secret_config 0.8.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8df953d1a074c81118be3cc9458c9790b81fb72fbda9b075ae2a925393be657d
-  data.tar.gz: e1605d3af8e236b458f25e3d5e6b6bd801c9be1e7767d1925d851fc778478a98
+  metadata.gz: bcd736808cbbcc2366bd1e6f8ab87eedc17bbd45bae3492aa7f28b9d1c7be046
+  data.tar.gz: bcea91adfdfe4e3b0f57d78c4954b07e61234870d746aafddd35448ee524d298
 SHA512:
-  metadata.gz: 0d2527c9397af668b648e1cb4f49994db83bfc9ec0619435392f66b59556e5a67ffa2a1cbbff102d23dc5e23000f5cdd3e2344dd385e876b72951ac25fe70b52
-  data.tar.gz: c0a9f535b97e9e2cd2a1ea429b1464365a24d85ac269213548eda15318916490f7d59a2e5fb8eefc33b88a774c1e01ddff4ca6f4112451d61a09f440b9161cdb
+  metadata.gz: 9c12a1b4709b92c0db325f209ac36ca244bf8ac7acf518ff165ebdbbcb2a84a658c25cdee931c13e86ebba033e16998c7acd96e53e6da6021c086c350a1277c2
+  data.tar.gz: 87c131f25083a20a0850369704f36311d6ae6e25cc940ba76845a2fcc45cf758a00d513f8157c332defd402990eddd6fe65a3e22997b72e5693ccf147d21150a

data/README.md

@@ -5,6 +5,14 @@ Centralized Configuration and Secrets Management for Ruby and Rails applications
 
 Securely store configuration information centrally, supporting multiple tenants of the same application.
 
+## v0.9 Upgrade Notes
+
+Note that the command line program name has changed from `secret_config` to `secret-config`. 
+Be careful that the arguments have also changed. The arguments are now consistent across operations.
+The command line examples below have also been updated to reflect the changes. 
+ 
+Please run `secret-config --help` to see the new arguments and updated operations.  
+
 ## Overview
 
 Securely store centralized configuration information such as:
@@ -579,20 +587,26 @@ Available interpolations:
 Secret Config has a command line interface for exporting, importing and copying between paths in the registry.
 
 ~~~
-secret_config [options]
-    -e, --export [FILE_NAME]         Export configuration to a file or stdout if no file_name supplied.
-    -i, --import [FILE_NAME]         Import configuration from a file or stdin if no file_name supplied.
-    -C, --copy SOURCE_PATH           Import configuration from a file or stdin if no file_name supplied.
-    -D, --diff [FILE_NAME]           Compare configuration from a file or stdin if no file_name supplied.
+secret-config [options]
+    -e, --export SOURCE_PATH         Export configuration. Use --file to specify the file name, otherwise stdout is used.
+    -i, --import TARGET_PATH         Import configuration. Use --file to specify the file name, --path for the SOURCE_PATH, otherwise stdin is used.
+        --file FILE_NAME             Import/Export/Diff to/from this file.
+    -p, --path PATH                  Import/Export/Diff to/from this path.
+        --diff TARGET_PATH           Compare configuration to this path. Use --file to specify the source file name, --path for the SOURCE_PATH, otherwise stdin is used.
+    -s, --set KEY=VALUE              Set one key to value. Example: --set mysql/database=localhost
+    -f, --fetch KEY                  Fetch the value for one setting. Example: --fetch mysql/database.
+    -d, --delete KEY                 Delete one specific key.
+    -r, --delete-tree PATH           Recursively delete all keys under the specified path.
     -c, --console                    Start interactive console.
-    -p, --path PATH                  Path to import from / export to.
-    -P, --provider PROVIDER          Provider to use. [ssm | file]. Default: ssm
-    -U, --no-filter                  Do not filter passwords and keys.
-    -d, --prune                      During import delete all existing keys for which there is no key in the import file.
-    -k, --key_id KEY_ID              AWS KMS Key id or Key Alias to use when importing configuration values. Default: AWS Default key.
-    -r, --region REGION              AWS Region to use. Default: AWS_REGION env var.
-    -R, --random_size INTEGER        Size to use when generating random values. Whenever $random is encountered during an import. Default: 32
-    -v, --version                    Display Symmetric Encryption version.
+        --provider PROVIDER          Provider to use. [ssm | file]. Default: ssm
+        --no-filter                  For --export only. Do not filter passwords and keys.
+        --interpolate                For --export only. Evaluate string interpolation and __import__.
+        --prune                      For --import only. During import delete all existing keys for which there is no key in the import file. Only works with --import.
+        --force                      For --import only. Overwrite all values, not just the changed ones. Useful for changing the KMS key.
+        --key_id KEY_ID              For --import only. Encrypt config settings with this AWS KMS key id. Default: AWS Default key.
+        --key_alias KEY_ALIAS        For --import only. Encrypt config settings with this AWS KMS alias.
+        --random_size INTEGER        For --import only. Size to use when generating random values when $(random) is encountered in the source. Default: 32
+    -v, --version                    Display Secret Config version.
     -h, --help                       Prints this help.
 ~~~
 
@@ -624,18 +638,22 @@ secrets:
 
 Import a yaml file, into a path in AWS SSM Parameter Store:
 
-    secret_config --import production.yml --path /production/my_application
+    secret-config --import /production/my_application --path  production.yml
 
 Import a yaml file, into a path in AWS SSM Parameter Store, using a custom KMS key to encrypt the values:
 
-    secret_config --import production.yml --path /production/my_application --key_id "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+    secret-config --import /production/my_application --path production.yml --key_id "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+
+Import a yaml file, into a path in AWS SSM Parameter Store, using a custom KMS key alias to encrypt the values:
+
+    secret-config --import /production/my_application --path production.yml --key_alias my_key_alias
 
 #### Diff
 
 Before importing a new config file into the AWS SSM Parameter store, a diff can be performed to determine
 what the differences are that will be applied when the import is run with the `--prune` option.
 
-    secret_config --diff production.yml --path /production/my_application
+    secret-config --diff /production/my_application --path production.yml 
 
 Key:
 
@@ -650,15 +668,15 @@ Export the values from a specific path into a yaml or json file so that they are
 
 Export from a path in AWS SSM Parameter Store to a yaml file, where passwords are filtered:
 
-    secret_config --export production.yml --path /production/my_application
+    secret-config --export /production/my_application --file production.yml 
 
 Export from a path in AWS SSM Parameter Store to a yaml file, _without_ filtering out passwords:
 
-    secret_config --export production.yml --path /production/my_application --no-filter
+    secret-config --export /production/my_application --file production.yml --no-filter
 
 Export from a path in AWS SSM Parameter Store to a json file, where passwords are filtered:
 
-    secret_config --export production.json --path /production/my_application
+    secret-config --export /production/my_application --file production.json 
 
 #### Copy values between paths in AWS SSM parameter store
 
@@ -666,9 +684,9 @@ It can be useful to keep a "master" copy of the values for an environment or sta
 in AWS Parameter Store. Then for each stack or environment that is spun up, copy the "master" / "common" values
 into the new path. Once copied the values specific to that path can be updated accordingly.
 
-Copy configuration from one path in AWS SSM Parameter Store to another path in AWS SSM Parameter Store:
+Import configuration from an existing path in AWS SSM Parameter Store into another:
 
-    secret_config --copy /production/my_application --path /tenant73/my_application
+    secret-config --import /tenant73/my_application --path /production/my_application 
 
 #### Generating random passwords
 

data/lib/secret_config/cli.rb

@@ -8,11 +8,29 @@ require "irb"
 
 module SecretConfig
   class CLI
-    attr_reader :path, :region, :provider,
-                :export, :no_filter,
+    module Colors
+      CLEAR   = "\e[0m".freeze
+      BOLD    = "\e[1m".freeze
+      BLACK   = "\e[30m".freeze
+      RED     = "\e[31m".freeze
+      GREEN   = "\e[32m".freeze
+      YELLOW  = "\e[33m".freeze
+      BLUE    = "\e[34m".freeze
+      MAGENTA = "\e[35m".freeze
+      CYAN    = "\e[36m".freeze
+      WHITE   = "\e[37m".freeze
+
+      TITLE  = "\e[1m".freeze
+      KEY    = "\e[36m".freeze
+      REMOVE = "\e[31m".freeze
+      ADD    = "\e[32m".freeze
+    end
+
+    attr_reader :path, :provider, :file_name,
+                :export, :no_filter, :interpolate,
                 :import, :key_id, :key_alias, :random_size, :prune, :force,
                 :diff_path, :import_path,
-                :fetch_key, :delete_key, :set_key, :set_value, :delete_path,
+                :fetch_key, :delete_key, :set_key, :set_value, :delete_tree,
                 :copy_path, :diff,
                 :console,
                 :show_version
@@ -29,7 +47,6 @@ module SecretConfig
       @path         = nil
       @key_id       = nil
       @key_alias    = nil
-      @region       = ENV["AWS_REGION"]
       @provider     = :ssm
       @random_size  = 32
       @no_filter    = false
@@ -43,10 +60,11 @@ module SecretConfig
       @set_value    = nil
       @fetch_key    = nil
       @delete_key   = nil
-      @delete_path  = nil
+      @delete_tree  = nil
       @diff_path    = nil
       @import_path  = nil
       @force        = false
+      @interpolate  = false
 
       if argv.empty?
         puts parser
@@ -58,27 +76,32 @@ module SecretConfig
     def run!
       if show_version
         puts "Secret Config v#{VERSION}"
-        puts "Region: #{region}"
       elsif console
         run_console
       elsif export
-        run_export(export, path, filtered: !no_filter)
+        raise(ArgumentError, "--path option is not valid for --export") if path
+
+        run_export(export, file_name || STDOUT, filtered: !no_filter)
       elsif import
-        run_import(import, path, prune, force)
-      elsif import_path
-        run_import_path(import_path, path, prune, force)
+        if path
+          run_import_path(import, path, prune, force)
+        else
+          run_import(import, file_name || STDIN, prune, force)
+        end
       elsif diff
-        run_diff(diff, path)
-      elsif diff_path
-        run_diff_path(diff_path, path)
+        if path
+          run_diff_path(diff, path)
+        else
+          run_diff(diff, file_name || STDIN)
+        end
       elsif set_key
         run_set(set_key, set_value)
       elsif fetch_key
         run_fetch(fetch_key)
       elsif delete_key
         run_delete(delete_key)
-      elsif delete_path
-        run_delete_path(delete_path)
+      elsif delete_tree
+        run_delete_tree(delete_tree)
       else
         puts parser
       end
@@ -91,27 +114,27 @@ module SecretConfig
 
             For more information, see: https://rocketjob.github.io/secret_config/
 
-          secret_config [options]
+          secret-config [options]
         BANNER
 
-        opts.on "-e", "--export [FILE_NAME]", "Export configuration to a file or stdout if no file_name supplied. --path SOURCE_PATH is required." do |file_name|
-          @export = file_name || STDOUT
+        opts.on "-e", "--export SOURCE_PATH", "Export configuration. Use --file to specify the file name, otherwise stdout is used." do |path|
+          @export = path
         end
 
-        opts.on "-i", "--import [FILE_NAME]", "Import configuration from a file or stdin if no file_name supplied. --path TARGET_PATH is required." do |file_name|
-          @import = file_name || STDIN
+        opts.on "-i", "--import TARGET_PATH", "Import configuration. Use --file to specify the file name, --path for the SOURCE_PATH, otherwise stdin is used." do |path|
+          @import = path
         end
 
-        opts.on "--import-path SOURCE_PATH", "Import configuration from the configuration on another path. --path TARGET_PATH is required." do |path|
-          @import_path = path
+        opts.on "-f", "--file FILE_NAME", "Import/Export/Diff to/from this file." do |file_name|
+          @file_name = file_name
         end
 
-        opts.on "--diff [FILE_NAME]", "Compare configuration from a file or stdin if no file_name supplied. --path TARGET_PATH is required." do |file_name|
-          @diff = file_name
+        opts.on "-p", "--path PATH", "Import/Export/Diff to/from this path." do |path|
+          @path = path
         end
 
-        opts.on "--diff-path SOURCE_PATH", "Diff configuration with the configuration on another path. --path TARGET_PATH is required." do |path|
-          @diff_path = path
+        opts.on "--diff TARGET_PATH", "Compare configuration to this path. Use --file to specify the source file name, --path for the SOURCE_PATH, otherwise stdin is used." do |file_name|
+          @diff = file_name
         end
 
         opts.on "-s", "--set KEY=VALUE", "Set one key to value. Example: --set mysql/database=localhost" do |param|
@@ -121,59 +144,55 @@ module SecretConfig
           end
         end
 
-        opts.on "-f", "--fetch KEY", "Fetch the value for one setting. Example: --get mysql/database. " do |key|
+        opts.on "-f", "--fetch KEY", "Fetch the value for one setting. Example: --fetch mysql/database." do |key|
           @fetch_key = key
         end
 
-        opts.on "-d", "--delete KEY", "Delete one specific key. See --delete-path to delete all keys under a specific path " do |key|
+        opts.on "-d", "--delete KEY", "Delete one specific key." do |key|
           @delete_key = key
         end
 
-        opts.on "-r", "--delete-path PATH", "Recursively delete all keys under the specified path.. " do |path|
-          @delete_path = path
+        opts.on "-r", "--delete-tree PATH", "Recursively delete all keys under the specified path." do |path|
+          @delete_tree = path
         end
 
         opts.on "-c", "--console", "Start interactive console." do
           @console = true
         end
 
-        opts.on "-p", "--path PATH", "Path in central configuration to use." do |path|
-          @path = path
-        end
-
         opts.on "--provider PROVIDER", "Provider to use. [ssm | file]. Default: ssm" do |provider|
           @provider = provider.to_sym
         end
 
-        opts.on "--no-filter", "Do not filter passwords and keys." do
+        opts.on "--no-filter", "For --export only. Do not filter passwords and keys." do
           @no_filter = true
         end
 
-        opts.on "--prune", "During import delete all existing keys for which there is no key in the import file. Only applies to --import and --import-path." do
+        opts.on "--interpolate", "For --export only. Evaluate string interpolation and __import__." do
+          @interpolate = true
+        end
+
+        opts.on "--prune", "For --import only. During import delete all existing keys for which there is no key in the import file. Only works with --import." do
           @prune = true
         end
 
-        opts.on "--force", "During import overwrite all values, not just the changed ones. Useful for changing the KMS key. Only applies to --import and --import-path." do
+        opts.on "--force", "For --import only. Overwrite all values, not just the changed ones. Useful for changing the KMS key." do
           @force = true
         end
 
-        opts.on "--key_id KEY_ID", "Encrypt config settings with this AWS KMS key id. Default: AWS Default key." do |key_id|
+        opts.on "--key_id KEY_ID", "For --import only. Encrypt config settings with this AWS KMS key id. Default: AWS Default key." do |key_id|
           @key_id = key_id
         end
 
-        opts.on "--key_alias KEY_ALIAS", "Encrypt config settings with this AWS KMS alias." do |key_alias|
+        opts.on "--key_alias KEY_ALIAS", "For --import only. Encrypt config settings with this AWS KMS alias." do |key_alias|
           @key_alias = key_alias
         end
 
-        opts.on "--region REGION", "AWS Region to use. Default: AWS_REGION env var." do |region|
-          @region = region
-        end
-
-        opts.on "--random_size INTEGER", Integer, "Size to use when generating random values. Whenever #{RANDOM} is encountered during an import. Default: 32" do |random_size|
+        opts.on "--random_size INTEGER", Integer, "For --import only. Size to use when generating random values when $(random) is encountered in the source. Default: 32" do |random_size|
           @random_size = random_size
         end
 
-        opts.on "-v", "--version", "Display Symmetric Encryption version." do
+        opts.on "-v", "--version", "Display Secret Config version." do
           @show_version = true
         end
 
@@ -198,57 +217,55 @@ module SecretConfig
         end
     end
 
-    def run_export(file_name, path, filtered: true)
-      raise(ArgumentError, "Missing required option --path") unless path
+    def run_export(source_path, file_name, filtered: true)
+      puts("Exporting #{provider}:#{source_path} to #{file_name}") if file_name.is_a?(String)
 
-      config = fetch_config(path, filtered: filtered)
+      config = fetch_config(source_path, filtered: filtered)
       write_config_file(file_name, config)
-
-      puts("Exported #{path} from #{provider} to #{file_name}") if file_name.is_a?(String)
     end
 
-    def run_import(file_name, path, prune, force)
-      raise(ArgumentError, "Missing required option --path") unless path
-
+    def run_import(target_path, file_name, prune, force)
+      puts "#{Colors::TITLE}--- #{provider}:#{target_path}"
+      puts "+++ #{file_name}#{Colors::CLEAR}"
       config = read_config_file(file_name)
-      import_config(config, path, prune, force)
-
-      puts("Imported #{file_name} to #{path} on provider: #{provider}") if file_name.is_a?(String)
+      import_config(config, target_path, prune, force)
     end
 
-    def run_import_path(source_path, path, prune, force)
-      raise(ArgumentError, "Missing required option --path") unless path
+    def run_import_path(target_path, source_path, prune, force)
+      puts "#{Colors::TITLE}--- #{provider}:#{target_path}"
+      puts "+++ #{provider}:#{source_path}#{Colors::CLEAR}"
 
       config = fetch_config(source_path, filtered: false)
-      import_config(config, path, prune, force)
+      import_config(config, target_path, prune, force)
 
-      puts("Imported #{source_path} to #{path} on provider: #{provider}")
+      puts("Imported #{target_path} from #{source_path} on provider: #{provider}")
     end
 
-    def run_diff(file_name, path)
-      raise(ArgumentError, "Missing required option --path") unless path
+    def run_diff(target_path, file_name)
+      source_config = read_config_file(file_name)
+      source        = Utils.flatten(source_config, target_path)
 
-      file_config = read_config_file(file_name)
-      file        = Utils.flatten(file_config, path)
+      target_config = fetch_config(target_path, filtered: false)
+      target        = Utils.flatten(target_config, target_path)
 
-      registry_config = fetch_config(path, filtered: false)
-      registry        = Utils.flatten(registry_config, path)
-
-      puts("Comparing #{file_name} to #{path} on provider: #{provider}") if file_name.is_a?(String)
-      diff_config(file, registry)
+      if file_name.is_a?(String)
+        puts "#{Colors::TITLE}--- #{provider}:#{target_path}"
+        puts "+++ #{file_name}#{Colors::CLEAR}"
+      end
+      diff_config(target, source)
     end
 
-    def run_diff_path(source_path, path)
-      raise(ArgumentError, "Missing required option --path") unless path
-
+    def run_diff_path(target_path, source_path)
       source_config = fetch_config(source_path, filtered: false)
       source        = Utils.flatten(source_config)
 
-      target_config = fetch_config(path, filtered: false)
+      target_config = fetch_config(target_path, filtered: false)
       target        = Utils.flatten(target_config)
 
-      puts("Comparing #{source_path} to #{path} on provider: #{provider}")
-      diff_config(source, target)
+      puts "#{Colors::TITLE}--- #{provider}:#{target_path}"
+      puts "+++ #{provider}:#{source_path}#{Colors::CLEAR}"
+
+      diff_config(target, source)
     end
 
     def run_console
@@ -256,14 +273,18 @@ module SecretConfig
     end
 
     def run_delete(key)
+      puts "#{Colors::TITLE}--- #{provider}:#{path}"
+      puts "#{Colors::REMOVE}- #{key}#{Colors::CLEAR}"
       provider_instance.delete(key)
     end
 
-    def run_delete_path(path)
+    def run_delete_tree(path)
       source_config = fetch_config(path)
-      source        = Utils.flatten(source_config, path)
+      puts "#{Colors::TITLE}--- #{provider}:#{path}#{Colors::CLEAR}"
+
+      source = Utils.flatten(source_config, path)
       source.each_key do |key|
-        puts("Deleting #{key}")
+        puts "#{Colors::REMOVE}- #{key}#{Colors::CLEAR}"
         provider_instance.delete(key)
       end
     end
@@ -277,8 +298,8 @@ module SecretConfig
       provider_instance.set(key, value)
     end
 
-    def current_values
-      @current_values ||= Utils.flatten(fetch_config(path, filtered: false), path)
+    def current_values(path)
+      Utils.flatten(fetch_config(path, filtered: false), path)
     end
 
     def read_config_file(file_name)
@@ -306,38 +327,53 @@ module SecretConfig
           # Ignore filtered values
           next
         end
-        puts "Setting: #{key}"
+
+        if current_values.key?(key)
+          puts "#{Colors::KEY}* #{key}#{Colors::CLEAR}"
+        else
+          puts "#{Colors::ADD}+ #{key}#{Colors::CLEAR}"
+        end
+
         provider_instance.set(key, value)
       end
     end
 
     def fetch_config(path, filtered: true)
-      registry = Registry.new(path: path, provider: provider_instance)
+      registry = Registry.new(path: path, provider: provider_instance, interpolate: interpolate)
       config   = filtered ? registry.configuration : registry.configuration(filters: nil)
       sort_hash_by_key!(config)
     end
 
     # Diffs two configs and displays the results
-    def diff_config(source, target)
+    def diff_config(target, source)
       (source.keys + target.keys).sort.uniq.each do |key|
         if target.key?(key)
           if source.key?(key)
             value = source[key].to_s
             # Ignore filtered values
-            puts "* #{key}: #{target[key]} => #{source[key]}" if (value != target[key].to_s) && (value != FILTERED)
+            if (value != target[key].to_s) && (value != FILTERED)
+              puts "#{Colors::KEY}#{key}:"
+              puts "#{Colors::REMOVE}#{prefix_lines("- ", target[key])}"
+              puts "#{Colors::ADD}#{prefix_lines("+ ", source[key])}#{Colors::CLEAR}\n\n"
+            end
           else
-            puts "- #{key}"
+            puts "#{Colors::KEY}#{key}:"
+            puts "#{Colors::REMOVE}#{prefix_lines("- ", target[key])}\n\n"
           end
         elsif source.key?(key)
-          puts "+ #{key}: #{source[key]}"
+          puts "#{Colors::KEY}#{key}:"
+          puts "#{Colors::ADD}#{prefix_lines("+ ", source[key])}#{Colors::CLEAR}\n\n"
         end
       end
     end
 
-    def import_config(config, path, prune, force)
-      raise(ArgumentError, "Missing required option --path") unless path
+    def prefix_lines(prefix, value)
+      value.to_s.lines.collect { |line| "#{prefix}#{line}" }.join("")
+    end
 
-      delete_keys = prune ? current_values.keys - Utils.flatten(config, path).keys : []
+    def import_config(config, path, prune, force)
+      current     = current_values(path)
+      delete_keys = prune ? current.keys - Utils.flatten(config, path).keys : []
 
       unless delete_keys.empty?
         puts "Going to delete the following keys:"
@@ -345,10 +381,10 @@ module SecretConfig
         sleep(5)
       end
 
-      set_config(config, path, force ? {} : current_values)
+      set_config(config, path, force ? {} : current)
 
       delete_keys.each do |key|
-        puts "Deleting: #{key}"
+        puts "#{Colors::REMOVE}- #{key}#{Colors::CLEAR}"
         provider_instance.delete(key)
       end
     end

data/lib/secret_config/parser.rb

@@ -2,26 +2,26 @@ module SecretConfig
   class Parser
     attr_reader :tree, :path, :registry, :interpolator
 
-    def initialize(path, registry)
+    def initialize(path, registry, interpolate: true)
       @path         = path
       @registry     = registry
       @fetch_list   = {}
       @import_list  = {}
       @tree         = {}
-      @interpolator = SettingInterpolator.new
+      @interpolator = interpolate ? SettingInterpolator.new : nil
     end
 
     # Returns a flat path of keys and values from the provider without looking in the local path.
     # Keys are returned with path names relative to the supplied path.
     def parse(key, value)
       relative_key       = relative_key?(key) ? key : key.sub("#{path}/", "")
-      tree[relative_key] = value.is_a?(String) && value.include?("%{") ? interpolator.parse(value) : value
+      value              = interpolator.parse(value) if interpolator && value.is_a?(String) && value.include?("%{")
+      tree[relative_key] = value
     end
 
     # Returns a flat Hash of the rendered paths.
     def render
-      # apply_fetches
-      apply_imports
+      apply_imports if interpolator
       tree
     end
 
@@ -38,10 +38,11 @@ module SecretConfig
     # - Imports cannot reference other imports at this time.
     def apply_imports
       tree.keys.each do |key|
-        next unless key =~ /\/__import__\Z/
+        next unless (key =~ /\/__import__\Z/) || (key == "__import__")
 
         import_key = tree.delete(key)
         key, _     = ::File.split(key)
+        key        = nil if key == "."
 
         # binding.irb
 
@@ -53,13 +54,13 @@ module SecretConfig
             match = current_key.match(/\A#{import_key}\/(.*)/)
             next unless match
 
-            imported_key       = ::File.join(key, match[1])
+            imported_key       = key.nil? ? match[1] : ::File.join(key, match[1])
             tree[imported_key] = tree[current_key] unless tree.key?(imported_key)
           end
         else
           relative_paths = registry.send(:fetch_path, import_key)
           relative_paths.each_pair do |relative_key, value|
-            imported_key       = ::File.join(key, relative_key)
+            imported_key       = key.nil? ? relative_key : ::File.join(key, relative_key)
             tree[imported_key] = value unless tree.key?(imported_key)
           end
         end

data/lib/secret_config/registry.rb

@@ -4,18 +4,19 @@ require "concurrent-ruby"
 module SecretConfig
   # Centralized configuration with values stored in AWS System Manager Parameter Store
   class Registry
-    attr_reader :provider
+    attr_reader :provider, :interpolate
     attr_accessor :path
 
-    def initialize(path: nil, provider: nil, provider_args: nil)
+    def initialize(path: nil, provider: nil, provider_args: nil, interpolate: true)
       @path = default_path(path)
       raise(UndefinedRootError, "Root must start with /") unless @path.start_with?("/")
 
       resolved_provider = default_provider(provider)
       provider_args     = nil if resolved_provider != provider
 
-      @provider = create_provider(resolved_provider, provider_args)
-      @cache    = Concurrent::Map.new
+      @provider    = create_provider(resolved_provider, provider_args)
+      @cache       = Concurrent::Map.new
+      @interpolate = interpolate
       refresh!
     end
 
@@ -115,7 +116,7 @@ module SecretConfig
     # Returns a flat path of keys and values from the provider without looking in the local path.
     # Keys are returned with path names relative to the supplied path.
     def fetch_path(path)
-      parser = Parser.new(path, self)
+      parser = Parser.new(path, self, interpolate: interpolate)
       provider.each(path) { |key, value| parser.parse(key, value) }
       parser.render
     end

data/lib/secret_config/version.rb

@@ -1,3 +1,3 @@
 module SecretConfig
-  VERSION = "0.8.0".freeze
+  VERSION = "0.9.0".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: secret_config
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.9.0
 platform: ruby
 authors:
 - Reid Morrison
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-29 00:00:00.000000000 Z
+date: 2020-05-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby
@@ -28,14 +28,14 @@ description:
 email:
 - reidmo@gmail.com
 executables:
-- secret_config
+- secret-config
 extensions: []
 extra_rdoc_files: []
 files:
 - LICENSE
 - README.md
 - Rakefile
-- bin/secret_config
+- bin/secret-config
 - lib/secret_config.rb
 - lib/secret_config/cli.rb
 - lib/secret_config/config.rb