secrets_cli 1.9.0 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 53a0fb33b59e2c3822709f7f1cd867950891ca681a44fcf283445e74bba4f083
4
- data.tar.gz: ba8a2b7ca914db4d63364dccd98b3d6af90bf74c37d56efc1dd1d8cae26806dc
3
+ metadata.gz: a7c1d5dacd65932996391d02598e8f06d76a7d4f844cdf06b0a2de0ddad05f6e
4
+ data.tar.gz: 5fe3a3f7002d3f3b1922ad6db4f4d2f485eab1c2fb48d4405aec7893fcebfbca
5
5
  SHA512:
6
- metadata.gz: 996fa8086874396b8af0b70cf8905d8ae554abec87370e873c62f60a7c287dc01f16589e556bdb0c17fd887a269cf837dbd14b7b4f062dc6a81e187c7f463e44
7
- data.tar.gz: cbaa6ac7f1c577924d996b8ad3945fca240eb1f9e27b8c733c00393187916e35b09ee647f6448e63b7b3ea92e918020bbca9a295ba0c87d7e9f6f93bc1a0c3d8
6
+ metadata.gz: 90fa5d1a00f982fc2bcb49348a960bca4a0756ac9f814536ebaba2131b53d8439cd4b80460515df53e1612fbc7325122164f0627c86a3625e8db6d754c85bc58
7
+ data.tar.gz: 22a9d89f6d11560f5761b287fbd6c46ada673607bcbc0ca51c407c59b50ff0bf82a64b2a43274d0abd0be4df48e908a2792a374ba753b38110140ac70b2ba108
data/README.md CHANGED
@@ -29,6 +29,7 @@ The following environment variables need to be set:
29
29
  For `vault` itself:
30
30
 
31
31
  VAULT_ADDR - this is an address to your vault server
32
+ VAULT_CACERT - if you have a self issued certificate, point this environment variable to the location of the root CA file
32
33
 
33
34
  For `secrets_cli`:
34
35
 
@@ -90,6 +91,16 @@ To read secrets from a different environment, use the `-e` flag:
90
91
 
91
92
  $ secrets read -e production
92
93
 
94
+ ### Edit
95
+
96
+ $ secrets edit
97
+
98
+ This will allow you to edit secrets on the fly. You choose which editor to use by defining an `$EDITOR` variable, otherwise it will use one of these: `mate -w`, `vim`, `vi`, `emacs`, `nano`, `pico`
99
+
100
+ The same flags apply for editing as for reading:
101
+
102
+ $ EDIOTR='atom -w' secrets edit -e production
103
+
93
104
  ### Pull
94
105
 
95
106
  $ secrets pull
@@ -69,6 +69,17 @@ command :read do |c|
69
69
  end
70
70
  end
71
71
 
72
+ command :edit do |c|
73
+ c.syntax = 'secrets edit [options]'
74
+ c.summary = 'Use to edit secrets directly in your favorite editor'
75
+ c.option '-e', '--environment STRING', String, 'Set environment, default: development'
76
+ c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
77
+ c.action do |_args, options|
78
+ SecretsCli::Vault::Auth.new(options).call
79
+ SecretsCli::Vault::Edit.new(options).call
80
+ end
81
+ end
82
+
72
83
  command :list do |c|
73
84
  c.syntax = 'secrets list [options]'
74
85
  c.summary = 'Use to list all environemnts'
@@ -17,10 +17,9 @@ require 'secrets_cli/vault/list'
17
17
  require 'secrets_cli/vault/read'
18
18
  require 'secrets_cli/vault/pull'
19
19
  require 'secrets_cli/vault/push'
20
+ require 'secrets_cli/vault/edit'
20
21
  require 'secrets_cli/version'
21
22
 
22
- # require 'pry'
23
-
24
23
  module SecretsCli
25
24
  SECRETS_CONFIG_FILE = '.secrets'.freeze
26
25
  SECRETS_FIELD = :secrets
@@ -24,7 +24,7 @@ module SecretsCli
24
24
  end
25
25
 
26
26
  def require_secrets_file?
27
- action != :read
27
+ ![:read, :edit].include?(action)
28
28
  end
29
29
 
30
30
  def missing_secret_storage_key?
@@ -21,16 +21,16 @@ module SecretsCli
21
21
  def command
22
22
  case auth_method
23
23
  when 'github'
24
- ::Vault.auth.github(auth_token).auth.policies
24
+ ::Vault.auth.github(auth_token)
25
25
  when 'token'
26
- ::Vault.auth.token(auth_token).auth.policies
26
+ ::Vault.auth.token(auth_token)
27
27
  when 'app_id'
28
- ::Vault.auth.app_id(auth_app_id, auth_user_id).auth.policies
28
+ ::Vault.auth.app_id(auth_app_id, auth_user_id)
29
29
  when 'approle'
30
- ::Vault.auth.approle(auth_role_id, auth_secret_id).auth.policies
30
+ ::Vault.auth.approle(auth_role_id, auth_secret_id)
31
31
  else
32
32
  error! "Unknown auth method #{auth_method}"
33
- end
33
+ end.auth.policies
34
34
  end
35
35
  end
36
36
  end
@@ -18,12 +18,20 @@ module SecretsCli
18
18
  private
19
19
 
20
20
  def command
21
- fail NotImplementedError
21
+ raise NotImplementedError
22
22
  end
23
23
 
24
24
  def secrets_full_storage_key
25
25
  File.join(secrets_storage_key, config.environment)
26
26
  end
27
+
28
+ def compare(first, second)
29
+ diff = TTY::File.diff(first, second, verbose: false)
30
+ return if diff == ''
31
+ prompt.ok('There are some differences:')
32
+ pretty_diff(diff)
33
+ exit 0 unless prompt.yes?('Are you sure you want to override?')
34
+ end
27
35
  end
28
36
  end
29
37
  end
@@ -0,0 +1,28 @@
1
+ module SecretsCli
2
+ module Vault
3
+ class Edit < SecretsCli::Vault::Base
4
+ def initialize(options)
5
+ super
6
+ SecretsCli::Check::Secrets.new(:edit, options).call
7
+ @secrets_storage_key = options.secrets_storage_key || config.secrets_storage_key
8
+ end
9
+
10
+ private
11
+
12
+ attr_reader :secrets_storage_key
13
+
14
+ def command
15
+ secrets = ::Vault.logical.read(secrets_full_storage_key)
16
+ new_secrets = ask_editor(content(secrets))
17
+ compare(content(secrets), new_secrets)
18
+ ::Vault.logical.write(secrets_full_storage_key, SECRETS_FIELD => new_secrets)
19
+ new_secrets
20
+ end
21
+
22
+ def content(secrets)
23
+ return '' if secrets.nil?
24
+ secrets.data[SECRETS_FIELD]
25
+ end
26
+ end
27
+ end
28
+ end
@@ -14,19 +14,11 @@ module SecretsCli
14
14
 
15
15
  def command
16
16
  secrets = super
17
- compare(secrets) unless options.ci_mode
17
+ compare(secrets_file, secrets) unless options.ci_mode
18
18
  write(secrets)
19
19
  secrets
20
20
  end
21
21
 
22
- def compare(secrets)
23
- diff = TTY::File.diff(secrets_file, secrets, verbose: false)
24
- return if diff == ''
25
- prompt.ok("There are some differences between #{secrets_file} and vault:")
26
- pretty_diff(diff)
27
- exit 0 unless prompt.yes?("Are you sure you want to override #{secrets_file}?")
28
- end
29
-
30
22
  def write(secrets)
31
23
  print_verbose("Writing to #{secrets_file}")
32
24
  File.open(secrets_path, 'w') { |file| file.write(secrets) }
@@ -1,3 +1,3 @@
1
1
  module SecretsCli
2
- VERSION = '1.9.0'
2
+ VERSION = '1.10.0'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secrets_cli
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.9.0
4
+ version: 1.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stjepan Hadjic
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-02-02 00:00:00.000000000 Z
11
+ date: 2018-10-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -151,6 +151,7 @@ files:
151
151
  - lib/secrets_cli/prompts/secrets_storage_key.rb
152
152
  - lib/secrets_cli/vault/auth.rb
153
153
  - lib/secrets_cli/vault/base.rb
154
+ - lib/secrets_cli/vault/edit.rb
154
155
  - lib/secrets_cli/vault/list.rb
155
156
  - lib/secrets_cli/vault/pull.rb
156
157
  - lib/secrets_cli/vault/push.rb