secrets_cli 1.9.0 → 1.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +11 -0
- data/exe/secrets +11 -0
- data/lib/secrets_cli.rb +1 -2
- data/lib/secrets_cli/check/secrets.rb +1 -1
- data/lib/secrets_cli/vault/auth.rb +5 -5
- data/lib/secrets_cli/vault/base.rb +9 -1
- data/lib/secrets_cli/vault/edit.rb +28 -0
- data/lib/secrets_cli/vault/pull.rb +1 -9
- data/lib/secrets_cli/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a7c1d5dacd65932996391d02598e8f06d76a7d4f844cdf06b0a2de0ddad05f6e
|
|
4
|
+
data.tar.gz: 5fe3a3f7002d3f3b1922ad6db4f4d2f485eab1c2fb48d4405aec7893fcebfbca
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 90fa5d1a00f982fc2bcb49348a960bca4a0756ac9f814536ebaba2131b53d8439cd4b80460515df53e1612fbc7325122164f0627c86a3625e8db6d754c85bc58
|
|
7
|
+
data.tar.gz: 22a9d89f6d11560f5761b287fbd6c46ada673607bcbc0ca51c407c59b50ff0bf82a64b2a43274d0abd0be4df48e908a2792a374ba753b38110140ac70b2ba108
|
data/README.md
CHANGED
|
@@ -29,6 +29,7 @@ The following environment variables need to be set:
|
|
|
29
29
|
For `vault` itself:
|
|
30
30
|
|
|
31
31
|
VAULT_ADDR - this is an address to your vault server
|
|
32
|
+
VAULT_CACERT - if you have a self issued certificate, point this environment variable to the location of the root CA file
|
|
32
33
|
|
|
33
34
|
For `secrets_cli`:
|
|
34
35
|
|
|
@@ -90,6 +91,16 @@ To read secrets from a different environment, use the `-e` flag:
|
|
|
90
91
|
|
|
91
92
|
$ secrets read -e production
|
|
92
93
|
|
|
94
|
+
### Edit
|
|
95
|
+
|
|
96
|
+
$ secrets edit
|
|
97
|
+
|
|
98
|
+
This will allow you to edit secrets on the fly. You choose which editor to use by defining an `$EDITOR` variable, otherwise it will use one of these: `mate -w`, `vim`, `vi`, `emacs`, `nano`, `pico`
|
|
99
|
+
|
|
100
|
+
The same flags apply for editing as for reading:
|
|
101
|
+
|
|
102
|
+
$ EDIOTR='atom -w' secrets edit -e production
|
|
103
|
+
|
|
93
104
|
### Pull
|
|
94
105
|
|
|
95
106
|
$ secrets pull
|
data/exe/secrets
CHANGED
|
@@ -69,6 +69,17 @@ command :read do |c|
|
|
|
69
69
|
end
|
|
70
70
|
end
|
|
71
71
|
|
|
72
|
+
command :edit do |c|
|
|
73
|
+
c.syntax = 'secrets edit [options]'
|
|
74
|
+
c.summary = 'Use to edit secrets directly in your favorite editor'
|
|
75
|
+
c.option '-e', '--environment STRING', String, 'Set environment, default: development'
|
|
76
|
+
c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
|
|
77
|
+
c.action do |_args, options|
|
|
78
|
+
SecretsCli::Vault::Auth.new(options).call
|
|
79
|
+
SecretsCli::Vault::Edit.new(options).call
|
|
80
|
+
end
|
|
81
|
+
end
|
|
82
|
+
|
|
72
83
|
command :list do |c|
|
|
73
84
|
c.syntax = 'secrets list [options]'
|
|
74
85
|
c.summary = 'Use to list all environemnts'
|
data/lib/secrets_cli.rb
CHANGED
|
@@ -17,10 +17,9 @@ require 'secrets_cli/vault/list'
|
|
|
17
17
|
require 'secrets_cli/vault/read'
|
|
18
18
|
require 'secrets_cli/vault/pull'
|
|
19
19
|
require 'secrets_cli/vault/push'
|
|
20
|
+
require 'secrets_cli/vault/edit'
|
|
20
21
|
require 'secrets_cli/version'
|
|
21
22
|
|
|
22
|
-
# require 'pry'
|
|
23
|
-
|
|
24
23
|
module SecretsCli
|
|
25
24
|
SECRETS_CONFIG_FILE = '.secrets'.freeze
|
|
26
25
|
SECRETS_FIELD = :secrets
|
|
@@ -21,16 +21,16 @@ module SecretsCli
|
|
|
21
21
|
def command
|
|
22
22
|
case auth_method
|
|
23
23
|
when 'github'
|
|
24
|
-
::Vault.auth.github(auth_token)
|
|
24
|
+
::Vault.auth.github(auth_token)
|
|
25
25
|
when 'token'
|
|
26
|
-
::Vault.auth.token(auth_token)
|
|
26
|
+
::Vault.auth.token(auth_token)
|
|
27
27
|
when 'app_id'
|
|
28
|
-
::Vault.auth.app_id(auth_app_id, auth_user_id)
|
|
28
|
+
::Vault.auth.app_id(auth_app_id, auth_user_id)
|
|
29
29
|
when 'approle'
|
|
30
|
-
::Vault.auth.approle(auth_role_id, auth_secret_id)
|
|
30
|
+
::Vault.auth.approle(auth_role_id, auth_secret_id)
|
|
31
31
|
else
|
|
32
32
|
error! "Unknown auth method #{auth_method}"
|
|
33
|
-
end
|
|
33
|
+
end.auth.policies
|
|
34
34
|
end
|
|
35
35
|
end
|
|
36
36
|
end
|
|
@@ -18,12 +18,20 @@ module SecretsCli
|
|
|
18
18
|
private
|
|
19
19
|
|
|
20
20
|
def command
|
|
21
|
-
|
|
21
|
+
raise NotImplementedError
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
def secrets_full_storage_key
|
|
25
25
|
File.join(secrets_storage_key, config.environment)
|
|
26
26
|
end
|
|
27
|
+
|
|
28
|
+
def compare(first, second)
|
|
29
|
+
diff = TTY::File.diff(first, second, verbose: false)
|
|
30
|
+
return if diff == ''
|
|
31
|
+
prompt.ok('There are some differences:')
|
|
32
|
+
pretty_diff(diff)
|
|
33
|
+
exit 0 unless prompt.yes?('Are you sure you want to override?')
|
|
34
|
+
end
|
|
27
35
|
end
|
|
28
36
|
end
|
|
29
37
|
end
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
module SecretsCli
|
|
2
|
+
module Vault
|
|
3
|
+
class Edit < SecretsCli::Vault::Base
|
|
4
|
+
def initialize(options)
|
|
5
|
+
super
|
|
6
|
+
SecretsCli::Check::Secrets.new(:edit, options).call
|
|
7
|
+
@secrets_storage_key = options.secrets_storage_key || config.secrets_storage_key
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
private
|
|
11
|
+
|
|
12
|
+
attr_reader :secrets_storage_key
|
|
13
|
+
|
|
14
|
+
def command
|
|
15
|
+
secrets = ::Vault.logical.read(secrets_full_storage_key)
|
|
16
|
+
new_secrets = ask_editor(content(secrets))
|
|
17
|
+
compare(content(secrets), new_secrets)
|
|
18
|
+
::Vault.logical.write(secrets_full_storage_key, SECRETS_FIELD => new_secrets)
|
|
19
|
+
new_secrets
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def content(secrets)
|
|
23
|
+
return '' if secrets.nil?
|
|
24
|
+
secrets.data[SECRETS_FIELD]
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
@@ -14,19 +14,11 @@ module SecretsCli
|
|
|
14
14
|
|
|
15
15
|
def command
|
|
16
16
|
secrets = super
|
|
17
|
-
compare(secrets) unless options.ci_mode
|
|
17
|
+
compare(secrets_file, secrets) unless options.ci_mode
|
|
18
18
|
write(secrets)
|
|
19
19
|
secrets
|
|
20
20
|
end
|
|
21
21
|
|
|
22
|
-
def compare(secrets)
|
|
23
|
-
diff = TTY::File.diff(secrets_file, secrets, verbose: false)
|
|
24
|
-
return if diff == ''
|
|
25
|
-
prompt.ok("There are some differences between #{secrets_file} and vault:")
|
|
26
|
-
pretty_diff(diff)
|
|
27
|
-
exit 0 unless prompt.yes?("Are you sure you want to override #{secrets_file}?")
|
|
28
|
-
end
|
|
29
|
-
|
|
30
22
|
def write(secrets)
|
|
31
23
|
print_verbose("Writing to #{secrets_file}")
|
|
32
24
|
File.open(secrets_path, 'w') { |file| file.write(secrets) }
|
data/lib/secrets_cli/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: secrets_cli
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Stjepan Hadjic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-10-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -151,6 +151,7 @@ files:
|
|
|
151
151
|
- lib/secrets_cli/prompts/secrets_storage_key.rb
|
|
152
152
|
- lib/secrets_cli/vault/auth.rb
|
|
153
153
|
- lib/secrets_cli/vault/base.rb
|
|
154
|
+
- lib/secrets_cli/vault/edit.rb
|
|
154
155
|
- lib/secrets_cli/vault/list.rb
|
|
155
156
|
- lib/secrets_cli/vault/pull.rb
|
|
156
157
|
- lib/secrets_cli/vault/push.rb
|