secret_config 0.3.1 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 91d5d3ac77971215c58fd3738fab99f0a80df34535b31f46eb1f51e8b33f6a49
-  data.tar.gz: 002a92d28752f9d7f6677c90233dd4362e84ff2dba961d42e3f12f3a8c6ad746
+  metadata.gz: 2d046c2ff5be65ccdd09c1fdb82fe28df303ec584ce89c4201320529d53025da
+  data.tar.gz: 5f4973a7b9ae821ac9b511569873dff21f427793d59e846999d419473efdc022
 SHA512:
-  metadata.gz: 81a5075b68b5e13d2c541c03787e91691f4d3f41b63547e0d1240150bd187d50ef4f6ddaebf350cc157c0fa0c6297cf503e3b4c106397568934b8d8dcdf902a4
-  data.tar.gz: 7cd829cc7ae114d96f96402956f178a40d9df0a66fecc948902bed60696968ed9da1c5cf4d6c4e35eccc711d4aa6487775e86daf430110df6b833b558275f19e
+  metadata.gz: 47788fa5c66536ba5bb36eed0ba86866375400375d0474e5b566da775db3cf7142682ac34075cb9a18c787bba0c31a892613db5283e48e47191ea98b0a5a97b7
+  data.tar.gz: f75ce0f2542a8dbde1e912a5a7bd1fec02e9b2c97fed42018dab8b7bbd84e9850a2c872aac8a0497f9bfea6042a566bc12f6345e3c26a84a5e1f8baf13513125

data/README.md

@@ -78,11 +78,24 @@ to flatten everything into a single level.
 
 Note: Do not put any production credentials into this file.
 
-### Usage
+### Environment Variables
+
+Any of the above values can be overridden with an environment variable.
+
+To overwrite any of these settings with an environment variable:
+
+* Join the keys together with an '_'
+* Convert to uppercase
+
+For example, `mysql/host` can be overridden with the env var:
+
+    export MYSQL_HOST=test.server
+
+### Applying to existing config files
 
 Go through all the configuration files and look for sensitive data such as passwords:
 
-Example `database.yml`:
+Example, an unchanged common `database.yml`:
 
 ~~~yaml
 defaults: &defaults
@@ -136,6 +149,45 @@ production:
 
 Since the secrets are externalized the configuration between environments is simpler.
 
+### Replacing custom config files
+
+When writing new components or gems, instead of requiring a proprietary config file, refer
+to the settings programmatically:
+
+For example, somewhere in your codebase you need a persistent http connection:
+
+~~~ruby
+  def http_client
+    @http_client ||=
+      PersistentHTTP.new(
+        name:         'HTTPClient',
+        url:          SecretConfig.fetch('http_client/url'),
+        logger:       logger,
+        pool_size:    SecretConfig.fetch('http_client/pool_size', type: :integer, default: 10),
+        warn_timeout: SecretConfig.fetch('http_client/warn_timeout', type: :float, default: 0.25),
+        open_timeout: SecretConfig.fetch('http_client/open_timeout', type: :float, default: 30),
+        read_timeout: SecretConfig.fetch('http_client/read_timeout', type: :float, default: 30),
+        force_retry:  true
+      )
+  end
+~~~
+
+Then the application that uses the above library / gem just needs to add the relevant entries to their
+`application.rb` file:
+
+~~~yaml
+http_client:
+  url:          https://test.example.com  
+  pool_size:    20
+  open_timeout: secret_configrules
+~~~
+
+This avoids a custom config file just for the above library.
+
+Additionally the values can be overridden with environment variables at any time:
+
+    export HTTP_CLIENT_URL=https://production.example.com  
+
 ## Configuration
 
 Add the following line to Gemfile
@@ -143,7 +195,7 @@ Add the following line to Gemfile
     gem "secret_config"
 
 Out of the box Secret Config will look in the local file system for the file `config/application.yml`
-as covered above. By default it will use env var `RAILS_ENV` to define the root path to look under for settings.
+as covered above. By default it will use env var `RAILS_ENV` to define the path to look under for settings.
 
 The default settings are great for getting started in development and test, but should not be used in production. 
 
@@ -153,11 +205,11 @@ AWS System Manager Parameter Store:
 ~~~ruby
 Rails.application.configure do
   # Read configuration from AWS Parameter Store
-  config.secret_config.use :ssm, root: '/production/my_application'
+  config.secret_config.use :ssm, path: '/production/my_application'
 end
 ~~~
 
-`root` is the path from which the configuration data will be read. This path uniquely identifies the
+`path` is the path from which the configuration data will be read. This path uniquely identifies the
 configuration for this instance of the application.
 
 If we need 2 completely separate instances of the application running in a single AWS account then we could use
@@ -169,8 +221,8 @@ multiple paths. For example:
     /production/instance1/my_application
     /production/instance2/my_application
     
-The root path is completely flexible, but must be unique for every AWS account under which the application will run.
-The same root path can be used in different AWS accounts though. It is also not replicated across regions.
+The `path` is completely flexible, but must be unique for every AWS account under which the application will run.
+The same `path` can be used in different AWS accounts though. It is also not replicated across regions.
 
 When writing settings to the parameter store, it is recommended to use a custom KMS key to encrypt the values.
 To supply the key to encrypt the values with, add the `key_id` parameter: 
@@ -180,7 +232,7 @@ Rails.application.configure do
   # Read configuration from AWS Parameter Store
   config.secret_config.use :ssm,
                            key_id: 'alias/production/myapplication',
-                           root: '/production/my_application'
+                           path: '/production/my_application'
 end
 ~~~
 
@@ -191,7 +243,7 @@ will only read from the parameter store.
 
 ### Authorization
 
-The following policy needs to be added to the AMI Group under which the application will be running:
+The following policy needs to be added to the IAM Group under which the application will be running:
 
 ~~~json
 {
@@ -219,6 +271,56 @@ to view and modify parameters:
 - `ssm:GetParameters`
 - `ssm:GetParameter`
 
+## Command Line Interface
+
+Secret Config has a command line interface for exporting, importing and copying between paths in the registry.
+
+~~~
+secret_config [options]
+    -e, --export [FILE_NAME]         Export configuration to a file or stdout if no file_name supplied.
+    -i, --import [FILE_NAME]         Import configuration from a file or stdin if no file_name supplied.
+    -c, --copy SOURCE_PATH           Import configuration from a file or stdin if no file_name supplied.
+    -p, --path PATH                  Path to import from / export to.
+    -P, --provider PROVIDER          Provider to use. [ssm | file]. Default: ssm
+    -U, --no-filter                  Do not filter passwords and keys.
+    -k, --key KEY_ID | KEY_ALIAS     AWS KMS Key id or Key Alias to use when importing configuration values. Default: AWS Default key.
+    -r, --region REGION              AWS Region to use. Default: AWS_REGION env var.
+    -R, --random_size INTEGER        Size to use when generating random values. Whenever $random is encountered during an import. Default: 32
+    -v, --version                    Display Symmetric Encryption version.
+    -h, --help                       Prints this help.
+~~~
+
+### CLI Examples
+
+Export from a path in AWS SSM Parameter Store to a yaml file, where passwords are filtered:
+
+    secret_config --export test.yml --path /test/my_application
+
+Export from a path in AWS SSM Parameter Store to a yaml file, _without_ filtering out passwords:
+
+    secret_config --export test.yml --path /test/my_application --no-filter
+
+Export from a path in AWS SSM Parameter Store to a json file, where passwords are filtered:
+
+    secret_config --export test.json --path /test/my_application
+
+Import a yaml file, into a path in AWS SSM Parameter Store:
+
+    secret_config --import test.yml --path /production/my_application
+
+Import a yaml file, into a path in AWS SSM Parameter Store, using a custom KMS key to encrypt the values:
+
+    secret_config --import test.yml --path /production/my_application --key_id "arn:aws:kms:us-east-1:23643632463:key/UUID"
+
+Copy configuration from one path in AWS SSM Parameter Store to another path in AWS SSM Parameter Store:
+
+    secret_config --copy /test/my_application --path /production/my_application
+
+During an `import` or `copy` if any of the source values consist only of `$random`, 
+they will be replaced with a secure 32 byte random value.
+This is deal for when a secure random password needs to be generated. 
+Use `--random_size` to adjust the length of the randomized string.
+
 ## Versioning
 
 This project adheres to [Semantic Versioning](http://semver.org/).

data/bin/secret_config

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib'
+
+require 'secret_config'
+
+SecretConfig::CLI.run!(ARGV)

data/lib/secret_config/cli.rb

@@ -0,0 +1,232 @@
+require 'optparse'
+require 'fileutils'
+require 'erb'
+require 'yaml'
+require 'json'
+require 'securerandom'
+
+module SecretConfig
+  class CLI
+    attr_reader :path, :region, :provider,
+                :export, :no_filter,
+                :import, :key_id, :random_size, :prune, :overwrite,
+                :copy_path,
+                :show_version
+
+    PROVIDERS = %i[ssm].freeze
+
+    def self.run!(argv)
+      new(argv).run!
+    end
+
+    def initialize(argv)
+      @export       = false
+      @import       = false
+      @path         = nil
+      @key_id       = nil
+      @region       = ENV['AWS_REGION']
+      @provider     = :ssm
+      @random_size  = 32
+      @no_filter    = false
+      @prune        = false
+      @replace      = false
+      @copy_path    = nil
+      @show_version = false
+
+      if argv.empty?
+        puts parser
+        exit(-10)
+      end
+      parser.parse!(argv)
+    end
+
+    def run!
+      if show_version
+        puts "Secret Config v#{VERSION}"
+        puts "Region: #{region}"
+      elsif export
+        run_export(export, filtered: !no_filter)
+      elsif import
+        run_import(import)
+      elsif copy_path
+        run_copy(copy_path, path)
+      else
+        puts parser
+      end
+    end
+
+    def parser
+      @parser ||= OptionParser.new do |opts|
+        opts.banner = <<~BANNER
+          Secret Config v#{VERSION}
+
+            For more information, see: https://rocketjob.github.io/secret_config/
+
+          secret_config [options]
+        BANNER
+
+        opts.on '-e', '--export [FILE_NAME]', 'Export configuration to a file or stdout if no file_name supplied.' do |file_name|
+          @export = file_name || STDOUT
+        end
+
+        opts.on '-i', '--import [FILE_NAME]', 'Import configuration from a file or stdin if no file_name supplied.' do |file_name|
+          @import = file_name || STDIN
+        end
+
+        opts.on '-c', '--copy SOURCE_PATH', 'Import configuration from a file or stdin if no file_name supplied.' do |path|
+          @copy_path = path
+        end
+
+        opts.on '-p', '--path PATH', 'Path to import from / export to.' do |path|
+          @path = path
+        end
+
+        opts.on '-P', '--provider PROVIDER', 'Provider to use. [ssm | file]. Default: ssm' do |provider|
+          @provider = provider.to_sym
+        end
+
+        opts.on '-U', '--no-filter', 'Do not filter passwords and keys.' do
+          @no_filter = true
+        end
+
+        # TODO:
+        # opts.on '-Q', '--prune', 'During import delete all existing keys for which their is no key in the import file' do
+        #   @prune = true
+        # end
+        #
+        # opts.on '-r', '--replace', 'During import replace existing keys if present' do
+        #   @replace = true
+        # end
+
+        opts.on '-k', '--key_id KEY_ID', 'AWS KMS Key id or Key Alias to use when importing configuration values. Default: AWS Default key.' do |key_id|
+          @key_id = key_id
+        end
+
+        opts.on '-r', '--region REGION', 'AWS Region to use. Default: AWS_REGION env var.' do |region|
+          @region = region
+        end
+
+        opts.on '-R', '--random_size INTEGER', 'Size to use when generating random values. Whenever $random is encountered during an import. Default: 32' do |region|
+          @random_size = random_size
+        end
+
+        opts.on '-v', '--version', 'Display Symmetric Encryption version.' do
+          @show_version = true
+        end
+
+        opts.on('-h', '--help', 'Prints this help.') do
+          puts opts
+          exit
+        end
+      end
+    end
+
+    private
+
+    def provider_instance
+      @provider_instance ||= begin
+        case provider
+        when :ssm
+          Providers::Ssm.new(key_id: key_id)
+        else
+          raise ArgumentError, "Invalid provider: #{provider}"
+        end
+      end
+    end
+
+    def run_export(file_name, filtered: true)
+      config = fetch_config(path, filtered: filtered)
+
+      format = file_format(file_name)
+      data   = render(config, format)
+      write_file(file_name, data)
+
+      puts("Exported #{path} from #{provider} to #{file_name}") if file_name.is_a?(String)
+    end
+
+    def run_import(file_name)
+      format = file_format(file_name)
+      data   = read_file(file_name)
+      config = parse(data, format)
+      set_config(config, path)
+
+      puts("Imported #{file_name} to #{provider} at #{path}") if file_name.is_a?(String)
+    end
+
+    def run_copy(source_path, target_path)
+      config = fetch_config(source_path, filtered: false)
+
+      set_config(config, target_path)
+
+      puts "Copied #{source_path} to #{target_path} using #{provider}"
+    end
+
+    def set_config(config, path)
+      # TODO: prune, replace
+      Utils.flatten_each(config, path) do |key, value|
+        value = random_password if value.strip == '$random'
+        puts "Setting: #{key}"
+        provider_instance.set(key, value)
+      end
+    end
+
+    def fetch_config(path, filtered: true)
+      registry = Registry.new(path: path, provider: provider_instance)
+      filtered ? registry.configuration : registry.configuration(filters: nil)
+    end
+
+    def read_file(file_name_or_io)
+      return file_name_or_io.read unless file_name_or_io.is_a?(String)
+
+      ::File.new(file_name_or_io).read
+    end
+
+    def write_file(file_name_or_io, data)
+      return file_name_or_io.write(data) unless file_name_or_io.is_a?(String)
+
+      output_path = ::File.dirname(file_name_or_io)
+      FileUtils.mkdir_p(output_path) unless ::File.exist?(output_path)
+
+      ::File.open(file_name_or_io, 'w') { |io| io.write(data) }
+    end
+
+    def render(hash, format)
+      case format
+      when :yml
+        hash.to_yaml
+      when :json
+        hash.to_json
+      else
+        raise ArgumentError, "Invalid format: #{format.inspect}"
+      end
+    end
+
+    def parse(data, format)
+      case format
+      when :yml
+        YAML.load(ERB.new(data).result)
+      when :json
+        JSON.parse(data)
+      else
+        raise ArgumentError, "Invalid format: #{format.inspect}"
+      end
+    end
+
+    def file_format(file_name)
+      return :yml unless file_name.is_a?(String)
+
+      case File.extname(file_name).downcase
+      when '.yml', '.yaml'
+        :yml
+      when '.json'
+        :json
+      else
+        raise ArgumentError, "Import/Export file name must end with '.yml' or '.json'"
+      end
+    end
+
+    def random_password
+      SecureRandom.urlsafe_base64(random_size)
+    end
+  end
+end

data/lib/secret_config/providers/file.rb

@@ -20,7 +20,7 @@ module SecretConfig
 
         raise(ConfigError, "Path #{paths.join(".")} not found in file: #{file_name}") unless settings
 
-        flatten_each(path, settings, &block)
+        Utils.flatten_each(settings, path, &block)
         nil
       end
 
@@ -28,18 +28,6 @@ module SecretConfig
         raise NotImplementedError
       end
 
-      private
-
-      def flatten_each(path, hash, &block)
-        hash.each_pair do |key, value|
-          if value.is_a?(Hash)
-            flatten_each("#{path}/#{key}", value, &block)
-          else
-            key = "#{path}/#{key}" unless key.start_with?('/')
-            yield(key, value)
-          end
-        end
-      end
     end
   end
 end

data/lib/secret_config/railtie.rb

@@ -5,7 +5,7 @@ module SecretConfig
     # @example Set up configuration in the Rails app.
     #   module MyApplication
     #     class Application < Rails::Application
-    #       config.secret_config.use :file, root: '/development'
+    #       config.secret_config.use :file, path: '/development'
     #     end
     #   end
     config.secret_config = SecretConfig

data/lib/secret_config/registry.rb

@@ -5,20 +5,21 @@ module SecretConfig
   # Centralized configuration with values stored in AWS System Manager Parameter Store
   class Registry
     attr_reader :provider
-    attr_accessor :root
+    attr_accessor :path
 
-    def initialize(root:, provider:)
-      # TODO: Validate root starts with /, etc
-      @root     = root
-      @provider = provider
-      @registry = Concurrent::Map.new
+    def initialize(path: nil, provider: :file, provider_args: nil)
+      @path = path || default_path
+      raise(UndefinedRootError, 'Root must start with /') unless @path.start_with?('/')
+
+      @provider = create_provider(provider, provider_args)
+      @cache    = Concurrent::Map.new
       refresh!
     end
 
     # Returns [Hash] a copy of the in memory configuration data.
     def configuration(relative: true, filters: SecretConfig.filters)
       h = {}
-      registry.each_pair do |key, value|
+      cache.each_pair do |key, value|
         key   = relative_key(key) if relative
         value = filter_value(key, value, filters)
         decompose(key, value, h)
@@ -28,19 +29,19 @@ module SecretConfig
 
     # Returns [String] configuration value for the supplied key, or nil when missing.
     def [](key)
-      registry[expand_key(key)]
+      cache[expand_key(key)]
     end
 
     # Returns [String] configuration value for the supplied key, or nil when missing.
     def key?(key)
-      registry.key?(expand_key(key))
+      cache.key?(expand_key(key))
     end
 
     # Returns [String] configuration value for the supplied key
     def fetch(key, default: nil, type: :string, encoding: nil)
       value = self[key]
       if value.nil?
-        raise(MissingMandatoryKey, "Missing configuration value for #{root}/#{key}") unless default
+        raise(MissingMandatoryKey, "Missing configuration value for #{path}/#{key}") unless default
 
         value = default.respond_to?(:call) ? default.call : default
       end
@@ -53,28 +54,28 @@ module SecretConfig
     def set(key:, value:, encrypt: true)
       key = expand_key(key)
       provider.set(key, value, encrypt: true)
-      registry[key] = value
+      cache[key] = value
     end
 
     # Refresh the in-memory cached copy of the centralized configuration information.
     # Environment variable values will take precendence over the central store values.
     def refresh!
-      existing_keys = registry.keys
+      existing_keys = cache.keys
       updated_keys  = []
-      provider.each(root) do |key, value|
-        registry[key] = env_var_override(key, value)
+      provider.each(path) do |key, value|
+        cache[key] = env_var_override(key, value)
         updated_keys << key
       end
 
-      # Remove keys deleted from the registry.
-      (existing_keys - updated_keys).each { |key| registry.delete(key) }
+      # Remove keys deleted from the central registry.
+      (existing_keys - updated_keys).each { |key| provider.delete(key) }
 
       true
     end
 
     private
 
-    attr_reader :registry
+    attr_reader :cache
 
     # Returns the value from an env var if it is present,
     # Otherwise the value is returned unchanged.
@@ -83,22 +84,21 @@ module SecretConfig
       ENV[env_var_name] || value
     end
 
-    # Add the root to the path if it is a relative path.
+    # Add the path to the path if it is a relative path.
     def expand_key(key)
-      key.start_with?('/') ? key : "#{root}/#{key}"
+      key.start_with?('/') ? key : "#{path}/#{key}"
     end
 
-    # Convert the key to a relative path by removing the
-    # root path.
+    # Convert the key to a relative path by removing the path.
     def relative_key(key)
-      key.start_with?('/') ? key.sub("#{root}/", '') : key
+      key.start_with?('/') ? key.sub("#{path}/", '') : key
     end
 
     def filter_value(key, value, filters)
       return value unless filters
 
       _, name = File.split(key)
-      filter = filters.any? do |filter|
+      filter  = filters.any? do |filter|
         filter.is_a?(Regexp) ? name =~ filter : name == filter
       end
 
@@ -144,5 +144,21 @@ module SecretConfig
       end
     end
 
+    # Create a new provider instance unless it is alread a provider instance.
+    def create_provider(provider, args = nil)
+      return provider if provider.respond_to?(:each) && provider.respond_to?(:set)
+
+      klass = Utils.constantize_symbol(provider)
+      args && args.size > 0 ? klass.new(**args) : klass.new
+    end
+
+    def default_path
+      path = ENV["SECRET_CONFIG_PATH"] || ENV["RAILS_ENV"]
+      path = Rails.env if path.nil? && defined?(Rails) && Rails.respond_to?(:env)
+
+      raise(UndefinedRootError, "Either set env var 'SECRET_CONFIG_PATH' or call SecretConfig.use") unless path
+
+      path.start_with?('/') ? path : "/#{path}"
+    end
   end
 end

data/lib/secret_config/utils.rb

@@ -0,0 +1,30 @@
+module SecretConfig
+  module Utils
+    # Takes a hierarchical structure and flattens it to a single level
+    # If path is supplied it is prepended to every key returned
+    def self.flatten_each(hash, path = nil, &block)
+      hash.each_pair do |key, value|
+        name = path.nil? ? key : "#{path}/#{key}"
+        value.is_a?(Hash) ? flatten_each(value, name, &block) : yield(name, value)
+      end
+    end
+
+    def self.constantize_symbol(symbol, namespace = 'SecretConfig::Providers')
+      klass = "#{namespace}::#{camelize(symbol.to_s)}"
+      begin
+        Object.const_get(klass)
+      rescue NameError
+        raise(ArgumentError, "Could not convert symbol: #{symbol.inspect} to a class in: #{namespace}. Looking for: #{klass}")
+      end
+    end
+
+    # Borrow from Rails, when not running Rails
+    def self.camelize(term)
+      string = term.to_s
+      string = string.sub(/^[a-z\d]*/, &:capitalize)
+      string.gsub!(/(?:_|(\/))([a-z\d]*)/i) { "#{Regexp.last_match(1)}#{Regexp.last_match(2).capitalize}" }
+      string.gsub!('/'.freeze, '::'.freeze)
+      string
+    end
+  end
+end

data/lib/secret_config/version.rb

@@ -1,3 +1,3 @@
 module SecretConfig
-  VERSION = '0.3.1'
+  VERSION = '0.4.0'
 end

data/lib/secret_config.rb

@@ -11,6 +11,9 @@ module SecretConfig
     autoload :Ssm, 'secret_config/providers/ssm'
   end
 
+  autoload :CLI, 'secret_config/cli'
+  autoload :Utils, 'secret_config/utils'
+
   class << self
     extend Forwardable
 
@@ -25,33 +28,16 @@ module SecretConfig
   end
 
   # Which provider to use along with any arguments
-  # The root will be overriden by env var `SECRET_CONFIG_ROOT` if present.
-  def self.use(provider, root: nil, **args)
-    @provider = create_provider(provider, args)
-    @root     = ENV["SECRET_CONFIG_ROOT"] || root
-    @registry = nil if @registry
-  end
-
-  def self.root
-    @root ||= begin
-      root = ENV["SECRET_CONFIG_ROOT"] || ENV["RAILS_ENV"]
-      root = Rails.env if root.nil? && defined?(Rails) && Rails.respond_to?(:env)
-      raise(UndefinedRootError, "Either set env var 'SECRET_CONFIG_ROOT' or call SecretConfig.use") unless root
-      root = "/#{root}" unless root.start_with?('/')
-      root
-    end
-  end
-
-  # Returns the current provider.
-  # If `SecretConfig.use` was not called previously it automatically use the file based provider.
-  def self.provider
-    @provider ||= begin
-      create_provider(:file)
-    end
+  # The path will be overriden by env var `SECRET_CONFIG_PATH` if present.
+  def self.use(provider, path: nil, **args)
+    path      ||= ENV["SECRET_CONFIG_PATH"]
+    @registry = SecretConfig::Registry.new(path: path, provider: provider, provider_args: args)
   end
 
+  # Returns the global registry.
+  # Unless `.use` was called above, it will default to a file provider.
   def self.registry
-    @registry ||= SecretConfig::Registry.new(root: root, provider: provider)
+    @registry ||= SecretConfig::Registry.new
   end
 
   # Filters to apply when returning the configuration
@@ -77,34 +63,4 @@ module SecretConfig
 
   @check_env_var = true
   @filters       = [/password/, 'key', /secret_key/]
-
-  # Create a new provider instance unless it is alread a provider instance.
-  def self.create_provider(provider, args = nil)
-    return provider if provider.respond_to?(:each) && provider.respond_to?(:set)
-
-    klass = constantize_symbol(provider)
-    args && args.size > 0 ? klass.new(**args) : klass.new
-  end
-
-  def implementation
-    @implementation ||= constantize_symbol(provider).new
-  end
-
-  def self.constantize_symbol(symbol, namespace = 'SecretConfig::Providers')
-    klass = "#{namespace}::#{camelize(symbol.to_s)}"
-    begin
-      Object.const_get(klass)
-    rescue NameError
-      raise(ArgumentError, "Could not convert symbol: #{symbol.inspect} to a class in: #{namespace}. Looking for: #{klass}")
-    end
-  end
-
-  # Borrow from Rails, when not running Rails
-  def self.camelize(term)
-    string = term.to_s
-    string = string.sub(/^[a-z\d]*/, &:capitalize)
-    string.gsub!(/(?:_|(\/))([a-z\d]*)/i) { "#{Regexp.last_match(1)}#{Regexp.last_match(2).capitalize}" }
-    string.gsub!('/'.freeze, '::'.freeze)
-    string
-  end
 end

data/test/config/application.yml

@@ -2,7 +2,7 @@
 # These are for development and test only.
 
 #
-# Development - Local - Root: '/development/my_application'
+# Development - Local - Root: '/test/my_application'
 #
 development:
   my_application:

data/test/providers/file_test.rb

@@ -7,23 +7,23 @@ module Providers
         File.join(File.dirname(__FILE__), '..', 'config', 'application.yml')
       end
 
-      let :root do
-        "/development/my_application"
+      let :path do
+        "/test/my_application"
       end
 
       let :expected do
         {
-          "/development/my_application/mongo/database"               => "secret_config_development",
-          "/development/my_application/mongo/primary"                => "127.0.0.1:27017",
-          "/development/my_application/mongo/secondary"              => "127.0.0.1:27018",
-          "/development/my_application/mysql/database"               => "secret_config_development",
-          "/development/my_application/mysql/password"               => "secret_configrules",
-          "/development/my_application/mysql/username"               => "secret_config",
-          "/development/my_application/mysql/host"                   => "127.0.0.1",
-          "/development/my_application/secrets/secret_key_base"      => "somereallylongstring",
-          "/development/my_application/symmetric_encryption/key"     => "QUJDREVGMTIzNDU2Nzg5MEFCQ0RFRjEyMzQ1Njc4OTA=",
-          "/development/my_application/symmetric_encryption/version" => 2,
-          "/development/my_application/symmetric_encryption/iv"      => "QUJDREVGMTIzNDU2Nzg5MA=="
+          "/test/my_application/mongo/database"               => "secret_config_test",
+          "/test/my_application/mongo/primary"                => "127.0.0.1:27017",
+          "/test/my_application/mongo/secondary"              => "127.0.0.1:27018",
+          "/test/my_application/mysql/database"               => "secret_config_test",
+          "/test/my_application/mysql/password"               => "secret_configrules",
+          "/test/my_application/mysql/username"               => "secret_config",
+          "/test/my_application/mysql/host"                   => "127.0.0.1",
+          "/test/my_application/secrets/secret_key_base"      => "somereallylongteststring",
+          "/test/my_application/symmetric_encryption/key"     => "QUJDREVGMTIzNDU2Nzg5MEFCQ0RFRjEyMzQ1Njc4OTA=",
+          "/test/my_application/symmetric_encryption/version" => 2,
+          "/test/my_application/symmetric_encryption/iv"      => "QUJDREVGMTIzNDU2Nzg5MA=="
         }
       end
 
@@ -31,7 +31,7 @@ module Providers
         it 'file' do
           file_provider = SecretConfig::Providers::File.new(file_name: file_name)
           paths         = {}
-          file_provider.each(root) { |key, value| paths[key] = value }
+          file_provider.each(path) { |key, value| paths[key] = value }
 
           expected.each_pair do |key, value|
             assert_equal value, paths[key], "Path: #{key}"

data/test/providers/ssm_test.rb

@@ -7,23 +7,23 @@ module Providers
         File.join(File.dirname(__FILE__), '..', 'config', 'application.yml')
       end
 
-      let :root do
-        "/development/my_application"
+      let :path do
+        "/test/my_application"
       end
 
       let :expected do
         {
-          "/development/my_application/mongo/database"               => "secret_config_development",
-          "/development/my_application/mongo/primary"                => "127.0.0.1:27017",
-          "/development/my_application/mongo/secondary"              => "127.0.0.1:27018",
-          "/development/my_application/mysql/database"               => "secret_config_development",
-          "/development/my_application/mysql/password"               => "secret_configrules",
-          "/development/my_application/mysql/username"               => "secret_config",
-          "/development/my_application/mysql/host"                   => "127.0.0.1",
-          "/development/my_application/secrets/secret_key_base"      => "somereallylongstring",
-          "/development/my_application/symmetric_encryption/key"     => "QUJDREVGMTIzNDU2Nzg5MEFCQ0RFRjEyMzQ1Njc4OTA=",
-          "/development/my_application/symmetric_encryption/version" => "2",
-          "/development/my_application/symmetric_encryption/iv"      => "QUJDREVGMTIzNDU2Nzg5MA=="
+          "/test/my_application/mongo/database"               => "secret_config_test",
+          "/test/my_application/mongo/primary"                => "127.0.0.1:27017",
+          "/test/my_application/mongo/secondary"              => "127.0.0.1:27018",
+          "/test/my_application/mysql/database"               => "secret_config_test",
+          "/test/my_application/mysql/password"               => "secret_configrules",
+          "/test/my_application/mysql/username"               => "secret_config",
+          "/test/my_application/mysql/host"                   => "127.0.0.1",
+          "/test/my_application/secrets/secret_key_base"      => "somereallylongteststring",
+          "/test/my_application/symmetric_encryption/key"     => "QUJDREVGMTIzNDU2Nzg5MEFCQ0RFRjEyMzQ1Njc4OTA=",
+          "/test/my_application/symmetric_encryption/version" => "2",
+          "/test/my_application/symmetric_encryption/iv"      => "QUJDREVGMTIzNDU2Nzg5MA=="
         }
       end
 
@@ -37,11 +37,11 @@ module Providers
         it 'fetches all keys in path' do
           ssm   = SecretConfig::Providers::Ssm.new
           paths = {}
-          ssm.each(root) { |key, value| paths[key] = value }
+          ssm.each(path) { |key, value| paths[key] = value }
 
           if paths.empty?
-            upload_settings(ssm) unless ssm.key?("/development/my_application/mongo/database")
-            ssm.each(root) { |key, value| paths[key] = value }
+            upload_settings(ssm) unless paths.key?("/test/my_application/mongo/database")
+            ssm.each(path) { |key, value| paths[key] = value }
           end
 
           expected.each_pair do |key, value|
@@ -52,7 +52,7 @@ module Providers
 
       def upload_settings(ssm)
         file_provider = SecretConfig::Providers::File.new(file_name: file_name)
-        file_provider.each(root) { |key, value| ap key; ssm.set(key, value) }
+        file_provider.each(path) { |key, value| ap key; ssm.set(key, value) }
       end
     end
   end

data/test/registry_test.rb

@@ -6,8 +6,8 @@ class RegistryTest < Minitest::Test
       File.join(File.dirname(__FILE__), 'config', 'application.yml')
     end
 
-    let :root do
-      "/development/my_application"
+    let :path do
+      "/test/my_application"
     end
 
     let :provider do
@@ -15,22 +15,22 @@ class RegistryTest < Minitest::Test
     end
 
     let :registry do
-      SecretConfig::Registry.new(root: root, provider: provider)
+      SecretConfig::Registry.new(path: path, provider: provider)
     end
 
     let :expected do
       {
-        "/development/my_application/mongo/database"               => "secret_config_development",
-        "/development/my_application/mongo/primary"                => "127.0.0.1:27017",
-        "/development/my_application/mongo/secondary"              => "127.0.0.1:27018",
-        "/development/my_application/mysql/database"               => "secret_config_development",
-        "/development/my_application/mysql/password"               => "secret_configrules",
-        "/development/my_application/mysql/username"               => "secret_config",
-        "/development/my_application/mysql/host"                   => "127.0.0.1",
-        "/development/my_application/secrets/secret_key_base"      => "somereallylongstring",
-        "/development/my_application/symmetric_encryption/key"     => "QUJDREVGMTIzNDU2Nzg5MEFCQ0RFRjEyMzQ1Njc4OTA=",
-        "/development/my_application/symmetric_encryption/version" => 2,
-        "/development/my_application/symmetric_encryption/iv"      => "QUJDREVGMTIzNDU2Nzg5MA=="
+        "/test/my_application/mongo/database"               => "secret_config_test",
+        "/test/my_application/mongo/primary"                => "127.0.0.1:27017",
+        "/test/my_application/mongo/secondary"              => "127.0.0.1:27018",
+        "/test/my_application/mysql/database"               => "secret_config_test",
+        "/test/my_application/mysql/password"               => "secret_configrules",
+        "/test/my_application/mysql/username"               => "secret_config",
+        "/test/my_application/mysql/host"                   => "127.0.0.1",
+        "/test/my_application/secrets/secret_key_base"      => "somereallylongteststring",
+        "/test/my_application/symmetric_encryption/key"     => "QUJDREVGMTIzNDU2Nzg5MEFCQ0RFRjEyMzQ1Njc4OTA=",
+        "/test/my_application/symmetric_encryption/version" => 2,
+        "/test/my_application/symmetric_encryption/iv"      => "QUJDREVGMTIzNDU2Nzg5MA=="
       }
     end
 
@@ -51,7 +51,7 @@ class RegistryTest < Minitest::Test
     describe '#key?' do
       it 'has key' do
         expected.each_pair do |key, value|
-          key = key.sub("#{root}/", "")
+          key = key.sub("#{path}/", "")
           assert registry.key?(key), "Path: #{key}"
         end
       end
@@ -61,14 +61,14 @@ class RegistryTest < Minitest::Test
       end
 
       it 'returns nil with missing full key' do
-        refute registry.key?("/development/invalid/path")
+        refute registry.key?("/test/invalid/path")
       end
     end
 
     describe '#[]' do
       it 'returns values' do
         expected.each_pair do |key, value|
-          key = key.sub("#{root}/", "")
+          key = key.sub("#{path}/", "")
           assert_equal value, registry[key], "Path: #{key}"
         end
       end
@@ -78,14 +78,14 @@ class RegistryTest < Minitest::Test
       end
 
       it 'returns nil with missing full key' do
-        assert_nil registry["/development/invalid/path"]
+        assert_nil registry["/test/invalid/path"]
       end
     end
 
     describe '#fetch' do
       it 'returns values' do
         expected.each_pair do |key, value|
-          key = key.sub("#{root}/", "")
+          key = key.sub("#{path}/", "")
           assert_equal value, registry.fetch(key), "Path: #{key}"
         end
       end
@@ -98,12 +98,12 @@ class RegistryTest < Minitest::Test
 
       it 'returns nil with missing full key' do
         assert_raises SecretConfig::MissingMandatoryKey do
-          registry.fetch("/development/invalid/path")
+          registry.fetch("/test/invalid/path")
         end
       end
 
       it 'returns default with missing key' do
-        assert_equal "default_value", registry.fetch("/development/invalid/path", default: "default_value")
+        assert_equal "default_value", registry.fetch("/test/invalid/path", default: "default_value")
       end
 
       it 'converts to integer' do

data/test/secret_config_test.rb

@@ -6,12 +6,12 @@ class SecretConfigTest < Minitest::Test
       File.join(File.dirname(__FILE__), 'config', 'application.yml')
     end
 
-    let :root do
-      "/development/my_application"
+    let :path do
+      "/test/my_application"
     end
 
     before do
-      SecretConfig.use :file, root: root, file_name: file_name
+      SecretConfig.use :file, path: path, file_name: file_name
     end
 
     describe '#configuration' do
@@ -28,19 +28,24 @@ class SecretConfigTest < Minitest::Test
 
     describe '#[]' do
       it 'returns values' do
-        assert_equal "secret_config_development", SecretConfig["mysql/database"]
+        assert_equal "secret_config_test", SecretConfig["mysql/database"]
       end
     end
 
     describe '#fetch' do
+      after do
+        ENV['MYSQL_DATABASE'] = nil
+      end
+
       it 'fetches values' do
-        assert_equal "secret_config_development", SecretConfig.fetch("mysql/database")
+        assert_equal "secret_config_test", SecretConfig.fetch("mysql/database")
       end
 
       it 'can be overridden by an environment variable' do
         ENV['MYSQL_DATABASE'] = 'other'
+
+        SecretConfig.use :file, path: path, file_name: file_name
         assert_equal "other", SecretConfig.fetch("mysql/database")
-        ENV['MYSQL_DATABASE'] = nil
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: secret_config
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.4.0
 platform: ruby
 authors:
 - Reid Morrison
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-04-17 00:00:00.000000000 Z
+date: 2019-04-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby
@@ -34,12 +34,15 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- bin/secret_config
 - lib/secret_config.rb
+- lib/secret_config/cli.rb
 - lib/secret_config/errors.rb
 - lib/secret_config/providers/file.rb
 - lib/secret_config/providers/ssm.rb
 - lib/secret_config/railtie.rb
 - lib/secret_config/registry.rb
+- lib/secret_config/utils.rb
 - lib/secret_config/version.rb
 - test/config/application.yml
 - test/providers/file_test.rb