secrets_cli 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: fef7bf60e1bd22c1c4c9e6977eaccf96792cf153
4
- data.tar.gz: 343eb18e5de20b8b77f47e9e43d1021b4d5dc6b8
3
+ metadata.gz: 22a95b837aa93312338a6a7a12efa1a25ff15ddf
4
+ data.tar.gz: 2aace8541c14b4c3311ea71ffa63c44d93cf07f9
5
5
  SHA512:
6
- metadata.gz: 18d8c74751644400b61d67a3efd5df0b84c15e1f154d2429ee98b1a3eb090f7e6ea5714b677a8d5c2dadfdd748b81c04418258db77ccc26aa27f836db3769182
7
- data.tar.gz: 89f28fd6dc1b95a940cd4efecb59cffd754cdc0a9bdb13d574027fd3e271583476ff7efccf73b8c50e746461824bd4b31e07afd0b387f44fd07063178ca501bd
6
+ metadata.gz: 60a7b0bc704533b79dc133cae819e22082c48a4dade9c38faead72ecee6232ea185bec57f674594111c76c857583138ed2eda1ee98565b670c43df0d1637cb85
7
+ data.tar.gz: 855216c1e7864e74d4ee44b80242b1ab697f2402855d63bae270f2d76982387f9a34f54f5ac28217fb750094f4ec6bf69799e2810935c94d6177e6a1103eb25f
data/README.md CHANGED
@@ -4,6 +4,8 @@
4
4
 
5
5
  This is a CLI for easier use of [vault](https://www.vaultproject.io/)
6
6
 
7
+ There is also a mina plugin [mina-secrets](https://github.com/infinum/mina-secrets)
8
+
7
9
  ## Installation
8
10
 
9
11
  Add this line to your application's Gemfile:
@@ -22,11 +24,16 @@ Or install it yourself as:
22
24
 
23
25
  ## Prerequisites
24
26
 
25
- `vault` must be installed on system. This gem adds a dependancy to `vault-binaries` which will install `vault` for you.
27
+ `vault` must be installed on system. This gem adds a dependency to `vault-binaries` which will install `vault` for you.
28
+
29
+ The following environment variables need to be set:
30
+
31
+ For `vault` itself:
26
32
 
27
- Following environemt variables need to be set:
33
+ VAULT_ADDR - this is an address to your vault server
34
+
35
+ For `secrets_cli`:
28
36
 
29
- VAULT_ADDR - this is an address to vault server
30
37
  SECRETS_VAULT_AUTH_METHOD - this is auth method ('github' or 'token' supported for now)
31
38
  SECRETS_VAULT_AUTH_TOKEN - this is vault auth token
32
39
 
@@ -44,37 +51,50 @@ Some of the commands have `--verbose` switch which will print out the commands i
44
51
  This will create `.secrets` file with project configuration. The command will ask you all it needs to know if you do not
45
52
  supply the config through options.
46
53
 
47
- These configs need to be set:
54
+ Example of the `.secrets`:
48
55
 
49
- `secrets_file` - file where your secrets are kept. `config/application.yml` for figaro, `.env` for dotenv or something else.
50
- `secrets_repo` - vault 'repo' where your secrets will be kept. Example: `rails/secrets/`
51
- `secrets_field` - a field in vault repo where the contents of secrets_file will be written. Example: `secrets`
56
+ ---
57
+ :secrets_file: config/application.yml # file where your secrets are kept, depending on your environment gem (figaro, dotenv, etc)
58
+ :secrets_repo: rails/my_project/ # vault 'repo' where your secrets will be kept.
59
+ :secrets_field: secrets # a field in vault repo where the contents of secrets_file will be written
52
60
 
53
61
  ### Auth
54
62
 
55
63
  $ secrets auth
56
64
 
57
65
  You need to first authenticate yourself on vault server to be able to read and write.
58
- Needs to be done only _once_ for token.
66
+ Needs to be done only _once_ for specific token.
67
+
68
+ ### Repos and environments
69
+
70
+ Next 3 commands read and write to your project repo in vault. The value of the repo is generated by
71
+ secrets_repo + environment. Example:
72
+
73
+ `rails/my_project/development`
74
+
75
+ Environment is `development` by default, but it can be overwriten by passing `--environment` option, or setting `RAILS_ENV` environment variable.
59
76
 
60
77
  ### Read
61
78
 
62
79
  $ secrets read
63
80
 
64
- This will only read from vault repo + environment. Environment can be set by `--environment` option, `RAILS_ENV` variable.
65
- Default is `development` if nothing is set. Example: `rails/secrets/environment`
81
+ This will only read from vault.
82
+
83
+ Example of executed command:
84
+
85
+ vault read rails/my_project/development
66
86
 
67
87
  ### Pull
68
88
 
69
89
  $ secrets pull
70
90
 
71
- This will pull from vault and write to your secrets file. For environment see `Read`
91
+ This will pull from vault and write to your secrets file.
72
92
 
73
93
  ### Push
74
94
 
75
95
  $ secrets push
76
96
 
77
- This will push from your secrets file to vault. For environment see `Read`
97
+ This will push from your secrets file to vault.
78
98
 
79
99
  ## Development
80
100
 
data/exe/secrets CHANGED
@@ -14,8 +14,7 @@ command :init do |c|
14
14
  c.syntax = 'secrets init [options]'
15
15
  c.summary = 'Use to initialize project, create .secrets file'
16
16
  c.option '-f', '--secrets_file STRING', String, 'Define secrets file'
17
- c.option '-r', '--secrets_repo STRING', String, 'Define secrets repo'
18
- c.option '-F', '--secrets_field STRING', String, 'Define secrets field'
17
+ c.option '-k', '--secrets_storage_key STRING', String, 'Define secrets storage_key'
19
18
  c.action do |_args, options|
20
19
  SecretsCli::Init.new(options).call
21
20
  end
@@ -37,8 +36,7 @@ command :pull do |c|
37
36
  c.summary = 'Use to read from vault server to secrets file'
38
37
  c.option '-e', '--environment STRING', String, 'Set environment, default: development'
39
38
  c.option '-f', '--secrets_file STRING', String, 'Override secrets_file'
40
- c.option '-r', '--secrets_repo STRING', String, 'Override secrets_repo'
41
- c.option '-F', '--secrets_field STRING', String, 'Override secrets_field'
39
+ c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
42
40
  c.option '-d', '--secrets_dir STRING', String, 'Override secrets_dir, default: "."'
43
41
  c.action do |_args, options|
44
42
  SecretsCli::Check::Secrets.new(options).call
@@ -52,8 +50,7 @@ command :push do |c|
52
50
  c.option '-y', '--without_prompt', 'Push without prompt'
53
51
  c.option '-e', '--environment STRING', String, 'Set environment, default: development'
54
52
  c.option '-f', '--secrets_file STRING', String, 'Override secrets_file'
55
- c.option '-r', '--secrets_repo STRING', String, 'Override secrets_repo'
56
- c.option '-F', '--secrets_field STRING', String, 'Override secrets_field'
53
+ c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
57
54
  c.action do |_args, options|
58
55
  SecretsCli::Check::Secrets.new(options).call
59
56
  SecretsCli::Vault::Push.new(options).call
@@ -64,8 +61,7 @@ command :read do |c|
64
61
  c.syntax = 'secrets read [options]'
65
62
  c.summary = 'Use to only read from vault server without writing to secrets file'
66
63
  c.option '-e', '--environment STRING', String, 'Set environment, default: development'
67
- c.option '-r', '--secrets_repo STRING', String, 'Override secrets_repo'
68
- c.option '-F', '--secrets_field STRING', String, 'Override secrets_field'
64
+ c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
69
65
  c.action do |_args, options|
70
66
  SecretsCli::Check::Secrets.new(options).call
71
67
  SecretsCli::Vault::Read.new(options).call
@@ -12,8 +12,7 @@ module SecretsCli
12
12
  def call
13
13
  error! 'Missing .secrets' unless File.exist?('.secrets')
14
14
  error! 'Missing secrets_file' if missing_secret_file?
15
- error! 'Missing secrets_repo' if missing_secret_repo?
16
- error! 'Missing secrets_field' if missing_secret_field?
15
+ error! 'Missing secrets_storage_key' if missing_secret_storage_key?
17
16
  end
18
17
 
19
18
  private
@@ -22,12 +21,8 @@ module SecretsCli
22
21
  options.secrets_file.nil? && config.secrets_file.nil?
23
22
  end
24
23
 
25
- def missing_secret_repo?
26
- options.secrets_repo && config.secrets_repo.nil?
27
- end
28
-
29
- def missing_secret_field?
30
- options.secrets_field && config.secrets_field.nil?
24
+ def missing_secret_storage_key?
25
+ options.secrets_storage_key && config.secrets_storage_key.nil?
31
26
  end
32
27
  end
33
28
  end
@@ -12,18 +12,18 @@ module SecretsCli
12
12
  def call
13
13
  error! 'Missing vault' if TTY::Which.which('vault').nil?
14
14
  error! 'Missing VAULT_ADDR env' if ENV['VAULT_ADDR'].nil?
15
- error! 'Missing SECRETS_VAULT_AUTH_TOKEN env' if missing_auth_token?
16
- error! 'Missing SECRETS_VAULT_AUTH_METHOD env' if missing_auth_method?
15
+ error! 'Missing VAULT_AUTH_TOKEN env' if missing_auth_token?
16
+ error! 'Missing VAULT_AUTH_METHOD env' if missing_auth_method?
17
17
  end
18
18
 
19
19
  private
20
20
 
21
21
  def missing_auth_token?
22
- options.auth_token.nil? && ENV['SECRETS_VAULT_AUTH_TOKEN'].nil?
22
+ options.auth_token.nil? && ENV['VAULT_AUTH_TOKEN'].nil?
23
23
  end
24
24
 
25
25
  def missing_auth_method?
26
- options.auth_method.nil? && ENV['SECRETS_VAULT_AUTH_METHOD'].nil?
26
+ options.auth_method.nil? && ENV['VAULT_AUTH_METHOD'].nil?
27
27
  end
28
28
  end
29
29
  end
@@ -15,12 +15,8 @@ module SecretsCli
15
15
  config[:secrets_file]
16
16
  end
17
17
 
18
- def secrets_repo
19
- config[:secrets_repo]
20
- end
21
-
22
- def secrets_field
23
- config[:secrets_field]
18
+ def secrets_storage_key
19
+ config[:secrets_storage_key]
24
20
  end
25
21
 
26
22
  def self.write(config)
@@ -19,8 +19,7 @@ module SecretsCli
19
19
  def config
20
20
  {
21
21
  secrets_file: secrets_file,
22
- secrets_repo: secrets_repo,
23
- secrets_field: secrets_field
22
+ secrets_storage_key: secrets_storage_key
24
23
  }
25
24
  end
26
25
 
@@ -28,14 +27,10 @@ module SecretsCli
28
27
  @secrets_file ||= options.secrets_file || SecretsCli::Prompts::SecretsFile.new.call
29
28
  end
30
29
 
31
- def secrets_repo
32
- repo = options.secrets_repo || SecretsCli::Prompts::SecretsRepo.new.call
33
- repo << '/' unless repo.end_with?('/')
34
- repo
35
- end
36
-
37
- def secrets_field
38
- options.secrets_field || SecretsCli::Prompts::SecretsField.new.call
30
+ def secrets_storage_key
31
+ storage_key = options.secrets_storage_key || SecretsCli::Prompts::SecretsStorageKey.new.call
32
+ storage_key << '/' unless storage_key.end_with?('/')
33
+ storage_key
39
34
  end
40
35
  end
41
36
  end
@@ -1,10 +1,10 @@
1
1
  module SecretsCli
2
2
  module Prompts
3
- class SecretsRepo
3
+ class SecretsStorageKey
4
4
  include SecretsCli::Helpers
5
5
 
6
6
  def call
7
- prompt.ask('What will the secrets repo be?', default: default)
7
+ prompt.ask('What will the secrets storage key be?', default: default)
8
8
  end
9
9
 
10
10
  private
@@ -5,8 +5,8 @@ module SecretsCli
5
5
 
6
6
  def initialize(options)
7
7
  super
8
- @auth_token = options.auth_token || ENV['SECRETS_VAULT_AUTH_TOKEN']
9
- @auth_method = options.auth_method || ENV['SECRETS_VAULT_AUTH_METHOD']
8
+ @auth_token = options.auth_token || ENV['_VAULT_AUTH_TOKEN']
9
+ @auth_method = options.auth_method || ENV['VAULT_AUTH_METHOD']
10
10
  end
11
11
 
12
12
  private
@@ -15,7 +15,7 @@ module SecretsCli
15
15
  if wait_thr.value.success?
16
16
  prompt.ok(stdout_and_stderr.read)
17
17
  else
18
- error!(stdout_and_stderr.read)
18
+ prompt.error(stdout_and_stderr.read)
19
19
  end
20
20
  end
21
21
  end
@@ -26,8 +26,8 @@ module SecretsCli
26
26
  fail NotImplementedError
27
27
  end
28
28
 
29
- def secrets_full_repo
30
- File.join(secrets_repo, config.environment)
29
+ def secrets_full_storage_key
30
+ File.join(secrets_storage_key, config.environment)
31
31
  end
32
32
  end
33
33
  end
@@ -1,12 +1,11 @@
1
1
  module SecretsCli
2
2
  module Vault
3
3
  class Push < SecretsCli::Vault::Base
4
- attr_reader :secrets_repo, :secrets_field, :secrets, :secrets_file
4
+ attr_reader :secrets_storage_key, :secrets_field, :secrets, :secrets_file
5
5
 
6
6
  def initialize(options)
7
7
  super
8
- @secrets_repo = options.secrets_repo || config.secrets_repo
9
- @secrets_field = options.secrets_field || config.secrets_field
8
+ @secrets_storage_key = options.secrets_storage_key || config.secrets_storage_key
10
9
  @secrets_file = options.secrets_file || config.secrets_file
11
10
  @secrets = File.read(secrets_file)
12
11
  end
@@ -19,11 +18,11 @@ module SecretsCli
19
18
  private
20
19
 
21
20
  def command
22
- "vault write #{secrets_full_repo} #{secrets_field}=\"#{secrets}\""
21
+ "vault write #{secrets_full_storage_key} #{SECRETS_FIELD}=\"#{secrets}\""
23
22
  end
24
23
 
25
24
  def are_you_sure?
26
- prompt.yes?("Are you sure you want to write #{secrets_file} to #{secrets_full_repo}", default: 'Y')
25
+ prompt.yes?("Are you sure you want to write #{secrets_file} to #{secrets_full_storage_key}", default: 'Y')
27
26
  end
28
27
  end
29
28
  end
@@ -3,16 +3,15 @@ module SecretsCli
3
3
  class Read < SecretsCli::Vault::Base
4
4
  def initialize(options)
5
5
  super
6
- @secrets_repo = options.secrets_repo || config.secrets_repo
7
- @secrets_field = options.secrets_field || config.secrets_field
6
+ @secrets_storage_key = options.secrets_storage_key || config.secrets_storage_key
8
7
  end
9
8
 
10
9
  private
11
10
 
12
- attr_reader :secrets_repo, :secrets_field
11
+ attr_reader :secrets_storage_key
13
12
 
14
13
  def command
15
- "vault read --field=#{secrets_field} #{secrets_full_repo}"
14
+ "vault read --field=#{SECRETS_FIELD} #{secrets_full_storage_key}"
16
15
  end
17
16
  end
18
17
  end
@@ -1,3 +1,3 @@
1
1
  module SecretsCli
2
- VERSION = "0.2.0"
2
+ VERSION = "0.3.0"
3
3
  end
data/lib/secrets_cli.rb CHANGED
@@ -9,8 +9,7 @@ require 'secrets_cli/init'
9
9
  require 'secrets_cli/check/secrets'
10
10
  require 'secrets_cli/check/vault'
11
11
  require 'secrets_cli/prompts/secrets_file'
12
- require 'secrets_cli/prompts/secrets_repo'
13
- require 'secrets_cli/prompts/secrets_field'
12
+ require 'secrets_cli/prompts/secrets_storage_key'
14
13
  require 'secrets_cli/vault/base'
15
14
  require 'secrets_cli/vault/auth'
16
15
  require 'secrets_cli/vault/read'
@@ -22,4 +21,5 @@ require 'secrets_cli/version'
22
21
 
23
22
  module SecretsCli
24
23
  SECRETS_CONFIG_FILE = '.secrets'
24
+ SECRETS_FIELD = 'secrets'
25
25
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secrets_cli
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stjepan Hadjic
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-02-15 00:00:00.000000000 Z
11
+ date: 2016-02-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -132,9 +132,8 @@ files:
132
132
  - lib/secrets_cli/configuration.rb
133
133
  - lib/secrets_cli/helpers.rb
134
134
  - lib/secrets_cli/init.rb
135
- - lib/secrets_cli/prompts/secrets_field.rb
136
135
  - lib/secrets_cli/prompts/secrets_file.rb
137
- - lib/secrets_cli/prompts/secrets_repo.rb
136
+ - lib/secrets_cli/prompts/secrets_storage_key.rb
138
137
  - lib/secrets_cli/vault/auth.rb
139
138
  - lib/secrets_cli/vault/base.rb
140
139
  - lib/secrets_cli/vault/pull.rb
@@ -1,11 +0,0 @@
1
- module SecretsCli
2
- module Prompts
3
- class SecretsField
4
- include SecretsCli::Helpers
5
-
6
- def call
7
- prompt.ask('What will the secrets key be?', default: 'secrets')
8
- end
9
- end
10
- end
11
- end