ruby_secret_store 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 73335efc8d4d7fc459accbb0a351b4686b3d07c5
+  data.tar.gz: 839b82b6e4b75dff84d28bb8289214c305086856
+SHA512:
+  metadata.gz: 3b960ff42ca01e93aa836e7b70ca735ccd2b01ede04d23d98adf52d77af11743a5dd5b606027b04ee8342818cc74e41b7ef06bbb4acd6933094f73649e84e219
+  data.tar.gz: 15f8c9fc958ca21d4fefd17169ae1ea0542cc8919caf19373948c9be20edeb54a2a8e51cf9ed5345b4bce0c3210bc18ed48afc6780f49bd43219661abc448e37

data/.gitignore

@@ -0,0 +1,50 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+# Used by dotenv library to load environment variables.
+# .env
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+*.bridgesupport
+build-iPhoneOS/
+build-iPhoneSimulator/
+
+## Specific to RubyMotion (use of CocoaPods):
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+#
+# vendor/Pods/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc

data/Gemfile

@@ -0,0 +1,4 @@
+source "https://rubygems.org"
+
+puts "sss"
+gemspec

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Otto Group Solution Provider (OSP) GmbH
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,34 @@
+# SecretStore
+
+Many secrets of a application, i.e. database credentials, are so far stored in environment variables.
+In Docker environment reading those secrets from a file is preferred. 
+
+SecretStore helps to combine both approaches. A secret with a given name is at first attempted to be read as
+an environment variable. Only if not found it is read from a file with the fixed name __/run/secrets/secret__,
+that contains simple pairs of keys and values and is expected to be delivered by the docker engine as a secret.  
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'secret_store'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install secret_store
+
+## Usage
+
+For instance read the database user :
+
+SecretStore[ :PASSWORD ]
+
+## Development
+
+## Contributing

data/Rakefile

@@ -0,0 +1,8 @@
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+end
+
+desc "Run tests"
+task :default => :test

data/lib/secret_store/reader.rb

@@ -0,0 +1,74 @@
+require 'yaml'
+
+# Reader reads a configuration with a given name.
+# Configuration is read in following order, first match is returned
+# 1. Environment variable
+# 2. Property File
+class SecretStore::Reader
+    class << self
+
+        # If the given +name+ exists as environment variable it will returned 
+        # otherwise it tries to find the given +name+ as property in the sceret files
+        # described in +SECRET_FILE_PATH+ environment variable. 
+        def read(name)
+            str = name.to_s
+            env?(str) ? ENV[str] : properties[str]            
+        end
+
+        private
+
+        # If the given +key+ exists as environment variable it will returned
+        def env(key)       
+            str = key.to_s  
+            env?(str) ? ENV[str] : nil
+        end
+
+        # Check if the given +key+ exists as environment variable.
+        def env?(key)
+            blank?(ENV[key])
+        end    
+
+        # Check if the given +value+ is not empty.
+        def blank?(value)
+            value.nil? == false && value.empty? == false
+        end
+
+        # Returns a hash contains all loaded secret properties
+        def properties
+            @properties ||= load_files
+        end
+
+        # for testing
+        def reset
+            @properties = nil
+        end
+
+        # Loads the given +file+ as yaml file and puts the values into the given +hash+
+        def load_file( file, hash = {})
+            fail 'given file is nil' unless file
+            hash.merge!( YAML.load_file(file) )
+        end
+        
+        def load_files( hash = {} )
+            
+            files.inject(hash){|h,file|load_file(file,h)}
+        end
+
+        def files
+            locations.inject([]) do |ary,loc| 
+                ary << loc if File.file?( loc )
+                ary.concat( Dir[ File.join(loc,'**/*.yml') ] ) if File.directory?(loc)
+                ary
+            end
+        end
+
+        def locations  
+            if path = env( :SECRET_STORE_PATH )
+                path.split(':')
+            else
+                [ '/run/secrets/secret' ]
+            end        
+        end
+
+    end # class << self
+end # SecretStore::Reader

data/lib/secret_store/version.rb

@@ -0,0 +1,3 @@
+module SecretStore
+  VERSION = "0.1.1"
+end

data/lib/secret_store.rb

@@ -0,0 +1,14 @@
+require 'secret_store/version'
+require 'secret_store/reader'
+
+
+module SecretStore
+
+  module_function
+
+  def [](key)
+    SecretStore::Reader.read(key)
+  end
+  
+end
+

data/ruby_secret_store.gemspec

@@ -0,0 +1,23 @@
+lib = File.join( __dir__, 'lib' )
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "secret_store/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = 'ruby_secret_store'
+  spec.version       = SecretStore::VERSION
+  spec.authors       = [ 'Thomas Manig', 'David Erler', 'Andre Kullmann' ]
+  spec.email         = [ 'thomas.manig(at)ottogroup.com' ]
+
+  spec.summary       = 'Read Secrets for Configuration from ENV and File'
+  spec.description   = 'Read Secrets for Configuration from ENV and File'
+  spec.homepage      = ''
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.16"
+  spec.add_development_dependency "rake", "~> 10.0"
+end

metadata

@@ -0,0 +1,82 @@
+--- !ruby/object:Gem::Specification
+name: ruby_secret_store
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Thomas Manig
+- David Erler
+- Andre Kullmann
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-06-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: Read Secrets for Configuration from ENV and File
+email:
+- thomas.manig(at)ottogroup.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- lib/secret_store.rb
+- lib/secret_store/reader.rb
+- lib/secret_store/version.rb
+- ruby_secret_store.gemspec
+homepage: ''
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.2.1
+signing_key: 
+specification_version: 4
+summary: Read Secrets for Configuration from ENV and File
+test_files: []