secret_hub 0.1.6 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e7f29f7f724bd83bc5b9899c90248279f9997bfe5e9e5c5a09f37af679faad12
-  data.tar.gz: 9d8ffac16034c077d0c9f497e919aae03c8673b32e09afdbae0fbf9e08c76ad4
+  metadata.gz: 43f49eb823e6839d1fcdd99c1b06dc18fa0c0bcae324228a8a024c24e8743c2b
+  data.tar.gz: b649439d4b9a740c6a2cbe2ad7f85aaf52cd23cba4287b47e6f6b5d013831055
 SHA512:
-  metadata.gz: 85bf36c96fe639fdf512a4332cc179ad385009ba06800db5b0aa27a0e92a8dcef8a1dc37af1431d58a94fa921b6bf7b26e58ac826b6f48ab0b2a4dd4e1a70ae1
-  data.tar.gz: 7bd79637ed41dc098098ff42e00226e1c424f1fd711d7ef6ba905a442e57d2052116fc6127f19861b46cbf49b917721e5ded32619e5d89822539495e0d65edbd
+  metadata.gz: 10c662e3948d97f76be14de4afdf66d97a163b1449852261f0c10410b281bce3b205a3c3d3108b286b8e92ac34aa047983fac84ed9bd007b2ffa49001f518cea
+  data.tar.gz: 565e5a95d926b8a78f8299fc3eb49ec36156a3013d98edce0d313929d60742ceea6ec1dc127460b3c95aa340aa4da6a8aa7b30753d25f69a3f00fa6020066e5d

data/README.md

@@ -1,5 +1,4 @@
-SecretHub - GitHub Secrets CLI
-==================================================
+# SecretHub - GitHub Secrets CLI
 
 [![Gem Version](https://badge.fury.io/rb/secret_hub.svg)](https://badge.fury.io/rb/secret_hub)
 [![Build Status](https://github.com/DannyBen/secret_hub/workflows/Test/badge.svg)](https://github.com/DannyBen/secret_hub/actions?query=workflow%3ATest)
@@ -8,20 +7,25 @@ SecretHub - GitHub Secrets CLI
 ---
 
 SecretHub lets you easily manage your GitHub secrets from the command line
-with support for bulk operations.
+with support for bulk operations and organization secrets.
 
 ---
 
-Installation
---------------------------------------------------
+## Installation
+
+With Ruby:
 
 ```shell
 $ gem install secret_hub
 ```
 
+Or with Docker:
 
-Prerequisites
---------------------------------------------------
+```shell
+$ alias secrethub='docker run --rm -it -e GITHUB_ACCESS_TOKEN -v "$PWD:/app" dannyben/secrethub'
+```
+
+## Prerequisites
 
 SecretHub is a wrapper around the [GitHub Secrets API][secrets-api]. To use
 it, you need to set up your environment with a
@@ -32,50 +36,57 @@ it, you need to set up your environment with a
 $ export GITHUB_ACCESS_TOKEN=<your access token>
 ```
 
+Give your token the `repo` scope, and for organization secrets, the `admin:org` scope.
 
-Usage
---------------------------------------------------
-
-SecretHub has two families of commands:
+## Usage
 
-1. Commands that operate on a single repository.
-2. Commands that operate on multiple repositories, and multiple secrets.
+SecretHub has three families of commands:
 
-Most commands are self explanatory, and described by the CLI.
+1. `secrethub repo` - manage repository secrets.
+2. `secrethub org` - manage organization secrets.
+3. `secrethub bulk` - manage multiple secrets in multiple repositories using a config file.
 
 ```shell
-$ secrethub --help
-```
+$ secrethub
+GitHub Secret Manager
 
-Single repository operations
---------------------------------------------------
+Commands:
+  repo  Manage repository secrets
+  org   Manage organization secrets
+  bulk  Manage multiple secrets in multiple repositories
 
-### Show the secret keys in a repository
+Run secrethub COMMAND --help for command specific help
 
-```shell
-# secrethub list REPO
-$ secrethub list you/your-repo
-```
 
-### Create or update a secret in a repository
+$ secrethub repo
+Usage:
+  secrethub repo list REPO
+  secrethub repo save REPO KEY VALUE
+  secrethub repo delete REPO KEY
+  secrethub repo (-h|--help)
 
-```shell
-# secrethub save REPO KEY VALUE
-$ secrethub list you/your-repo SECRET "there is no spoon"
-```
 
-### Delete a secret from a repository
+$ secrethub org
+Usage:
+  secrethub org list ORG
+  secrethub org save ORG KEY VALUE
+  secrethub org delete ORG KEY
+  secrethub org (-h|--help)
 
-```shell
-# secrethub delete REPO KEY
-$ secrethub delete you/your-repo SECRET
-```
 
+$ secrethub bulk
+Usage:
+  secrethub bulk init [CONFIG]
+  secrethub bulk show [CONFIG --visible]
+  secrethub bulk list [CONFIG]
+  secrethub bulk save [CONFIG --clean --dry --only REPO]
+  secrethub bulk clean [CONFIG --dry]
+  secrethub bulk (-h|--help)
+```
 
-Bulk operations
---------------------------------------------------
+## Bulk operations
 
-All the bulk operations function by using a simple YAML configuration file.
+All the bulk operations use a simple YAML configuration file.
 The configuration file includes a list of GitHub repositories, each with a
 list of its secrets.
 
@@ -136,48 +147,7 @@ user/repo:
 Note that YAML anchors only work with the hash syntax.
 
 
-### Create a sample configuration file
-
-```shell
-# secrethub bulk init [CONFIG]
-$ secrethub bulk init mysecrets.yml
-```
-
-### Show the configuration file and its secrets
-
-```shell
-# secrethub bulk show [CONFIG --visible]
-$ secrethub bulk show mysecrets.yml
-```
-
-### Show all secrets stored on GitHub in all repositories
-
-```shell
-# secrethub bulk list [CONFIG]
-$ secrethub bulk list mysecrets.yml
-```
-
-### Save multiple secrets to multiple repositories
-
-```shell
-# secrethub bulk save [CONFIG --clean --dry --only REPO]
-$ secrethub bulk save mysecrets.yml --clean
-```
-
-Using the `--clean` flag, you can ensure that the repositories do not have
-any secrets that you are unaware of. This flag will delete any secret that is
-not specified in your config file.
-
-### Delete secrets from multiple repositories unless they are specified in the config file
-
-```shell
-# secrethub bulk clean [CONFIG]
-$ secrethub bulk clean mysecrets.yml
-```
-
-
-Contributing / Support
---------------------------------------------------
+## Contributing / Support
 
 If you experience any issue, have a question or a suggestion, or if you wish
 to contribute, feel free to [open an issue][issues].

data/bin/secrethub

@@ -8,6 +8,9 @@ router = SecretHub::CLI.router
 
 begin
   exit router.run ARGV
+rescue Interrupt => e
+  say "\nGoodbye"
+  exit 1
 rescue => e
   puts e.backtrace.reverse if ENV['DEBUG']
   say! "!txtred!#{e.class}"

data/lib/secret_hub/cli.rb

@@ -1,9 +1,8 @@
 require 'mister_bin'
 require 'secret_hub/commands/base'
-require 'secret_hub/commands/list'
-require 'secret_hub/commands/save'
-require 'secret_hub/commands/delete'
+require 'secret_hub/commands/repo'
 require 'secret_hub/commands/bulk'
+require 'secret_hub/commands/org'
 
 module SecretHub
   class CLI
@@ -12,9 +11,8 @@ module SecretHub
         header: "GitHub Secret Manager",
         footer: "Run !txtpur!secrethub COMMAND --help!txtrst! for command specific help"
 
-      router.route 'list',   to: Commands::List
-      router.route 'save',   to: Commands::Save
-      router.route 'delete', to: Commands::Delete
+      router.route 'repo',   to: Commands::Repo
+      router.route 'org',    to: Commands::Org
       router.route 'bulk',   to: Commands::Bulk
 
       router

data/lib/secret_hub/commands/bulk.rb

@@ -6,7 +6,7 @@ module SecretHub
     class Bulk < Base
       using StringObfuscation
 
-      summary "Update or delete multiple secrets from multiple repositories"
+      summary "Manage multiple secrets in multiple repositories"
       
       usage "secrethub bulk init [CONFIG]"
       usage "secrethub bulk show [CONFIG --visible]"

data/lib/secret_hub/commands/org.rb

@@ -0,0 +1,56 @@
+module SecretHub
+  module Commands
+    class Org < Base
+      summary "Manage organization secrets"
+      
+      usage "secrethub org list ORG"
+      usage "secrethub org save ORG KEY VALUE"
+      usage "secrethub org delete ORG KEY"
+      usage "secrethub org (-h|--help)"
+
+      command "list", "Show all organization secrets"
+      command "save", "Create or update an organization secret (with private repositories visibility)"
+      command "delete", "Delete an organization secret"
+
+      param "ORG", "Name of the organization"
+      param "KEY", "The name of the secret"
+      param "VALUE", "The plain text secret value"
+
+      example "secrethub org list myorg"
+      example "secrethub org save myorg PASSWORD s3cr3t"
+      example "secrethub org delete myorg PASSWORD"
+
+      def list_command
+        say "!txtblu!#{org}:"
+        github.org_secrets(org).each do |secret|
+          say "- !txtpur!#{secret}"
+        end
+      end
+
+      def save_command       
+        github.put_org_secret org, key, value
+        say "Saved !txtblu!#{org} !txtpur!#{key}"
+      end
+
+      def delete_command
+        github.delete_org_secret org, key
+        say "Deleted !txtblu!#{org} !txtpur!#{key}"
+      end
+
+    private
+
+      def org
+        args['ORG']
+      end
+
+      def key
+        args['KEY']
+      end
+
+      def value
+        args['VALUE']
+      end
+
+    end
+  end
+end

data/lib/secret_hub/commands/repo.rb

@@ -0,0 +1,56 @@
+module SecretHub
+  module Commands
+    class Repo < Base
+      summary "Manage repository secrets"
+      
+      usage "secrethub repo list REPO"
+      usage "secrethub repo save REPO KEY VALUE"
+      usage "secrethub repo delete REPO KEY"
+      usage "secrethub repo (-h|--help)"
+
+      command "list", "Show all repository secrets"
+      command "save", "Create or update a repository secret"
+      command "delete", "Delete a repository secret"
+
+      param "REPO", "Full name of the GitHub repository (user/repo)"
+      param "KEY", "The name of the secret"
+      param "VALUE", "The plain text secret value"
+
+      example "secrethub repo list me/myrepo"
+      example "secrethub repo save me/myrepo PASSWORD s3cr3t"
+      example "secrethub repo delete me/myrepo PASSWORD"
+
+      def list_command
+        say "!txtblu!#{repo}:"
+        github.secrets(repo).each do |secret|
+          say "- !txtpur!#{secret}"
+        end
+      end
+
+      def save_command       
+        github.put_secret repo, key, value
+        say "Saved !txtblu!#{repo} !txtpur!#{key}"
+      end
+
+      def delete_command
+        github.delete_secret repo, key
+        say "Deleted !txtblu!#{repo} !txtpur!#{key}"
+      end
+
+    private
+
+      def repo
+        args['REPO']
+      end
+
+      def key
+        args['KEY']
+      end
+
+      def value
+        args['VALUE']
+      end
+
+    end
+  end
+end

data/lib/secret_hub/github_client.rb

@@ -11,8 +11,15 @@ module SecretHub
     end
 
     # GET /repos/:owner/:repo/actions/secrets/public-key
-    def public_key(repo)
-      public_keys[repo] ||= get("/repos/#{repo}/actions/secrets/public-key")
+    # GET /orgs/:org/actions/secrets/public-key
+    def public_key(repo_or_org)
+      if repo_or_org.include? '/'
+        repo = repo_or_org
+        public_keys[repo_or_org] ||= get("/repos/#{repo}/actions/secrets/public-key")
+      else
+        org = repo_or_org
+        public_keys[repo_or_org] ||= get("/orgs/#{org}/actions/secrets/public-key")
+      end
     end
 
     # GET /repos/:owner/:repo/actions/secrets
@@ -21,28 +28,49 @@ module SecretHub
       response['secrets'].map { |s| s['name'] }
     end
 
+    # GET /orgs/:org/actions/secrets
+    def org_secrets(org)
+      response = get "/orgs/#{org}/actions/secrets"
+      response['secrets'].map { |s| s['name'] }
+    end
+
     # PUT /repos/:owner/:repo/actions/secrets/:name
     def put_secret(repo, name, value)
-      secret = encrypt_for_repo repo, value
+      secret = encrypt_for repo, value
       key_id = public_key(repo)['key_id']
       put "/repos/#{repo}/actions/secrets/#{name}",
         encrypted_value: secret, 
         key_id: key_id
     end
 
+    # PUT /orgs/:org/actions/secrets/:secret_name
+    def put_org_secret(org, name, value)
+      secret = encrypt_for org, value
+      key_id = public_key(org)['key_id']
+      put "/orgs/#{org}/actions/secrets/#{name}",
+        encrypted_value: secret, 
+        key_id: key_id,
+        visibility: 'private'
+    end
+
     # DELETE /repos/:owner/:repo/actions/secrets/:name
     def delete_secret(repo, name)
       delete "/repos/#{repo}/actions/secrets/#{name}"
     end
 
+    # DELETE /orgs/:org/actions/secrets/:secret_name
+    def delete_org_secret(org, name)
+      delete "/orgs/#{org}/actions/secrets/#{name}"
+    end
+
   private
 
     def public_keys
       @public_keys ||= {}
     end
 
-    def encrypt_for_repo(repo, secret)
-      public_key = public_key(repo)['key']
+    def encrypt_for(repo_or_org, secret)
+      public_key = public_key(repo_or_org)['key']
       encrypt secret, public_key
     end
 

data/lib/secret_hub/version.rb

@@ -1,3 +1,3 @@
 module SecretHub
-  VERSION = "0.1.6"
+  VERSION = "0.2.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: secret_hub
 version: !ruby/object:Gem::Version
-  version: 0.1.6
+  version: 0.2.0
 platform: ruby
 authors:
 - Danny Ben Shitrit
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-17 00:00:00.000000000 Z
+date: 2020-05-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mister_bin
@@ -107,9 +107,8 @@ files:
 - lib/secret_hub/cli.rb
 - lib/secret_hub/commands/base.rb
 - lib/secret_hub/commands/bulk.rb
-- lib/secret_hub/commands/delete.rb
-- lib/secret_hub/commands/list.rb
-- lib/secret_hub/commands/save.rb
+- lib/secret_hub/commands/org.rb
+- lib/secret_hub/commands/repo.rb
 - lib/secret_hub/config-template.yml
 - lib/secret_hub/config.rb
 - lib/secret_hub/exceptions.rb
@@ -136,7 +135,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Manage GitHub secrets over multiple repositories

data/lib/secret_hub/commands/delete.rb

@@ -1,23 +0,0 @@
-module SecretHub
-  module Commands
-    class Delete < Base
-      summary "Delete a secret from a repository"
-
-      usage "secrethub delete REPO KEY"
-      usage "secrethub delete (-h|--help)"
-
-      param "REPO", "Full name of the GitHub repository (user/repo)"
-      param "KEY", "The name of the secret"
-
-      example "secrethub delete bob/vault PASSWORD"
-
-      def run
-        repo = args['REPO']
-        key = args['KEY']
-        
-        success = github.delete_secret repo, key
-        say "Deleted !txtblu!#{repo} !txtpur!#{key}"
-      end
-    end
-  end
-end

data/lib/secret_hub/commands/list.rb

@@ -1,22 +0,0 @@
-module SecretHub
-  module Commands
-    class List < Base
-      summary "Show secrets for a repository"
-
-      usage "secrethub list REPO"
-      usage "secrethub list (-h|--help)"
-
-      param "REPO", "Full name of the GitHub repository (user/repo)"
-
-      example "secrethub list bob/repo-woth-secrets"
-
-      def run
-        repo = args['REPO']
-        say "!txtblu!#{repo}:"
-        github.secrets(repo).each do |secret|
-          say "- !txtpur!#{secret}"
-        end
-      end
-    end
-  end
-end

data/lib/secret_hub/commands/save.rb

@@ -1,25 +0,0 @@
-module SecretHub
-  module Commands
-    class Save < Base
-      summary "Create or update a secret in a repository"
-
-      usage "secrethub save REPO KEY VALUE"
-      usage "secrethub save (-h|--help)"
-
-      param "REPO", "Full name of the GitHub repository (user/repo)"
-      param "KEY", "The name of the secret"
-      param "VALUE", "The plain text secret value"
-
-      example "secrethub save bob/vault PASSWORD p4ssw0rd"
-
-      def run
-        repo = args['REPO']
-        key = args['KEY']
-        value = args['VALUE']
-        
-        github.put_secret repo, key, value
-        say "Saved !txtblu!#{repo} !txtpur!#{key}"
-      end
-    end
-  end
-end