secrets_cli 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fef7bf60e1bd22c1c4c9e6977eaccf96792cf153
-  data.tar.gz: 343eb18e5de20b8b77f47e9e43d1021b4d5dc6b8
+  metadata.gz: 22a95b837aa93312338a6a7a12efa1a25ff15ddf
+  data.tar.gz: 2aace8541c14b4c3311ea71ffa63c44d93cf07f9
 SHA512:
-  metadata.gz: 18d8c74751644400b61d67a3efd5df0b84c15e1f154d2429ee98b1a3eb090f7e6ea5714b677a8d5c2dadfdd748b81c04418258db77ccc26aa27f836db3769182
-  data.tar.gz: 89f28fd6dc1b95a940cd4efecb59cffd754cdc0a9bdb13d574027fd3e271583476ff7efccf73b8c50e746461824bd4b31e07afd0b387f44fd07063178ca501bd
+  metadata.gz: 60a7b0bc704533b79dc133cae819e22082c48a4dade9c38faead72ecee6232ea185bec57f674594111c76c857583138ed2eda1ee98565b670c43df0d1637cb85
+  data.tar.gz: 855216c1e7864e74d4ee44b80242b1ab697f2402855d63bae270f2d76982387f9a34f54f5ac28217fb750094f4ec6bf69799e2810935c94d6177e6a1103eb25f

data/README.md

@@ -4,6 +4,8 @@
 
 This is a CLI for easier use of [vault](https://www.vaultproject.io/)
 
+There is also a mina plugin [mina-secrets](https://github.com/infinum/mina-secrets)
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -22,11 +24,16 @@ Or install it yourself as:
 
 ## Prerequisites
 
-`vault` must be installed on system. This gem adds a dependancy to `vault-binaries` which will install `vault` for you.
+`vault` must be installed on system. This gem adds a dependency to `vault-binaries` which will install `vault` for you.
+
+The following environment variables need to be set:
+
+For `vault` itself:
 
-Following environemt variables need to be set:
+    VAULT_ADDR - this is an address to your vault server
+
+For `secrets_cli`:
 
-    VAULT_ADDR - this is an address to vault server
     SECRETS_VAULT_AUTH_METHOD - this is auth method ('github' or 'token' supported for now)
     SECRETS_VAULT_AUTH_TOKEN - this is vault auth token
 
@@ -44,37 +51,50 @@ Some of the commands have `--verbose` switch which will print out the commands i
 This will create `.secrets` file with project configuration. The command will ask you all it needs to know if you do not
 supply the config through options.
 
-These configs need to be set:
+Example of the `.secrets`:
 
-    `secrets_file` - file where your secrets are kept. `config/application.yml` for figaro, `.env` for dotenv or something else.
-    `secrets_repo` - vault 'repo' where your secrets will be kept. Example: `rails/secrets/`
-    `secrets_field` - a field in vault repo where the contents of secrets_file will be written. Example: `secrets`
+    ---
+    :secrets_file: config/application.yml # file where your secrets are kept, depending on your environment gem (figaro, dotenv, etc)
+    :secrets_repo: rails/my_project/      # vault 'repo' where your secrets will be kept.
+    :secrets_field: secrets               # a field in vault repo where the contents of secrets_file will be written
 
 ### Auth
 
     $ secrets auth
 
 You need to first authenticate yourself on vault server to be able to read and write.
-Needs to be done only _once_ for token.
+Needs to be done only _once_ for specific token.
+
+### Repos and environments
+
+Next 3 commands read and write to your project repo in vault. The value of the repo is generated by
+secrets_repo + environment. Example:
+
+      `rails/my_project/development`
+
+Environment is `development` by default, but it can be overwriten by passing `--environment` option, or setting `RAILS_ENV` environment variable.
 
 ### Read
 
     $ secrets read
 
-This will only read from vault repo + environment. Environment can be set by `--environment` option, `RAILS_ENV` variable.
-Default is `development` if nothing is set. Example: `rails/secrets/environment`
+This will only read from vault.
+
+Example of executed command:
+
+    vault read rails/my_project/development
 
 ### Pull
 
     $ secrets pull
 
-This will pull from vault and write to your secrets file. For environment see `Read`
+This will pull from vault and write to your secrets file.
 
 ### Push
 
     $ secrets push
 
-This will push from your secrets file to vault. For environment see `Read`
+This will push from your secrets file to vault.
 
 ## Development
 

data/exe/secrets

@@ -14,8 +14,7 @@ command :init do |c|
   c.syntax = 'secrets init [options]'
   c.summary = 'Use to initialize project, create .secrets file'
   c.option '-f', '--secrets_file STRING', String, 'Define secrets file'
-  c.option '-r', '--secrets_repo STRING', String, 'Define secrets repo'
-  c.option '-F', '--secrets_field STRING', String, 'Define secrets field'
+  c.option '-k', '--secrets_storage_key STRING', String, 'Define secrets storage_key'
   c.action do |_args, options|
     SecretsCli::Init.new(options).call
   end
@@ -37,8 +36,7 @@ command :pull do |c|
   c.summary = 'Use to read from vault server to secrets file'
   c.option '-e', '--environment STRING', String, 'Set environment, default: development'
   c.option '-f', '--secrets_file STRING', String, 'Override secrets_file'
-  c.option '-r', '--secrets_repo STRING', String, 'Override secrets_repo'
-  c.option '-F', '--secrets_field STRING', String, 'Override secrets_field'
+  c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
   c.option '-d', '--secrets_dir STRING', String, 'Override secrets_dir, default: "."'
   c.action do |_args, options|
     SecretsCli::Check::Secrets.new(options).call
@@ -52,8 +50,7 @@ command :push do |c|
   c.option '-y', '--without_prompt', 'Push without prompt'
   c.option '-e', '--environment STRING', String, 'Set environment, default: development'
   c.option '-f', '--secrets_file STRING', String, 'Override secrets_file'
-  c.option '-r', '--secrets_repo STRING', String, 'Override secrets_repo'
-  c.option '-F', '--secrets_field STRING', String, 'Override secrets_field'
+  c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
   c.action do |_args, options|
     SecretsCli::Check::Secrets.new(options).call
     SecretsCli::Vault::Push.new(options).call
@@ -64,8 +61,7 @@ command :read do |c|
   c.syntax = 'secrets read [options]'
   c.summary = 'Use to only read from vault server without writing to secrets file'
   c.option '-e', '--environment STRING', String, 'Set environment, default: development'
-  c.option '-r', '--secrets_repo STRING', String, 'Override secrets_repo'
-  c.option '-F', '--secrets_field STRING', String, 'Override secrets_field'
+  c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
   c.action do |_args, options|
     SecretsCli::Check::Secrets.new(options).call
     SecretsCli::Vault::Read.new(options).call

data/lib/secrets_cli/check/secrets.rb

@@ -12,8 +12,7 @@ module SecretsCli
       def call
         error! 'Missing .secrets' unless File.exist?('.secrets')
         error! 'Missing secrets_file' if missing_secret_file?
-        error! 'Missing secrets_repo' if missing_secret_repo?
-        error! 'Missing secrets_field' if missing_secret_field?
+        error! 'Missing secrets_storage_key' if missing_secret_storage_key?
       end
 
       private
@@ -22,12 +21,8 @@ module SecretsCli
         options.secrets_file.nil? && config.secrets_file.nil?
       end
 
-      def missing_secret_repo?
-        options.secrets_repo && config.secrets_repo.nil?
-      end
-
-      def missing_secret_field?
-        options.secrets_field && config.secrets_field.nil?
+      def missing_secret_storage_key?
+        options.secrets_storage_key && config.secrets_storage_key.nil?
       end
     end
   end

data/lib/secrets_cli/check/vault.rb

@@ -12,18 +12,18 @@ module SecretsCli
       def call
         error! 'Missing vault' if TTY::Which.which('vault').nil?
         error! 'Missing VAULT_ADDR env' if ENV['VAULT_ADDR'].nil?
-        error! 'Missing SECRETS_VAULT_AUTH_TOKEN env' if missing_auth_token?
-        error! 'Missing SECRETS_VAULT_AUTH_METHOD env' if missing_auth_method?
+        error! 'Missing VAULT_AUTH_TOKEN env' if missing_auth_token?
+        error! 'Missing VAULT_AUTH_METHOD env' if missing_auth_method?
       end
 
       private
 
       def missing_auth_token?
-        options.auth_token.nil? && ENV['SECRETS_VAULT_AUTH_TOKEN'].nil?
+        options.auth_token.nil? && ENV['VAULT_AUTH_TOKEN'].nil?
       end
 
       def missing_auth_method?
-        options.auth_method.nil? && ENV['SECRETS_VAULT_AUTH_METHOD'].nil?
+        options.auth_method.nil? && ENV['VAULT_AUTH_METHOD'].nil?
       end
     end
   end

data/lib/secrets_cli/configuration.rb

@@ -15,12 +15,8 @@ module SecretsCli
       config[:secrets_file]
     end
 
-    def secrets_repo
-      config[:secrets_repo]
-    end
-
-    def secrets_field
-      config[:secrets_field]
+    def secrets_storage_key
+      config[:secrets_storage_key]
     end
 
     def self.write(config)

data/lib/secrets_cli/init.rb

@@ -19,8 +19,7 @@ module SecretsCli
     def config
       {
         secrets_file: secrets_file,
-        secrets_repo: secrets_repo,
-        secrets_field: secrets_field
+        secrets_storage_key: secrets_storage_key
       }
     end
 
@@ -28,14 +27,10 @@ module SecretsCli
       @secrets_file ||= options.secrets_file || SecretsCli::Prompts::SecretsFile.new.call
     end
 
-    def secrets_repo
-      repo = options.secrets_repo || SecretsCli::Prompts::SecretsRepo.new.call
-      repo << '/' unless repo.end_with?('/')
-      repo
-    end
-
-    def secrets_field
-      options.secrets_field || SecretsCli::Prompts::SecretsField.new.call
+    def secrets_storage_key
+      storage_key = options.secrets_storage_key || SecretsCli::Prompts::SecretsStorageKey.new.call
+      storage_key << '/' unless storage_key.end_with?('/')
+      storage_key
     end
   end
 end

data/lib/secrets_cli/prompts/{secrets_repo.rb → secrets_storage_key.rb}

@@ -1,10 +1,10 @@
 module SecretsCli
   module Prompts
-    class SecretsRepo
+    class SecretsStorageKey
       include SecretsCli::Helpers
 
       def call
-        prompt.ask('What will the secrets repo be?', default: default)
+        prompt.ask('What will the secrets storage key be?', default: default)
       end
 
       private

data/lib/secrets_cli/vault/auth.rb

@@ -5,8 +5,8 @@ module SecretsCli
 
       def initialize(options)
         super
-        @auth_token = options.auth_token || ENV['SECRETS_VAULT_AUTH_TOKEN']
-        @auth_method = options.auth_method || ENV['SECRETS_VAULT_AUTH_METHOD']
+        @auth_token = options.auth_token || ENV['_VAULT_AUTH_TOKEN']
+        @auth_method = options.auth_method || ENV['VAULT_AUTH_METHOD']
       end
 
       private

data/lib/secrets_cli/vault/base.rb

@@ -15,7 +15,7 @@ module SecretsCli
           if wait_thr.value.success?
             prompt.ok(stdout_and_stderr.read)
           else
-            error!(stdout_and_stderr.read)
+            prompt.error(stdout_and_stderr.read)
           end
         end
       end
@@ -26,8 +26,8 @@ module SecretsCli
         fail NotImplementedError
       end
 
-      def secrets_full_repo
-        File.join(secrets_repo, config.environment)
+      def secrets_full_storage_key
+        File.join(secrets_storage_key, config.environment)
       end
     end
   end

data/lib/secrets_cli/vault/push.rb

@@ -1,12 +1,11 @@
 module SecretsCli
   module Vault
     class Push < SecretsCli::Vault::Base
-      attr_reader :secrets_repo, :secrets_field, :secrets, :secrets_file
+      attr_reader :secrets_storage_key, :secrets_field, :secrets, :secrets_file
 
       def initialize(options)
         super
-        @secrets_repo = options.secrets_repo || config.secrets_repo
-        @secrets_field = options.secrets_field || config.secrets_field
+        @secrets_storage_key = options.secrets_storage_key || config.secrets_storage_key
         @secrets_file = options.secrets_file || config.secrets_file
         @secrets = File.read(secrets_file)
       end
@@ -19,11 +18,11 @@ module SecretsCli
       private
 
       def command
-        "vault write #{secrets_full_repo} #{secrets_field}=\"#{secrets}\""
+        "vault write #{secrets_full_storage_key} #{SECRETS_FIELD}=\"#{secrets}\""
       end
 
       def are_you_sure?
-        prompt.yes?("Are you sure you want to write #{secrets_file} to #{secrets_full_repo}", default: 'Y')
+        prompt.yes?("Are you sure you want to write #{secrets_file} to #{secrets_full_storage_key}", default: 'Y')
       end
     end
   end

data/lib/secrets_cli/vault/read.rb

@@ -3,16 +3,15 @@ module SecretsCli
     class Read < SecretsCli::Vault::Base
       def initialize(options)
         super
-        @secrets_repo = options.secrets_repo || config.secrets_repo
-        @secrets_field = options.secrets_field || config.secrets_field
+        @secrets_storage_key = options.secrets_storage_key || config.secrets_storage_key
       end
 
       private
 
-      attr_reader :secrets_repo, :secrets_field
+      attr_reader :secrets_storage_key
 
       def command
-        "vault read --field=#{secrets_field} #{secrets_full_repo}"
+        "vault read --field=#{SECRETS_FIELD} #{secrets_full_storage_key}"
       end
     end
   end

data/lib/secrets_cli/version.rb

@@ -1,3 +1,3 @@
 module SecretsCli
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

data/lib/secrets_cli.rb

@@ -9,8 +9,7 @@ require 'secrets_cli/init'
 require 'secrets_cli/check/secrets'
 require 'secrets_cli/check/vault'
 require 'secrets_cli/prompts/secrets_file'
-require 'secrets_cli/prompts/secrets_repo'
-require 'secrets_cli/prompts/secrets_field'
+require 'secrets_cli/prompts/secrets_storage_key'
 require 'secrets_cli/vault/base'
 require 'secrets_cli/vault/auth'
 require 'secrets_cli/vault/read'
@@ -22,4 +21,5 @@ require 'secrets_cli/version'
 
 module SecretsCli
   SECRETS_CONFIG_FILE = '.secrets'
+  SECRETS_FIELD = 'secrets'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: secrets_cli
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Stjepan Hadjic
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-02-15 00:00:00.000000000 Z
+date: 2016-02-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -132,9 +132,8 @@ files:
 - lib/secrets_cli/configuration.rb
 - lib/secrets_cli/helpers.rb
 - lib/secrets_cli/init.rb
-- lib/secrets_cli/prompts/secrets_field.rb
 - lib/secrets_cli/prompts/secrets_file.rb
-- lib/secrets_cli/prompts/secrets_repo.rb
+- lib/secrets_cli/prompts/secrets_storage_key.rb
 - lib/secrets_cli/vault/auth.rb
 - lib/secrets_cli/vault/base.rb
 - lib/secrets_cli/vault/pull.rb

data/lib/secrets_cli/prompts/secrets_field.rb

@@ -1,11 +0,0 @@
-module SecretsCli
-  module Prompts
-    class SecretsField
-      include SecretsCli::Helpers
-
-      def call
-        prompt.ask('What will the secrets key be?', default: 'secrets')
-      end
-    end
-  end
-end