RubyGems - secrets_cli - Versions diffs - 0.2.0 → 0.3.0 - Mend

secrets_cli 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

checksums.yaml +4 -4
data/README.md +32 -12
data/exe/secrets +4 -8
data/lib/secrets_cli/check/secrets.rb +3 -8
data/lib/secrets_cli/check/vault.rb +4 -4
data/lib/secrets_cli/configuration.rb +2 -6
data/lib/secrets_cli/init.rb +5 -10
data/lib/secrets_cli/prompts/{secrets_repo.rb → secrets_storage_key.rb} +2 -2
data/lib/secrets_cli/vault/auth.rb +2 -2
data/lib/secrets_cli/vault/base.rb +3 -3
data/lib/secrets_cli/vault/push.rb +4 -5
data/lib/secrets_cli/vault/read.rb +3 -4
data/lib/secrets_cli/version.rb +1 -1
data/lib/secrets_cli.rb +2 -2
metadata +3 -4
data/lib/secrets_cli/prompts/secrets_field.rb +0 -11

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fef7bf60e1bd22c1c4c9e6977eaccf96792cf153
-  data.tar.gz: 343eb18e5de20b8b77f47e9e43d1021b4d5dc6b8
+  metadata.gz: 22a95b837aa93312338a6a7a12efa1a25ff15ddf
+  data.tar.gz: 2aace8541c14b4c3311ea71ffa63c44d93cf07f9
 SHA512:
-  metadata.gz: 18d8c74751644400b61d67a3efd5df0b84c15e1f154d2429ee98b1a3eb090f7e6ea5714b677a8d5c2dadfdd748b81c04418258db77ccc26aa27f836db3769182
-  data.tar.gz: 89f28fd6dc1b95a940cd4efecb59cffd754cdc0a9bdb13d574027fd3e271583476ff7efccf73b8c50e746461824bd4b31e07afd0b387f44fd07063178ca501bd
+  metadata.gz: 60a7b0bc704533b79dc133cae819e22082c48a4dade9c38faead72ecee6232ea185bec57f674594111c76c857583138ed2eda1ee98565b670c43df0d1637cb85
+  data.tar.gz: 855216c1e7864e74d4ee44b80242b1ab697f2402855d63bae270f2d76982387f9a34f54f5ac28217fb750094f4ec6bf69799e2810935c94d6177e6a1103eb25f

data/README.md CHANGED Viewed

@@ -4,6 +4,8 @@
 This is a CLI for easier use of [vault](https://www.vaultproject.io/)
+There is also a mina plugin [mina-secrets](https://github.com/infinum/mina-secrets)
 ## Installation
 Add this line to your application's Gemfile:
@@ -22,11 +24,16 @@ Or install it yourself as:
 ## Prerequisites
-`vault` must be installed on system. This gem adds a dependancy to `vault-binaries` which will install `vault` for you.
+`vault` must be installed on system. This gem adds a dependency to `vault-binaries` which will install `vault` for you.
+The following environment variables need to be set:
+For `vault` itself:
-Following environemt variables need to be set:
+    VAULT_ADDR - this is an address to your vault server
+For `secrets_cli`:
-    VAULT_ADDR - this is an address to vault server
     SECRETS_VAULT_AUTH_METHOD - this is auth method ('github' or 'token' supported for now)
     SECRETS_VAULT_AUTH_TOKEN - this is vault auth token
@@ -44,37 +51,50 @@ Some of the commands have `--verbose` switch which will print out the commands i
 This will create `.secrets` file with project configuration. The command will ask you all it needs to know if you do not
 supply the config through options.
-These configs need to be set:
+Example of the `.secrets`:
-    `secrets_file` - file where your secrets are kept. `config/application.yml` for figaro, `.env` for dotenv or something else.
-    `secrets_repo` - vault 'repo' where your secrets will be kept. Example: `rails/secrets/`
-    `secrets_field` - a field in vault repo where the contents of secrets_file will be written. Example: `secrets`
+    ---
+    :secrets_file: config/application.yml # file where your secrets are kept, depending on your environment gem (figaro, dotenv, etc)
+    :secrets_repo: rails/my_project/      # vault 'repo' where your secrets will be kept.
+    :secrets_field: secrets               # a field in vault repo where the contents of secrets_file will be written
 ### Auth
     $ secrets auth
 You need to first authenticate yourself on vault server to be able to read and write.
-Needs to be done only _once_ for token.
+Needs to be done only _once_ for specific token.
+### Repos and environments
+Next 3 commands read and write to your project repo in vault. The value of the repo is generated by
+secrets_repo + environment. Example:
+      `rails/my_project/development`
+Environment is `development` by default, but it can be overwriten by passing `--environment` option, or setting `RAILS_ENV` environment variable.
 ### Read
     $ secrets read
-This will only read from vault repo + environment. Environment can be set by `--environment` option, `RAILS_ENV` variable.
-Default is `development` if nothing is set. Example: `rails/secrets/environment`
+This will only read from vault.
+Example of executed command:
+    vault read rails/my_project/development
 ### Pull
     $ secrets pull
-This will pull from vault and write to your secrets file. For environment see `Read`
+This will pull from vault and write to your secrets file.
 ### Push
     $ secrets push
-This will push from your secrets file to vault. For environment see `Read`
+This will push from your secrets file to vault.
 ## Development

data/exe/secrets CHANGED Viewed

@@ -14,8 +14,7 @@ command :init do |c|
   c.syntax = 'secrets init [options]'
   c.summary = 'Use to initialize project, create .secrets file'
   c.option '-f', '--secrets_file STRING', String, 'Define secrets file'
-  c.option '-r', '--secrets_repo STRING', String, 'Define secrets repo'
-  c.option '-F', '--secrets_field STRING', String, 'Define secrets field'
+  c.option '-k', '--secrets_storage_key STRING', String, 'Define secrets storage_key'
   c.action do |_args, options|
     SecretsCli::Init.new(options).call
   end
@@ -37,8 +36,7 @@ command :pull do |c|
   c.summary = 'Use to read from vault server to secrets file'
   c.option '-e', '--environment STRING', String, 'Set environment, default: development'
   c.option '-f', '--secrets_file STRING', String, 'Override secrets_file'
-  c.option '-r', '--secrets_repo STRING', String, 'Override secrets_repo'
-  c.option '-F', '--secrets_field STRING', String, 'Override secrets_field'
+  c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
   c.option '-d', '--secrets_dir STRING', String, 'Override secrets_dir, default: "."'
   c.action do |_args, options|
     SecretsCli::Check::Secrets.new(options).call
@@ -52,8 +50,7 @@ command :push do |c|
   c.option '-y', '--without_prompt', 'Push without prompt'
   c.option '-e', '--environment STRING', String, 'Set environment, default: development'
   c.option '-f', '--secrets_file STRING', String, 'Override secrets_file'
-  c.option '-r', '--secrets_repo STRING', String, 'Override secrets_repo'
-  c.option '-F', '--secrets_field STRING', String, 'Override secrets_field'
+  c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
   c.action do |_args, options|
     SecretsCli::Check::Secrets.new(options).call
     SecretsCli::Vault::Push.new(options).call
@@ -64,8 +61,7 @@ command :read do |c|
   c.syntax = 'secrets read [options]'
   c.summary = 'Use to only read from vault server without writing to secrets file'
   c.option '-e', '--environment STRING', String, 'Set environment, default: development'
-  c.option '-r', '--secrets_repo STRING', String, 'Override secrets_repo'
-  c.option '-F', '--secrets_field STRING', String, 'Override secrets_field'
+  c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
   c.action do |_args, options|
     SecretsCli::Check::Secrets.new(options).call
     SecretsCli::Vault::Read.new(options).call

data/lib/secrets_cli/check/secrets.rb CHANGED Viewed

@@ -12,8 +12,7 @@ module SecretsCli
       def call
         error! 'Missing .secrets' unless File.exist?('.secrets')
         error! 'Missing secrets_file' if missing_secret_file?
-        error! 'Missing secrets_repo' if missing_secret_repo?
-        error! 'Missing secrets_field' if missing_secret_field?
+        error! 'Missing secrets_storage_key' if missing_secret_storage_key?
       end
       private
@@ -22,12 +21,8 @@ module SecretsCli
         options.secrets_file.nil? && config.secrets_file.nil?
       end
-      def missing_secret_repo?
-        options.secrets_repo && config.secrets_repo.nil?
-      end
-      def missing_secret_field?
-        options.secrets_field && config.secrets_field.nil?
+      def missing_secret_storage_key?
+        options.secrets_storage_key && config.secrets_storage_key.nil?
       end
     end
   end

data/lib/secrets_cli/check/vault.rb CHANGED Viewed

@@ -12,18 +12,18 @@ module SecretsCli
       def call
         error! 'Missing vault' if TTY::Which.which('vault').nil?
         error! 'Missing VAULT_ADDR env' if ENV['VAULT_ADDR'].nil?
-        error! 'Missing SECRETS_VAULT_AUTH_TOKEN env' if missing_auth_token?
-        error! 'Missing SECRETS_VAULT_AUTH_METHOD env' if missing_auth_method?
+        error! 'Missing VAULT_AUTH_TOKEN env' if missing_auth_token?
+        error! 'Missing VAULT_AUTH_METHOD env' if missing_auth_method?
       end
       private
       def missing_auth_token?
-        options.auth_token.nil? && ENV['SECRETS_VAULT_AUTH_TOKEN'].nil?
+        options.auth_token.nil? && ENV['VAULT_AUTH_TOKEN'].nil?
       end
       def missing_auth_method?
-        options.auth_method.nil? && ENV['SECRETS_VAULT_AUTH_METHOD'].nil?
+        options.auth_method.nil? && ENV['VAULT_AUTH_METHOD'].nil?
       end
     end
   end

data/lib/secrets_cli/configuration.rb CHANGED Viewed

@@ -15,12 +15,8 @@ module SecretsCli
       config[:secrets_file]
     end
-    def secrets_repo
-      config[:secrets_repo]
-    end
-    def secrets_field
-      config[:secrets_field]
+    def secrets_storage_key
+      config[:secrets_storage_key]
     end
     def self.write(config)

data/lib/secrets_cli/init.rb CHANGED Viewed

@@ -19,8 +19,7 @@ module SecretsCli
     def config
       {
         secrets_file: secrets_file,
-        secrets_repo: secrets_repo,
-        secrets_field: secrets_field
+        secrets_storage_key: secrets_storage_key
       }
     end
@@ -28,14 +27,10 @@ module SecretsCli
       @secrets_file ||= options.secrets_file || SecretsCli::Prompts::SecretsFile.new.call
     end
-    def secrets_repo
-      repo = options.secrets_repo || SecretsCli::Prompts::SecretsRepo.new.call
-      repo << '/' unless repo.end_with?('/')
-      repo
-    end
-    def secrets_field
-      options.secrets_field || SecretsCli::Prompts::SecretsField.new.call
+    def secrets_storage_key
+      storage_key = options.secrets_storage_key || SecretsCli::Prompts::SecretsStorageKey.new.call
+      storage_key << '/' unless storage_key.end_with?('/')
+      storage_key
     end
   end
 end

data/lib/secrets_cli/prompts/{secrets_repo.rb → secrets_storage_key.rb} RENAMED Viewed

@@ -1,10 +1,10 @@
 module SecretsCli
   module Prompts
-    class SecretsRepo
+    class SecretsStorageKey
       include SecretsCli::Helpers
       def call
-        prompt.ask('What will the secrets repo be?', default: default)
+        prompt.ask('What will the secrets storage key be?', default: default)
       end
       private

data/lib/secrets_cli/vault/auth.rb CHANGED Viewed

@@ -5,8 +5,8 @@ module SecretsCli
       def initialize(options)
         super
-        @auth_token = options.auth_token || ENV['SECRETS_VAULT_AUTH_TOKEN']
-        @auth_method = options.auth_method || ENV['SECRETS_VAULT_AUTH_METHOD']
+        @auth_token = options.auth_token || ENV['_VAULT_AUTH_TOKEN']
+        @auth_method = options.auth_method || ENV['VAULT_AUTH_METHOD']
       end
       private

data/lib/secrets_cli/vault/base.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module SecretsCli
           if wait_thr.value.success?
             prompt.ok(stdout_and_stderr.read)
           else
-            error!(stdout_and_stderr.read)
+            prompt.error(stdout_and_stderr.read)
           end
         end
       end
@@ -26,8 +26,8 @@ module SecretsCli
         fail NotImplementedError
       end
-      def secrets_full_repo
-        File.join(secrets_repo, config.environment)
+      def secrets_full_storage_key
+        File.join(secrets_storage_key, config.environment)
       end
     end
   end

data/lib/secrets_cli/vault/push.rb CHANGED Viewed

@@ -1,12 +1,11 @@
 module SecretsCli
   module Vault
     class Push < SecretsCli::Vault::Base
-      attr_reader :secrets_repo, :secrets_field, :secrets, :secrets_file
+      attr_reader :secrets_storage_key, :secrets_field, :secrets, :secrets_file
       def initialize(options)
         super
-        @secrets_repo = options.secrets_repo || config.secrets_repo
-        @secrets_field = options.secrets_field || config.secrets_field
+        @secrets_storage_key = options.secrets_storage_key || config.secrets_storage_key
         @secrets_file = options.secrets_file || config.secrets_file
         @secrets = File.read(secrets_file)
       end
@@ -19,11 +18,11 @@ module SecretsCli
       private
       def command
-        "vault write #{secrets_full_repo} #{secrets_field}=\"#{secrets}\""
+        "vault write #{secrets_full_storage_key} #{SECRETS_FIELD}=\"#{secrets}\""
       end
       def are_you_sure?
-        prompt.yes?("Are you sure you want to write #{secrets_file} to #{secrets_full_repo}", default: 'Y')
+        prompt.yes?("Are you sure you want to write #{secrets_file} to #{secrets_full_storage_key}", default: 'Y')
       end
     end
   end

data/lib/secrets_cli/vault/read.rb CHANGED Viewed

@@ -3,16 +3,15 @@ module SecretsCli
     class Read < SecretsCli::Vault::Base
       def initialize(options)
         super
-        @secrets_repo = options.secrets_repo || config.secrets_repo
-        @secrets_field = options.secrets_field || config.secrets_field
+        @secrets_storage_key = options.secrets_storage_key || config.secrets_storage_key
       end
       private
-      attr_reader :secrets_repo, :secrets_field
+      attr_reader :secrets_storage_key
       def command
-        "vault read --field=#{secrets_field} #{secrets_full_repo}"
+        "vault read --field=#{SECRETS_FIELD} #{secrets_full_storage_key}"
       end
     end
   end

data/lib/secrets_cli/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module SecretsCli
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

data/lib/secrets_cli.rb CHANGED Viewed

@@ -9,8 +9,7 @@ require 'secrets_cli/init'
 require 'secrets_cli/check/secrets'
 require 'secrets_cli/check/vault'
 require 'secrets_cli/prompts/secrets_file'
-require 'secrets_cli/prompts/secrets_repo'
-require 'secrets_cli/prompts/secrets_field'
+require 'secrets_cli/prompts/secrets_storage_key'
 require 'secrets_cli/vault/base'
 require 'secrets_cli/vault/auth'
 require 'secrets_cli/vault/read'
@@ -22,4 +21,5 @@ require 'secrets_cli/version'
 module SecretsCli
   SECRETS_CONFIG_FILE = '.secrets'
+  SECRETS_FIELD = 'secrets'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: secrets_cli
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Stjepan Hadjic
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2016-02-15 00:00:00.000000000 Z
+date: 2016-02-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -132,9 +132,8 @@ files:
 - lib/secrets_cli/configuration.rb
 - lib/secrets_cli/helpers.rb
 - lib/secrets_cli/init.rb
-- lib/secrets_cli/prompts/secrets_field.rb
 - lib/secrets_cli/prompts/secrets_file.rb
-- lib/secrets_cli/prompts/secrets_repo.rb
+- lib/secrets_cli/prompts/secrets_storage_key.rb
 - lib/secrets_cli/vault/auth.rb
 - lib/secrets_cli/vault/base.rb
 - lib/secrets_cli/vault/pull.rb

data/lib/secrets_cli/prompts/secrets_field.rb DELETED Viewed

@@ -1,11 +0,0 @@
-module SecretsCli
-  module Prompts
-    class SecretsField
-      include SecretsCli::Helpers
-      def call
-        prompt.ask('What will the secrets key be?', default: 'secrets')
-      end
-    end
-  end
-end