sanctum 0.8.6.rc1 → 0.8.6.rc2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/lib/sanctum/command/diff_helper.rb +10 -0
  4. data/lib/sanctum/command/sanctum.example.yaml +14 -0
  5. data/lib/sanctum/vault_transit.rb +16 -0
  6. data/lib/sanctum/version.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b898d2e916e8ec1febdcaaa482017484aa1d2c0d7bb407cd0f1e93fb58615622
4
- data.tar.gz: 5f34552ae0916fdce2b8903e0548e3656a60e9f950b1e5a656a9f54d500f78f4
3
+ metadata.gz: ba4b9d50924b59fe4a6365a89832acc020c03652f9e13328884ef9eb9aa13243
4
+ data.tar.gz: e9d50c2a7ca6bb056fede8c907f7d6d76dac120882573080840d2bd789a2682e
5
5
  SHA512:
6
- metadata.gz: d72a9696fc57f35c6eb1da437069ba9eb369aec6ce871095296bdd09b753528ac8eeb5ed3023a52f3ae3826df81a5dd70dda8e19a07bdbf860ebd3fd761de895
7
- data.tar.gz: c63d24c16472a5170a54f3da4fa2ba5caf472f5cc5b25bbe3ce2d3bd8c41e087ff8efbc640289b45decdbaf74a7e32e30bbdfa5c8344fc33f4b79054808991cf
6
+ metadata.gz: d77c68c98546c98277e19ee8b6342cf9de622c9961502450d38a7ea3c2484bc6f65bf372c8a9bad75b3c977721bda24d08d4e22c7e80e46b6dcd0c0ad36da21b
7
+ data.tar.gz: 78a5cb4094ee395fb9660eb62a78bab20778968179f389180818df04d4774bc88e30a3bd9a9de99b17f44a4453a4d89161820076294ea0a57b84851b1deef2a8
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- sanctum (0.8.6.rc1)
4
+ sanctum (0.8.6.rc2)
5
5
  gli (~> 2.18)
6
6
  hashdiff (~> 0.3)
7
7
  tty-editor (~> 0.5)
data/lib/sanctum/command/diff_helper.rb CHANGED
@@ -5,6 +5,11 @@ module Sanctum
5
5
  module DiffHelper
6
6
 
7
7
  def hash_diff(first_hash, second_hash)
8
+ # Recently changed how data is written to local system and vault
9
+ # TODO: The transform_values can be removed at a later date
10
+ first_hash = first_hash.each { |_, v| v.transform_values!(&:to_s) }
11
+ second_hash = second_hash.each { |_, v| v.transform_values!(&:to_s) }
12
+
8
13
  differences = HashDiff.best_diff(first_hash, second_hash, delimiter: " => ", array_path: true)
9
14
 
10
15
  differences.each do |diff|
@@ -20,6 +25,11 @@ module Sanctum
20
25
  end
21
26
 
22
27
  def compare_secrets(vault_secrets, local_secrets, name, direction="both")
28
+ # Recently changed how data is written to local system and vault
29
+ # TODO: The transform_values can be removed at a later date
30
+ vault_secrets = vault_secrets.each { |_, v| v.transform_values!(&:to_s) }
31
+ local_secrets = local_secrets.each { |_, v| v.transform_values!(&:to_s) }
32
+
23
33
  if vault_secrets == local_secrets
24
34
  warn yellow("Target #{name}: contains no differences")
25
35
  else
data/lib/sanctum/command/sanctum.example.yaml CHANGED
@@ -44,3 +44,17 @@ sync:
44
44
  #transit_key: transit/keys/app-bar
45
45
  #secrets_version: 2
46
46
  #force: false
47
+ # Example shows if you need to specify multiple nested prefixs
48
+ # You will want to namespace the local `path`
49
+ #- name: app-baz-micro
50
+ #prefix: app-baz/prod/micro
51
+ #path: vault/app-baz-micro/prod/micro
52
+ #transit_key: transit/keys/app-baz-micro
53
+ #secrets_version: 2
54
+ #force: false
55
+ #- name: app-baz-all
56
+ #prefix: app-baz
57
+ #path: vault/app-baz-all/prod/micro
58
+ #transit_key: transit/keys/app-baz-all
59
+ #secrets_version: 2
60
+ #force: false
data/lib/sanctum/vault_transit.rb CHANGED
@@ -33,7 +33,15 @@ module Sanctum
33
33
  secrets
34
34
  end
35
35
 
36
+ # Writes secrets encrypted with transit to local files
37
+ #
38
+ # @param vault_client [VaultClient] client used interact with the vault api
39
+ # @param secrets [hash] {"/local/path": {key: value}}
40
+ # @param transit_key [String] key used to encrypt blobs via the transit backend
36
41
  def self.write_to_file(vault_client, secrets, transit_key)
42
+ # Coerce vault data values to strings
43
+ # To ensure a consistent experience pulling and pushing to vault
44
+ secrets.each { |_, v| v.transform_values!(&:to_s) }
37
45
  secrets = encrypt(vault_client, secrets, transit_key)
38
46
  secrets.each do |k, v|
39
47
  create_path(k)
@@ -41,8 +49,16 @@ module Sanctum
41
49
  end
42
50
  end
43
51
 
52
+ # Writes secrets to vault
53
+ #
54
+ # @param vault_client [VaultClient] client used to interact with the vault api
55
+ # @param secrets [hash] {"/vault/path": {key: value}}
56
+ # @param secrets_version [String] vault backend version[1, 2]
44
57
  def self.write_to_vault(vault_client, secrets, secrets_version="1")
45
58
  secrets.each do |k, v|
59
+ # Coerce vault data values to strings
60
+ # To ensure a consistent experience pulling and pushing to vault
61
+ v.transform_values!(&:to_s)
46
62
  secrets_version == "2" ? vault_client.logical.write(k, data: v) : vault_client.logical.write(k, v)
47
63
  end
48
64
  end
data/lib/sanctum/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Sanctum
2
- VERSION = "0.8.6.rc1"
2
+ VERSION = "0.8.6.rc2"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sanctum
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.6.rc1
4
+ version: 0.8.6.rc2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Corban Raun
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-03-08 00:00:00.000000000 Z
11
+ date: 2019-03-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gli