secret_hub 0.1.6 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +48 -78
- data/bin/secrethub +3 -0
- data/lib/secret_hub/cli.rb +4 -6
- data/lib/secret_hub/commands/bulk.rb +1 -1
- data/lib/secret_hub/commands/org.rb +56 -0
- data/lib/secret_hub/commands/repo.rb +56 -0
- data/lib/secret_hub/github_client.rb +33 -5
- data/lib/secret_hub/version.rb +1 -1
- metadata +5 -6
- data/lib/secret_hub/commands/delete.rb +0 -23
- data/lib/secret_hub/commands/list.rb +0 -22
- data/lib/secret_hub/commands/save.rb +0 -25
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 43f49eb823e6839d1fcdd99c1b06dc18fa0c0bcae324228a8a024c24e8743c2b
|
4
|
+
data.tar.gz: b649439d4b9a740c6a2cbe2ad7f85aaf52cd23cba4287b47e6f6b5d013831055
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 10c662e3948d97f76be14de4afdf66d97a163b1449852261f0c10410b281bce3b205a3c3d3108b286b8e92ac34aa047983fac84ed9bd007b2ffa49001f518cea
|
7
|
+
data.tar.gz: 565e5a95d926b8a78f8299fc3eb49ec36156a3013d98edce0d313929d60742ceea6ec1dc127460b3c95aa340aa4da6a8aa7b30753d25f69a3f00fa6020066e5d
|
data/README.md
CHANGED
@@ -1,5 +1,4 @@
|
|
1
|
-
SecretHub - GitHub Secrets CLI
|
2
|
-
==================================================
|
1
|
+
# SecretHub - GitHub Secrets CLI
|
3
2
|
|
4
3
|
[![Gem Version](https://badge.fury.io/rb/secret_hub.svg)](https://badge.fury.io/rb/secret_hub)
|
5
4
|
[![Build Status](https://github.com/DannyBen/secret_hub/workflows/Test/badge.svg)](https://github.com/DannyBen/secret_hub/actions?query=workflow%3ATest)
|
@@ -8,20 +7,25 @@ SecretHub - GitHub Secrets CLI
|
|
8
7
|
---
|
9
8
|
|
10
9
|
SecretHub lets you easily manage your GitHub secrets from the command line
|
11
|
-
with support for bulk operations.
|
10
|
+
with support for bulk operations and organization secrets.
|
12
11
|
|
13
12
|
---
|
14
13
|
|
15
|
-
Installation
|
16
|
-
|
14
|
+
## Installation
|
15
|
+
|
16
|
+
With Ruby:
|
17
17
|
|
18
18
|
```shell
|
19
19
|
$ gem install secret_hub
|
20
20
|
```
|
21
21
|
|
22
|
+
Or with Docker:
|
22
23
|
|
23
|
-
|
24
|
-
|
24
|
+
```shell
|
25
|
+
$ alias secrethub='docker run --rm -it -e GITHUB_ACCESS_TOKEN -v "$PWD:/app" dannyben/secrethub'
|
26
|
+
```
|
27
|
+
|
28
|
+
## Prerequisites
|
25
29
|
|
26
30
|
SecretHub is a wrapper around the [GitHub Secrets API][secrets-api]. To use
|
27
31
|
it, you need to set up your environment with a
|
@@ -32,50 +36,57 @@ it, you need to set up your environment with a
|
|
32
36
|
$ export GITHUB_ACCESS_TOKEN=<your access token>
|
33
37
|
```
|
34
38
|
|
39
|
+
Give your token the `repo` scope, and for organization secrets, the `admin:org` scope.
|
35
40
|
|
36
|
-
Usage
|
37
|
-
--------------------------------------------------
|
38
|
-
|
39
|
-
SecretHub has two families of commands:
|
41
|
+
## Usage
|
40
42
|
|
41
|
-
|
42
|
-
2. Commands that operate on multiple repositories, and multiple secrets.
|
43
|
+
SecretHub has three families of commands:
|
43
44
|
|
44
|
-
|
45
|
+
1. `secrethub repo` - manage repository secrets.
|
46
|
+
2. `secrethub org` - manage organization secrets.
|
47
|
+
3. `secrethub bulk` - manage multiple secrets in multiple repositories using a config file.
|
45
48
|
|
46
49
|
```shell
|
47
|
-
$ secrethub
|
48
|
-
|
50
|
+
$ secrethub
|
51
|
+
GitHub Secret Manager
|
49
52
|
|
50
|
-
|
51
|
-
|
53
|
+
Commands:
|
54
|
+
repo Manage repository secrets
|
55
|
+
org Manage organization secrets
|
56
|
+
bulk Manage multiple secrets in multiple repositories
|
52
57
|
|
53
|
-
|
58
|
+
Run secrethub COMMAND --help for command specific help
|
54
59
|
|
55
|
-
```shell
|
56
|
-
# secrethub list REPO
|
57
|
-
$ secrethub list you/your-repo
|
58
|
-
```
|
59
60
|
|
60
|
-
|
61
|
+
$ secrethub repo
|
62
|
+
Usage:
|
63
|
+
secrethub repo list REPO
|
64
|
+
secrethub repo save REPO KEY VALUE
|
65
|
+
secrethub repo delete REPO KEY
|
66
|
+
secrethub repo (-h|--help)
|
61
67
|
|
62
|
-
```shell
|
63
|
-
# secrethub save REPO KEY VALUE
|
64
|
-
$ secrethub list you/your-repo SECRET "there is no spoon"
|
65
|
-
```
|
66
68
|
|
67
|
-
|
69
|
+
$ secrethub org
|
70
|
+
Usage:
|
71
|
+
secrethub org list ORG
|
72
|
+
secrethub org save ORG KEY VALUE
|
73
|
+
secrethub org delete ORG KEY
|
74
|
+
secrethub org (-h|--help)
|
68
75
|
|
69
|
-
```shell
|
70
|
-
# secrethub delete REPO KEY
|
71
|
-
$ secrethub delete you/your-repo SECRET
|
72
|
-
```
|
73
76
|
|
77
|
+
$ secrethub bulk
|
78
|
+
Usage:
|
79
|
+
secrethub bulk init [CONFIG]
|
80
|
+
secrethub bulk show [CONFIG --visible]
|
81
|
+
secrethub bulk list [CONFIG]
|
82
|
+
secrethub bulk save [CONFIG --clean --dry --only REPO]
|
83
|
+
secrethub bulk clean [CONFIG --dry]
|
84
|
+
secrethub bulk (-h|--help)
|
85
|
+
```
|
74
86
|
|
75
|
-
Bulk operations
|
76
|
-
--------------------------------------------------
|
87
|
+
## Bulk operations
|
77
88
|
|
78
|
-
All the bulk operations
|
89
|
+
All the bulk operations use a simple YAML configuration file.
|
79
90
|
The configuration file includes a list of GitHub repositories, each with a
|
80
91
|
list of its secrets.
|
81
92
|
|
@@ -136,48 +147,7 @@ user/repo:
|
|
136
147
|
Note that YAML anchors only work with the hash syntax.
|
137
148
|
|
138
149
|
|
139
|
-
|
140
|
-
|
141
|
-
```shell
|
142
|
-
# secrethub bulk init [CONFIG]
|
143
|
-
$ secrethub bulk init mysecrets.yml
|
144
|
-
```
|
145
|
-
|
146
|
-
### Show the configuration file and its secrets
|
147
|
-
|
148
|
-
```shell
|
149
|
-
# secrethub bulk show [CONFIG --visible]
|
150
|
-
$ secrethub bulk show mysecrets.yml
|
151
|
-
```
|
152
|
-
|
153
|
-
### Show all secrets stored on GitHub in all repositories
|
154
|
-
|
155
|
-
```shell
|
156
|
-
# secrethub bulk list [CONFIG]
|
157
|
-
$ secrethub bulk list mysecrets.yml
|
158
|
-
```
|
159
|
-
|
160
|
-
### Save multiple secrets to multiple repositories
|
161
|
-
|
162
|
-
```shell
|
163
|
-
# secrethub bulk save [CONFIG --clean --dry --only REPO]
|
164
|
-
$ secrethub bulk save mysecrets.yml --clean
|
165
|
-
```
|
166
|
-
|
167
|
-
Using the `--clean` flag, you can ensure that the repositories do not have
|
168
|
-
any secrets that you are unaware of. This flag will delete any secret that is
|
169
|
-
not specified in your config file.
|
170
|
-
|
171
|
-
### Delete secrets from multiple repositories unless they are specified in the config file
|
172
|
-
|
173
|
-
```shell
|
174
|
-
# secrethub bulk clean [CONFIG]
|
175
|
-
$ secrethub bulk clean mysecrets.yml
|
176
|
-
```
|
177
|
-
|
178
|
-
|
179
|
-
Contributing / Support
|
180
|
-
--------------------------------------------------
|
150
|
+
## Contributing / Support
|
181
151
|
|
182
152
|
If you experience any issue, have a question or a suggestion, or if you wish
|
183
153
|
to contribute, feel free to [open an issue][issues].
|
data/bin/secrethub
CHANGED
data/lib/secret_hub/cli.rb
CHANGED
@@ -1,9 +1,8 @@
|
|
1
1
|
require 'mister_bin'
|
2
2
|
require 'secret_hub/commands/base'
|
3
|
-
require 'secret_hub/commands/
|
4
|
-
require 'secret_hub/commands/save'
|
5
|
-
require 'secret_hub/commands/delete'
|
3
|
+
require 'secret_hub/commands/repo'
|
6
4
|
require 'secret_hub/commands/bulk'
|
5
|
+
require 'secret_hub/commands/org'
|
7
6
|
|
8
7
|
module SecretHub
|
9
8
|
class CLI
|
@@ -12,9 +11,8 @@ module SecretHub
|
|
12
11
|
header: "GitHub Secret Manager",
|
13
12
|
footer: "Run !txtpur!secrethub COMMAND --help!txtrst! for command specific help"
|
14
13
|
|
15
|
-
router.route '
|
16
|
-
router.route '
|
17
|
-
router.route 'delete', to: Commands::Delete
|
14
|
+
router.route 'repo', to: Commands::Repo
|
15
|
+
router.route 'org', to: Commands::Org
|
18
16
|
router.route 'bulk', to: Commands::Bulk
|
19
17
|
|
20
18
|
router
|
@@ -6,7 +6,7 @@ module SecretHub
|
|
6
6
|
class Bulk < Base
|
7
7
|
using StringObfuscation
|
8
8
|
|
9
|
-
summary "
|
9
|
+
summary "Manage multiple secrets in multiple repositories"
|
10
10
|
|
11
11
|
usage "secrethub bulk init [CONFIG]"
|
12
12
|
usage "secrethub bulk show [CONFIG --visible]"
|
@@ -0,0 +1,56 @@
|
|
1
|
+
module SecretHub
|
2
|
+
module Commands
|
3
|
+
class Org < Base
|
4
|
+
summary "Manage organization secrets"
|
5
|
+
|
6
|
+
usage "secrethub org list ORG"
|
7
|
+
usage "secrethub org save ORG KEY VALUE"
|
8
|
+
usage "secrethub org delete ORG KEY"
|
9
|
+
usage "secrethub org (-h|--help)"
|
10
|
+
|
11
|
+
command "list", "Show all organization secrets"
|
12
|
+
command "save", "Create or update an organization secret (with private repositories visibility)"
|
13
|
+
command "delete", "Delete an organization secret"
|
14
|
+
|
15
|
+
param "ORG", "Name of the organization"
|
16
|
+
param "KEY", "The name of the secret"
|
17
|
+
param "VALUE", "The plain text secret value"
|
18
|
+
|
19
|
+
example "secrethub org list myorg"
|
20
|
+
example "secrethub org save myorg PASSWORD s3cr3t"
|
21
|
+
example "secrethub org delete myorg PASSWORD"
|
22
|
+
|
23
|
+
def list_command
|
24
|
+
say "!txtblu!#{org}:"
|
25
|
+
github.org_secrets(org).each do |secret|
|
26
|
+
say "- !txtpur!#{secret}"
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
def save_command
|
31
|
+
github.put_org_secret org, key, value
|
32
|
+
say "Saved !txtblu!#{org} !txtpur!#{key}"
|
33
|
+
end
|
34
|
+
|
35
|
+
def delete_command
|
36
|
+
github.delete_org_secret org, key
|
37
|
+
say "Deleted !txtblu!#{org} !txtpur!#{key}"
|
38
|
+
end
|
39
|
+
|
40
|
+
private
|
41
|
+
|
42
|
+
def org
|
43
|
+
args['ORG']
|
44
|
+
end
|
45
|
+
|
46
|
+
def key
|
47
|
+
args['KEY']
|
48
|
+
end
|
49
|
+
|
50
|
+
def value
|
51
|
+
args['VALUE']
|
52
|
+
end
|
53
|
+
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
@@ -0,0 +1,56 @@
|
|
1
|
+
module SecretHub
|
2
|
+
module Commands
|
3
|
+
class Repo < Base
|
4
|
+
summary "Manage repository secrets"
|
5
|
+
|
6
|
+
usage "secrethub repo list REPO"
|
7
|
+
usage "secrethub repo save REPO KEY VALUE"
|
8
|
+
usage "secrethub repo delete REPO KEY"
|
9
|
+
usage "secrethub repo (-h|--help)"
|
10
|
+
|
11
|
+
command "list", "Show all repository secrets"
|
12
|
+
command "save", "Create or update a repository secret"
|
13
|
+
command "delete", "Delete a repository secret"
|
14
|
+
|
15
|
+
param "REPO", "Full name of the GitHub repository (user/repo)"
|
16
|
+
param "KEY", "The name of the secret"
|
17
|
+
param "VALUE", "The plain text secret value"
|
18
|
+
|
19
|
+
example "secrethub repo list me/myrepo"
|
20
|
+
example "secrethub repo save me/myrepo PASSWORD s3cr3t"
|
21
|
+
example "secrethub repo delete me/myrepo PASSWORD"
|
22
|
+
|
23
|
+
def list_command
|
24
|
+
say "!txtblu!#{repo}:"
|
25
|
+
github.secrets(repo).each do |secret|
|
26
|
+
say "- !txtpur!#{secret}"
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
def save_command
|
31
|
+
github.put_secret repo, key, value
|
32
|
+
say "Saved !txtblu!#{repo} !txtpur!#{key}"
|
33
|
+
end
|
34
|
+
|
35
|
+
def delete_command
|
36
|
+
github.delete_secret repo, key
|
37
|
+
say "Deleted !txtblu!#{repo} !txtpur!#{key}"
|
38
|
+
end
|
39
|
+
|
40
|
+
private
|
41
|
+
|
42
|
+
def repo
|
43
|
+
args['REPO']
|
44
|
+
end
|
45
|
+
|
46
|
+
def key
|
47
|
+
args['KEY']
|
48
|
+
end
|
49
|
+
|
50
|
+
def value
|
51
|
+
args['VALUE']
|
52
|
+
end
|
53
|
+
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
@@ -11,8 +11,15 @@ module SecretHub
|
|
11
11
|
end
|
12
12
|
|
13
13
|
# GET /repos/:owner/:repo/actions/secrets/public-key
|
14
|
-
|
15
|
-
|
14
|
+
# GET /orgs/:org/actions/secrets/public-key
|
15
|
+
def public_key(repo_or_org)
|
16
|
+
if repo_or_org.include? '/'
|
17
|
+
repo = repo_or_org
|
18
|
+
public_keys[repo_or_org] ||= get("/repos/#{repo}/actions/secrets/public-key")
|
19
|
+
else
|
20
|
+
org = repo_or_org
|
21
|
+
public_keys[repo_or_org] ||= get("/orgs/#{org}/actions/secrets/public-key")
|
22
|
+
end
|
16
23
|
end
|
17
24
|
|
18
25
|
# GET /repos/:owner/:repo/actions/secrets
|
@@ -21,28 +28,49 @@ module SecretHub
|
|
21
28
|
response['secrets'].map { |s| s['name'] }
|
22
29
|
end
|
23
30
|
|
31
|
+
# GET /orgs/:org/actions/secrets
|
32
|
+
def org_secrets(org)
|
33
|
+
response = get "/orgs/#{org}/actions/secrets"
|
34
|
+
response['secrets'].map { |s| s['name'] }
|
35
|
+
end
|
36
|
+
|
24
37
|
# PUT /repos/:owner/:repo/actions/secrets/:name
|
25
38
|
def put_secret(repo, name, value)
|
26
|
-
secret =
|
39
|
+
secret = encrypt_for repo, value
|
27
40
|
key_id = public_key(repo)['key_id']
|
28
41
|
put "/repos/#{repo}/actions/secrets/#{name}",
|
29
42
|
encrypted_value: secret,
|
30
43
|
key_id: key_id
|
31
44
|
end
|
32
45
|
|
46
|
+
# PUT /orgs/:org/actions/secrets/:secret_name
|
47
|
+
def put_org_secret(org, name, value)
|
48
|
+
secret = encrypt_for org, value
|
49
|
+
key_id = public_key(org)['key_id']
|
50
|
+
put "/orgs/#{org}/actions/secrets/#{name}",
|
51
|
+
encrypted_value: secret,
|
52
|
+
key_id: key_id,
|
53
|
+
visibility: 'private'
|
54
|
+
end
|
55
|
+
|
33
56
|
# DELETE /repos/:owner/:repo/actions/secrets/:name
|
34
57
|
def delete_secret(repo, name)
|
35
58
|
delete "/repos/#{repo}/actions/secrets/#{name}"
|
36
59
|
end
|
37
60
|
|
61
|
+
# DELETE /orgs/:org/actions/secrets/:secret_name
|
62
|
+
def delete_org_secret(org, name)
|
63
|
+
delete "/orgs/#{org}/actions/secrets/#{name}"
|
64
|
+
end
|
65
|
+
|
38
66
|
private
|
39
67
|
|
40
68
|
def public_keys
|
41
69
|
@public_keys ||= {}
|
42
70
|
end
|
43
71
|
|
44
|
-
def
|
45
|
-
public_key = public_key(
|
72
|
+
def encrypt_for(repo_or_org, secret)
|
73
|
+
public_key = public_key(repo_or_org)['key']
|
46
74
|
encrypt secret, public_key
|
47
75
|
end
|
48
76
|
|
data/lib/secret_hub/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: secret_hub
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Danny Ben Shitrit
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-05-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: mister_bin
|
@@ -107,9 +107,8 @@ files:
|
|
107
107
|
- lib/secret_hub/cli.rb
|
108
108
|
- lib/secret_hub/commands/base.rb
|
109
109
|
- lib/secret_hub/commands/bulk.rb
|
110
|
-
- lib/secret_hub/commands/
|
111
|
-
- lib/secret_hub/commands/
|
112
|
-
- lib/secret_hub/commands/save.rb
|
110
|
+
- lib/secret_hub/commands/org.rb
|
111
|
+
- lib/secret_hub/commands/repo.rb
|
113
112
|
- lib/secret_hub/config-template.yml
|
114
113
|
- lib/secret_hub/config.rb
|
115
114
|
- lib/secret_hub/exceptions.rb
|
@@ -136,7 +135,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
136
135
|
- !ruby/object:Gem::Version
|
137
136
|
version: '0'
|
138
137
|
requirements: []
|
139
|
-
rubygems_version: 3.
|
138
|
+
rubygems_version: 3.1.2
|
140
139
|
signing_key:
|
141
140
|
specification_version: 4
|
142
141
|
summary: Manage GitHub secrets over multiple repositories
|
@@ -1,23 +0,0 @@
|
|
1
|
-
module SecretHub
|
2
|
-
module Commands
|
3
|
-
class Delete < Base
|
4
|
-
summary "Delete a secret from a repository"
|
5
|
-
|
6
|
-
usage "secrethub delete REPO KEY"
|
7
|
-
usage "secrethub delete (-h|--help)"
|
8
|
-
|
9
|
-
param "REPO", "Full name of the GitHub repository (user/repo)"
|
10
|
-
param "KEY", "The name of the secret"
|
11
|
-
|
12
|
-
example "secrethub delete bob/vault PASSWORD"
|
13
|
-
|
14
|
-
def run
|
15
|
-
repo = args['REPO']
|
16
|
-
key = args['KEY']
|
17
|
-
|
18
|
-
success = github.delete_secret repo, key
|
19
|
-
say "Deleted !txtblu!#{repo} !txtpur!#{key}"
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
@@ -1,22 +0,0 @@
|
|
1
|
-
module SecretHub
|
2
|
-
module Commands
|
3
|
-
class List < Base
|
4
|
-
summary "Show secrets for a repository"
|
5
|
-
|
6
|
-
usage "secrethub list REPO"
|
7
|
-
usage "secrethub list (-h|--help)"
|
8
|
-
|
9
|
-
param "REPO", "Full name of the GitHub repository (user/repo)"
|
10
|
-
|
11
|
-
example "secrethub list bob/repo-woth-secrets"
|
12
|
-
|
13
|
-
def run
|
14
|
-
repo = args['REPO']
|
15
|
-
say "!txtblu!#{repo}:"
|
16
|
-
github.secrets(repo).each do |secret|
|
17
|
-
say "- !txtpur!#{secret}"
|
18
|
-
end
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
@@ -1,25 +0,0 @@
|
|
1
|
-
module SecretHub
|
2
|
-
module Commands
|
3
|
-
class Save < Base
|
4
|
-
summary "Create or update a secret in a repository"
|
5
|
-
|
6
|
-
usage "secrethub save REPO KEY VALUE"
|
7
|
-
usage "secrethub save (-h|--help)"
|
8
|
-
|
9
|
-
param "REPO", "Full name of the GitHub repository (user/repo)"
|
10
|
-
param "KEY", "The name of the secret"
|
11
|
-
param "VALUE", "The plain text secret value"
|
12
|
-
|
13
|
-
example "secrethub save bob/vault PASSWORD p4ssw0rd"
|
14
|
-
|
15
|
-
def run
|
16
|
-
repo = args['REPO']
|
17
|
-
key = args['KEY']
|
18
|
-
value = args['VALUE']
|
19
|
-
|
20
|
-
github.put_secret repo, key, value
|
21
|
-
say "Saved !txtblu!#{repo} !txtpur!#{key}"
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|
25
|
-
end
|