
+
/doc/
|
36
|
+
/rdoc/
|
37
|
+
|
38
|
+
## Environment normalization:
|
39
|
+
/.bundle/
|
40
|
+
/vendor/bundle
|
41
|
+
/lib/bundler/man/
|
42
|
+
|
43
|
+
# for a library or gem, you might want to ignore these files since the code is
|
44
|
+
# intended to run in multiple environments; otherwise, check them in:
|
45
|
+
# Gemfile.lock
|
46
|
+
# .ruby-version
|
47
|
+
# .ruby-gemset
|
48
|
+
|
49
|
+
# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
|
50
|
+
.rvmrc
|
data/Gemfile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
MIT License
|
2
|
+
|
3
|
+
Copyright (c) 2018 Otto Group Solution Provider (OSP) GmbH
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
13
|
+
copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
21
|
+
SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
# SecretStore
|
2
|
+
|
3
|
+
Many secrets of a application, i.e. database credentials, are so far stored in environment variables.
|
4
|
+
In Docker environment reading those secrets from a file is preferred.
|
5
|
+
|
6
|
+
SecretStore helps to combine both approaches. A secret with a given name is at first attempted to be read as
|
7
|
+
an environment variable. Only if not found it is read from a file with the fixed name __/run/secrets/secret__,
|
8
|
+
that contains simple pairs of keys and values and is expected to be delivered by the docker engine as a secret.
|
9
|
+
|
10
|
+
## Installation
|
11
|
+
|
12
|
+
Add this line to your application's Gemfile:
|
13
|
+
|
14
|
+
```ruby
|
15
|
+
gem 'secret_store'
|
16
|
+
```
|
17
|
+
|
18
|
+
And then execute:
|
19
|
+
|
20
|
+
$ bundle
|
21
|
+
|
22
|
+
Or install it yourself as:
|
23
|
+
|
24
|
+
$ gem install secret_store
|
25
|
+
|
26
|
+
## Usage
|
27
|
+
|
28
|
+
For instance read the database user :
|
29
|
+
|
30
|
+
SecretStore[ :PASSWORD ]
|
31
|
+
|
32
|
+
## Development
|
33
|
+
|
34
|
+
## Contributing
|
data/Rakefile
ADDED
@@ -0,0 +1,74 @@
|
|
1
|
+
require 'yaml'
|
2
|
+
|
3
|
+
# Reader reads a configuration with a given name.
|
4
|
+
# Configuration is read in following order, first match is returned
|
5
|
+
# 1. Environment variable
|
6
|
+
# 2. Property File
|
7
|
+
class SecretStore::Reader
|
8
|
+
class << self
|
9
|
+
|
10
|
+
# If the given +name+ exists as environment variable it will returned
|
11
|
+
# otherwise it tries to find the given +name+ as property in the sceret files
|
12
|
+
# described in +SECRET_FILE_PATH+ environment variable.
|
13
|
+
def read(name)
|
14
|
+
str = name.to_s
|
15
|
+
env?(str) ? ENV[str] : properties[str]
|
16
|
+
end
|
17
|
+
|
18
|
+
private
|
19
|
+
|
20
|
+
# If the given +key+ exists as environment variable it will returned
|
21
|
+
def env(key)
|
22
|
+
str = key.to_s
|
23
|
+
env?(str) ? ENV[str] : nil
|
24
|
+
end
|
25
|
+
|
26
|
+
# Check if the given +key+ exists as environment variable.
|
27
|
+
def env?(key)
|
28
|
+
blank?(ENV[key])
|
29
|
+
end
|
30
|
+
|
31
|
+
# Check if the given +value+ is not empty.
|
32
|
+
def blank?(value)
|
33
|
+
value.nil? == false && value.empty? == false
|
34
|
+
end
|
35
|
+
|
36
|
+
# Returns a hash contains all loaded secret properties
|
37
|
+
def properties
|
38
|
+
@properties ||= load_files
|
39
|
+
end
|
40
|
+
|
41
|
+
# for testing
|
42
|
+
def reset
|
43
|
+
@properties = nil
|
44
|
+
end
|
45
|
+
|
46
|
+
# Loads the given +file+ as yaml file and puts the values into the given +hash+
|
47
|
+
def load_file( file, hash = {})
|
48
|
+
fail 'given file is nil' unless file
|
49
|
+
hash.merge!( YAML.load_file(file) )
|
50
|
+
end
|
51
|
+
|
52
|
+
def load_files( hash = {} )
|
53
|
+
|
54
|
+
files.inject(hash){|h,file|load_file(file,h)}
|
55
|
+
end
|
56
|
+
|
57
|
+
def files
|
58
|
+
locations.inject([]) do |ary,loc|
|
59
|
+
ary << loc if File.file?( loc )
|
60
|
+
ary.concat( Dir[ File.join(loc,'**/*.yml') ] ) if File.directory?(loc)
|
61
|
+
ary
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
def locations
|
66
|
+
if path = env( :SECRET_STORE_PATH )
|
67
|
+
path.split(':')
|
68
|
+
else
|
69
|
+
[ '/run/secrets/secret' ]
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
end # class << self
|
74
|
+
end # SecretStore::Reader
|
data/lib/secret_store.rb
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
lib = File.join( __dir__, 'lib' )
|
2
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
3
|
+
require "secret_store/version"
|
4
|
+
|
5
|
+
Gem::Specification.new do |spec|
|
6
|
+
spec.name = 'ruby_secret_store'
|
7
|
+
spec.version = SecretStore::VERSION
|
8
|
+
spec.authors = [ 'Thomas Manig', 'David Erler', 'Andre Kullmann' ]
|
9
|
+
spec.email = [ 'thomas.manig(at)ottogroup.com' ]
|
10
|
+
|
11
|
+
spec.summary = 'Read Secrets for Configuration from ENV and File'
|
12
|
+
spec.description = 'Read Secrets for Configuration from ENV and File'
|
13
|
+
spec.homepage = ''
|
14
|
+
|
15
|
+
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
16
|
+
f.match(%r{^(test|spec|features)/})
|
17
|
+
end
|
18
|
+
|
19
|
+
spec.require_paths = ["lib"]
|
20
|
+
|
21
|
+
spec.add_development_dependency "bundler", "~> 1.16"
|
22
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
23
|
+
end
|
metadata
ADDED
@@ -0,0 +1,82 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: ruby_secret_store
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Thomas Manig
|
8
|
+
- David Erler
|
9
|
+
- Andre Kullmann
|
10
|
+
autorequire:
|
11
|
+
bindir: bin
|
12
|
+
cert_chain: []
|
13
|
+
date: 2018-06-23 00:00:00.000000000 Z
|
14
|
+
dependencies:
|
15
|
+
- !ruby/object:Gem::Dependency
|
16
|
+
name: bundler
|
17
|
+
requirement: !ruby/object:Gem::Requirement
|
18
|
+
requirements:
|
19
|
+
- - "~>"
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '1.16'
|
22
|
+
type: :development
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
requirements:
|
26
|
+
- - "~>"
|
27
|
+
- !ruby/object:Gem::Version
|
28
|
+
version: '1.16'
|
29
|
+
- !ruby/object:Gem::Dependency
|
30
|
+
name: rake
|
31
|
+
requirement: !ruby/object:Gem::Requirement
|
32
|
+
requirements:
|
33
|
+
- - "~>"
|
34
|
+
- !ruby/object:Gem::Version
|
35
|
+
version: '10.0'
|
36
|
+
type: :development
|
37
|
+
prerelease: false
|
38
|
+
version_requirements: !ruby/object:Gem::Requirement
|
39
|
+
requirements:
|
40
|
+
- - "~>"
|
41
|
+
- !ruby/object:Gem::Version
|
42
|
+
version: '10.0'
|
43
|
+
description: Read Secrets for Configuration from ENV and File
|
44
|
+
email:
|
45
|
+
- thomas.manig(at)ottogroup.com
|
46
|
+
executables: []
|
47
|
+
extensions: []
|
48
|
+
extra_rdoc_files: []
|
49
|
+
files:
|
50
|
+
- ".gitignore"
|
51
|
+
- Gemfile
|
52
|
+
- LICENSE
|
53
|
+
- README.md
|
54
|
+
- Rakefile
|
55
|
+
- lib/secret_store.rb
|
56
|
+
- lib/secret_store/reader.rb
|
57
|
+
- lib/secret_store/version.rb
|
58
|
+
- ruby_secret_store.gemspec
|
59
|
+
homepage: ''
|
60
|
+
licenses: []
|
61
|
+
metadata: {}
|
62
|
+
post_install_message:
|
63
|
+
rdoc_options: []
|
64
|
+
require_paths:
|
65
|
+
- lib
|
66
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
67
|
+
requirements:
|
68
|
+
- - ">="
|
69
|
+
- !ruby/object:Gem::Version
|
70
|
+
version: '0'
|
71
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
requirements: []
|
77
|
+
rubyforge_project:
|
78
|
+
rubygems_version: 2.5.2.1
|
79
|
+
signing_key:
|
80
|
+
specification_version: 4
|
81
|
+
summary: Read Secrets for Configuration from ENV and File
|
82
|
+
test_files: []
|