secrets_cli 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +32 -12
- data/exe/secrets +4 -8
- data/lib/secrets_cli/check/secrets.rb +3 -8
- data/lib/secrets_cli/check/vault.rb +4 -4
- data/lib/secrets_cli/configuration.rb +2 -6
- data/lib/secrets_cli/init.rb +5 -10
- data/lib/secrets_cli/prompts/{secrets_repo.rb → secrets_storage_key.rb} +2 -2
- data/lib/secrets_cli/vault/auth.rb +2 -2
- data/lib/secrets_cli/vault/base.rb +3 -3
- data/lib/secrets_cli/vault/push.rb +4 -5
- data/lib/secrets_cli/vault/read.rb +3 -4
- data/lib/secrets_cli/version.rb +1 -1
- data/lib/secrets_cli.rb +2 -2
- metadata +3 -4
- data/lib/secrets_cli/prompts/secrets_field.rb +0 -11
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 22a95b837aa93312338a6a7a12efa1a25ff15ddf
|
4
|
+
data.tar.gz: 2aace8541c14b4c3311ea71ffa63c44d93cf07f9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 60a7b0bc704533b79dc133cae819e22082c48a4dade9c38faead72ecee6232ea185bec57f674594111c76c857583138ed2eda1ee98565b670c43df0d1637cb85
|
7
|
+
data.tar.gz: 855216c1e7864e74d4ee44b80242b1ab697f2402855d63bae270f2d76982387f9a34f54f5ac28217fb750094f4ec6bf69799e2810935c94d6177e6a1103eb25f
|
data/README.md
CHANGED
@@ -4,6 +4,8 @@
|
|
4
4
|
|
5
5
|
This is a CLI for easier use of [vault](https://www.vaultproject.io/)
|
6
6
|
|
7
|
+
There is also a mina plugin [mina-secrets](https://github.com/infinum/mina-secrets)
|
8
|
+
|
7
9
|
## Installation
|
8
10
|
|
9
11
|
Add this line to your application's Gemfile:
|
@@ -22,11 +24,16 @@ Or install it yourself as:
|
|
22
24
|
|
23
25
|
## Prerequisites
|
24
26
|
|
25
|
-
`vault` must be installed on system. This gem adds a
|
27
|
+
`vault` must be installed on system. This gem adds a dependency to `vault-binaries` which will install `vault` for you.
|
28
|
+
|
29
|
+
The following environment variables need to be set:
|
30
|
+
|
31
|
+
For `vault` itself:
|
26
32
|
|
27
|
-
|
33
|
+
VAULT_ADDR - this is an address to your vault server
|
34
|
+
|
35
|
+
For `secrets_cli`:
|
28
36
|
|
29
|
-
VAULT_ADDR - this is an address to vault server
|
30
37
|
SECRETS_VAULT_AUTH_METHOD - this is auth method ('github' or 'token' supported for now)
|
31
38
|
SECRETS_VAULT_AUTH_TOKEN - this is vault auth token
|
32
39
|
|
@@ -44,37 +51,50 @@ Some of the commands have `--verbose` switch which will print out the commands i
|
|
44
51
|
This will create `.secrets` file with project configuration. The command will ask you all it needs to know if you do not
|
45
52
|
supply the config through options.
|
46
53
|
|
47
|
-
|
54
|
+
Example of the `.secrets`:
|
48
55
|
|
49
|
-
|
50
|
-
|
51
|
-
|
56
|
+
---
|
57
|
+
:secrets_file: config/application.yml # file where your secrets are kept, depending on your environment gem (figaro, dotenv, etc)
|
58
|
+
:secrets_repo: rails/my_project/ # vault 'repo' where your secrets will be kept.
|
59
|
+
:secrets_field: secrets # a field in vault repo where the contents of secrets_file will be written
|
52
60
|
|
53
61
|
### Auth
|
54
62
|
|
55
63
|
$ secrets auth
|
56
64
|
|
57
65
|
You need to first authenticate yourself on vault server to be able to read and write.
|
58
|
-
Needs to be done only _once_ for token.
|
66
|
+
Needs to be done only _once_ for specific token.
|
67
|
+
|
68
|
+
### Repos and environments
|
69
|
+
|
70
|
+
Next 3 commands read and write to your project repo in vault. The value of the repo is generated by
|
71
|
+
secrets_repo + environment. Example:
|
72
|
+
|
73
|
+
`rails/my_project/development`
|
74
|
+
|
75
|
+
Environment is `development` by default, but it can be overwriten by passing `--environment` option, or setting `RAILS_ENV` environment variable.
|
59
76
|
|
60
77
|
### Read
|
61
78
|
|
62
79
|
$ secrets read
|
63
80
|
|
64
|
-
This will only read from vault
|
65
|
-
|
81
|
+
This will only read from vault.
|
82
|
+
|
83
|
+
Example of executed command:
|
84
|
+
|
85
|
+
vault read rails/my_project/development
|
66
86
|
|
67
87
|
### Pull
|
68
88
|
|
69
89
|
$ secrets pull
|
70
90
|
|
71
|
-
This will pull from vault and write to your secrets file.
|
91
|
+
This will pull from vault and write to your secrets file.
|
72
92
|
|
73
93
|
### Push
|
74
94
|
|
75
95
|
$ secrets push
|
76
96
|
|
77
|
-
This will push from your secrets file to vault.
|
97
|
+
This will push from your secrets file to vault.
|
78
98
|
|
79
99
|
## Development
|
80
100
|
|
data/exe/secrets
CHANGED
@@ -14,8 +14,7 @@ command :init do |c|
|
|
14
14
|
c.syntax = 'secrets init [options]'
|
15
15
|
c.summary = 'Use to initialize project, create .secrets file'
|
16
16
|
c.option '-f', '--secrets_file STRING', String, 'Define secrets file'
|
17
|
-
c.option '-
|
18
|
-
c.option '-F', '--secrets_field STRING', String, 'Define secrets field'
|
17
|
+
c.option '-k', '--secrets_storage_key STRING', String, 'Define secrets storage_key'
|
19
18
|
c.action do |_args, options|
|
20
19
|
SecretsCli::Init.new(options).call
|
21
20
|
end
|
@@ -37,8 +36,7 @@ command :pull do |c|
|
|
37
36
|
c.summary = 'Use to read from vault server to secrets file'
|
38
37
|
c.option '-e', '--environment STRING', String, 'Set environment, default: development'
|
39
38
|
c.option '-f', '--secrets_file STRING', String, 'Override secrets_file'
|
40
|
-
c.option '-
|
41
|
-
c.option '-F', '--secrets_field STRING', String, 'Override secrets_field'
|
39
|
+
c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
|
42
40
|
c.option '-d', '--secrets_dir STRING', String, 'Override secrets_dir, default: "."'
|
43
41
|
c.action do |_args, options|
|
44
42
|
SecretsCli::Check::Secrets.new(options).call
|
@@ -52,8 +50,7 @@ command :push do |c|
|
|
52
50
|
c.option '-y', '--without_prompt', 'Push without prompt'
|
53
51
|
c.option '-e', '--environment STRING', String, 'Set environment, default: development'
|
54
52
|
c.option '-f', '--secrets_file STRING', String, 'Override secrets_file'
|
55
|
-
c.option '-
|
56
|
-
c.option '-F', '--secrets_field STRING', String, 'Override secrets_field'
|
53
|
+
c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
|
57
54
|
c.action do |_args, options|
|
58
55
|
SecretsCli::Check::Secrets.new(options).call
|
59
56
|
SecretsCli::Vault::Push.new(options).call
|
@@ -64,8 +61,7 @@ command :read do |c|
|
|
64
61
|
c.syntax = 'secrets read [options]'
|
65
62
|
c.summary = 'Use to only read from vault server without writing to secrets file'
|
66
63
|
c.option '-e', '--environment STRING', String, 'Set environment, default: development'
|
67
|
-
c.option '-
|
68
|
-
c.option '-F', '--secrets_field STRING', String, 'Override secrets_field'
|
64
|
+
c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
|
69
65
|
c.action do |_args, options|
|
70
66
|
SecretsCli::Check::Secrets.new(options).call
|
71
67
|
SecretsCli::Vault::Read.new(options).call
|
@@ -12,8 +12,7 @@ module SecretsCli
|
|
12
12
|
def call
|
13
13
|
error! 'Missing .secrets' unless File.exist?('.secrets')
|
14
14
|
error! 'Missing secrets_file' if missing_secret_file?
|
15
|
-
error! 'Missing
|
16
|
-
error! 'Missing secrets_field' if missing_secret_field?
|
15
|
+
error! 'Missing secrets_storage_key' if missing_secret_storage_key?
|
17
16
|
end
|
18
17
|
|
19
18
|
private
|
@@ -22,12 +21,8 @@ module SecretsCli
|
|
22
21
|
options.secrets_file.nil? && config.secrets_file.nil?
|
23
22
|
end
|
24
23
|
|
25
|
-
def
|
26
|
-
options.
|
27
|
-
end
|
28
|
-
|
29
|
-
def missing_secret_field?
|
30
|
-
options.secrets_field && config.secrets_field.nil?
|
24
|
+
def missing_secret_storage_key?
|
25
|
+
options.secrets_storage_key && config.secrets_storage_key.nil?
|
31
26
|
end
|
32
27
|
end
|
33
28
|
end
|
@@ -12,18 +12,18 @@ module SecretsCli
|
|
12
12
|
def call
|
13
13
|
error! 'Missing vault' if TTY::Which.which('vault').nil?
|
14
14
|
error! 'Missing VAULT_ADDR env' if ENV['VAULT_ADDR'].nil?
|
15
|
-
error! 'Missing
|
16
|
-
error! 'Missing
|
15
|
+
error! 'Missing VAULT_AUTH_TOKEN env' if missing_auth_token?
|
16
|
+
error! 'Missing VAULT_AUTH_METHOD env' if missing_auth_method?
|
17
17
|
end
|
18
18
|
|
19
19
|
private
|
20
20
|
|
21
21
|
def missing_auth_token?
|
22
|
-
options.auth_token.nil? && ENV['
|
22
|
+
options.auth_token.nil? && ENV['VAULT_AUTH_TOKEN'].nil?
|
23
23
|
end
|
24
24
|
|
25
25
|
def missing_auth_method?
|
26
|
-
options.auth_method.nil? && ENV['
|
26
|
+
options.auth_method.nil? && ENV['VAULT_AUTH_METHOD'].nil?
|
27
27
|
end
|
28
28
|
end
|
29
29
|
end
|
@@ -15,12 +15,8 @@ module SecretsCli
|
|
15
15
|
config[:secrets_file]
|
16
16
|
end
|
17
17
|
|
18
|
-
def
|
19
|
-
config[:
|
20
|
-
end
|
21
|
-
|
22
|
-
def secrets_field
|
23
|
-
config[:secrets_field]
|
18
|
+
def secrets_storage_key
|
19
|
+
config[:secrets_storage_key]
|
24
20
|
end
|
25
21
|
|
26
22
|
def self.write(config)
|
data/lib/secrets_cli/init.rb
CHANGED
@@ -19,8 +19,7 @@ module SecretsCli
|
|
19
19
|
def config
|
20
20
|
{
|
21
21
|
secrets_file: secrets_file,
|
22
|
-
|
23
|
-
secrets_field: secrets_field
|
22
|
+
secrets_storage_key: secrets_storage_key
|
24
23
|
}
|
25
24
|
end
|
26
25
|
|
@@ -28,14 +27,10 @@ module SecretsCli
|
|
28
27
|
@secrets_file ||= options.secrets_file || SecretsCli::Prompts::SecretsFile.new.call
|
29
28
|
end
|
30
29
|
|
31
|
-
def
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
end
|
36
|
-
|
37
|
-
def secrets_field
|
38
|
-
options.secrets_field || SecretsCli::Prompts::SecretsField.new.call
|
30
|
+
def secrets_storage_key
|
31
|
+
storage_key = options.secrets_storage_key || SecretsCli::Prompts::SecretsStorageKey.new.call
|
32
|
+
storage_key << '/' unless storage_key.end_with?('/')
|
33
|
+
storage_key
|
39
34
|
end
|
40
35
|
end
|
41
36
|
end
|
@@ -1,10 +1,10 @@
|
|
1
1
|
module SecretsCli
|
2
2
|
module Prompts
|
3
|
-
class
|
3
|
+
class SecretsStorageKey
|
4
4
|
include SecretsCli::Helpers
|
5
5
|
|
6
6
|
def call
|
7
|
-
prompt.ask('What will the secrets
|
7
|
+
prompt.ask('What will the secrets storage key be?', default: default)
|
8
8
|
end
|
9
9
|
|
10
10
|
private
|
@@ -5,8 +5,8 @@ module SecretsCli
|
|
5
5
|
|
6
6
|
def initialize(options)
|
7
7
|
super
|
8
|
-
@auth_token = options.auth_token || ENV['
|
9
|
-
@auth_method = options.auth_method || ENV['
|
8
|
+
@auth_token = options.auth_token || ENV['_VAULT_AUTH_TOKEN']
|
9
|
+
@auth_method = options.auth_method || ENV['VAULT_AUTH_METHOD']
|
10
10
|
end
|
11
11
|
|
12
12
|
private
|
@@ -15,7 +15,7 @@ module SecretsCli
|
|
15
15
|
if wait_thr.value.success?
|
16
16
|
prompt.ok(stdout_and_stderr.read)
|
17
17
|
else
|
18
|
-
error
|
18
|
+
prompt.error(stdout_and_stderr.read)
|
19
19
|
end
|
20
20
|
end
|
21
21
|
end
|
@@ -26,8 +26,8 @@ module SecretsCli
|
|
26
26
|
fail NotImplementedError
|
27
27
|
end
|
28
28
|
|
29
|
-
def
|
30
|
-
File.join(
|
29
|
+
def secrets_full_storage_key
|
30
|
+
File.join(secrets_storage_key, config.environment)
|
31
31
|
end
|
32
32
|
end
|
33
33
|
end
|
@@ -1,12 +1,11 @@
|
|
1
1
|
module SecretsCli
|
2
2
|
module Vault
|
3
3
|
class Push < SecretsCli::Vault::Base
|
4
|
-
attr_reader :
|
4
|
+
attr_reader :secrets_storage_key, :secrets_field, :secrets, :secrets_file
|
5
5
|
|
6
6
|
def initialize(options)
|
7
7
|
super
|
8
|
-
@
|
9
|
-
@secrets_field = options.secrets_field || config.secrets_field
|
8
|
+
@secrets_storage_key = options.secrets_storage_key || config.secrets_storage_key
|
10
9
|
@secrets_file = options.secrets_file || config.secrets_file
|
11
10
|
@secrets = File.read(secrets_file)
|
12
11
|
end
|
@@ -19,11 +18,11 @@ module SecretsCli
|
|
19
18
|
private
|
20
19
|
|
21
20
|
def command
|
22
|
-
"vault write #{
|
21
|
+
"vault write #{secrets_full_storage_key} #{SECRETS_FIELD}=\"#{secrets}\""
|
23
22
|
end
|
24
23
|
|
25
24
|
def are_you_sure?
|
26
|
-
prompt.yes?("Are you sure you want to write #{secrets_file} to #{
|
25
|
+
prompt.yes?("Are you sure you want to write #{secrets_file} to #{secrets_full_storage_key}", default: 'Y')
|
27
26
|
end
|
28
27
|
end
|
29
28
|
end
|
@@ -3,16 +3,15 @@ module SecretsCli
|
|
3
3
|
class Read < SecretsCli::Vault::Base
|
4
4
|
def initialize(options)
|
5
5
|
super
|
6
|
-
@
|
7
|
-
@secrets_field = options.secrets_field || config.secrets_field
|
6
|
+
@secrets_storage_key = options.secrets_storage_key || config.secrets_storage_key
|
8
7
|
end
|
9
8
|
|
10
9
|
private
|
11
10
|
|
12
|
-
attr_reader :
|
11
|
+
attr_reader :secrets_storage_key
|
13
12
|
|
14
13
|
def command
|
15
|
-
"vault read --field=#{
|
14
|
+
"vault read --field=#{SECRETS_FIELD} #{secrets_full_storage_key}"
|
16
15
|
end
|
17
16
|
end
|
18
17
|
end
|
data/lib/secrets_cli/version.rb
CHANGED
data/lib/secrets_cli.rb
CHANGED
@@ -9,8 +9,7 @@ require 'secrets_cli/init'
|
|
9
9
|
require 'secrets_cli/check/secrets'
|
10
10
|
require 'secrets_cli/check/vault'
|
11
11
|
require 'secrets_cli/prompts/secrets_file'
|
12
|
-
require 'secrets_cli/prompts/
|
13
|
-
require 'secrets_cli/prompts/secrets_field'
|
12
|
+
require 'secrets_cli/prompts/secrets_storage_key'
|
14
13
|
require 'secrets_cli/vault/base'
|
15
14
|
require 'secrets_cli/vault/auth'
|
16
15
|
require 'secrets_cli/vault/read'
|
@@ -22,4 +21,5 @@ require 'secrets_cli/version'
|
|
22
21
|
|
23
22
|
module SecretsCli
|
24
23
|
SECRETS_CONFIG_FILE = '.secrets'
|
24
|
+
SECRETS_FIELD = 'secrets'
|
25
25
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: secrets_cli
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Stjepan Hadjic
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-02-
|
11
|
+
date: 2016-02-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -132,9 +132,8 @@ files:
|
|
132
132
|
- lib/secrets_cli/configuration.rb
|
133
133
|
- lib/secrets_cli/helpers.rb
|
134
134
|
- lib/secrets_cli/init.rb
|
135
|
-
- lib/secrets_cli/prompts/secrets_field.rb
|
136
135
|
- lib/secrets_cli/prompts/secrets_file.rb
|
137
|
-
- lib/secrets_cli/prompts/
|
136
|
+
- lib/secrets_cli/prompts/secrets_storage_key.rb
|
138
137
|
- lib/secrets_cli/vault/auth.rb
|
139
138
|
- lib/secrets_cli/vault/base.rb
|
140
139
|
- lib/secrets_cli/vault/pull.rb
|