secrets_cli 1.9.0 → 1.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +11 -0
- data/exe/secrets +11 -0
- data/lib/secrets_cli.rb +1 -2
- data/lib/secrets_cli/check/secrets.rb +1 -1
- data/lib/secrets_cli/vault/auth.rb +5 -5
- data/lib/secrets_cli/vault/base.rb +9 -1
- data/lib/secrets_cli/vault/edit.rb +28 -0
- data/lib/secrets_cli/vault/pull.rb +1 -9
- data/lib/secrets_cli/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a7c1d5dacd65932996391d02598e8f06d76a7d4f844cdf06b0a2de0ddad05f6e
|
4
|
+
data.tar.gz: 5fe3a3f7002d3f3b1922ad6db4f4d2f485eab1c2fb48d4405aec7893fcebfbca
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 90fa5d1a00f982fc2bcb49348a960bca4a0756ac9f814536ebaba2131b53d8439cd4b80460515df53e1612fbc7325122164f0627c86a3625e8db6d754c85bc58
|
7
|
+
data.tar.gz: 22a9d89f6d11560f5761b287fbd6c46ada673607bcbc0ca51c407c59b50ff0bf82a64b2a43274d0abd0be4df48e908a2792a374ba753b38110140ac70b2ba108
|
data/README.md
CHANGED
@@ -29,6 +29,7 @@ The following environment variables need to be set:
|
|
29
29
|
For `vault` itself:
|
30
30
|
|
31
31
|
VAULT_ADDR - this is an address to your vault server
|
32
|
+
VAULT_CACERT - if you have a self issued certificate, point this environment variable to the location of the root CA file
|
32
33
|
|
33
34
|
For `secrets_cli`:
|
34
35
|
|
@@ -90,6 +91,16 @@ To read secrets from a different environment, use the `-e` flag:
|
|
90
91
|
|
91
92
|
$ secrets read -e production
|
92
93
|
|
94
|
+
### Edit
|
95
|
+
|
96
|
+
$ secrets edit
|
97
|
+
|
98
|
+
This will allow you to edit secrets on the fly. You choose which editor to use by defining an `$EDITOR` variable, otherwise it will use one of these: `mate -w`, `vim`, `vi`, `emacs`, `nano`, `pico`
|
99
|
+
|
100
|
+
The same flags apply for editing as for reading:
|
101
|
+
|
102
|
+
$ EDIOTR='atom -w' secrets edit -e production
|
103
|
+
|
93
104
|
### Pull
|
94
105
|
|
95
106
|
$ secrets pull
|
data/exe/secrets
CHANGED
@@ -69,6 +69,17 @@ command :read do |c|
|
|
69
69
|
end
|
70
70
|
end
|
71
71
|
|
72
|
+
command :edit do |c|
|
73
|
+
c.syntax = 'secrets edit [options]'
|
74
|
+
c.summary = 'Use to edit secrets directly in your favorite editor'
|
75
|
+
c.option '-e', '--environment STRING', String, 'Set environment, default: development'
|
76
|
+
c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
|
77
|
+
c.action do |_args, options|
|
78
|
+
SecretsCli::Vault::Auth.new(options).call
|
79
|
+
SecretsCli::Vault::Edit.new(options).call
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
72
83
|
command :list do |c|
|
73
84
|
c.syntax = 'secrets list [options]'
|
74
85
|
c.summary = 'Use to list all environemnts'
|
data/lib/secrets_cli.rb
CHANGED
@@ -17,10 +17,9 @@ require 'secrets_cli/vault/list'
|
|
17
17
|
require 'secrets_cli/vault/read'
|
18
18
|
require 'secrets_cli/vault/pull'
|
19
19
|
require 'secrets_cli/vault/push'
|
20
|
+
require 'secrets_cli/vault/edit'
|
20
21
|
require 'secrets_cli/version'
|
21
22
|
|
22
|
-
# require 'pry'
|
23
|
-
|
24
23
|
module SecretsCli
|
25
24
|
SECRETS_CONFIG_FILE = '.secrets'.freeze
|
26
25
|
SECRETS_FIELD = :secrets
|
@@ -21,16 +21,16 @@ module SecretsCli
|
|
21
21
|
def command
|
22
22
|
case auth_method
|
23
23
|
when 'github'
|
24
|
-
::Vault.auth.github(auth_token)
|
24
|
+
::Vault.auth.github(auth_token)
|
25
25
|
when 'token'
|
26
|
-
::Vault.auth.token(auth_token)
|
26
|
+
::Vault.auth.token(auth_token)
|
27
27
|
when 'app_id'
|
28
|
-
::Vault.auth.app_id(auth_app_id, auth_user_id)
|
28
|
+
::Vault.auth.app_id(auth_app_id, auth_user_id)
|
29
29
|
when 'approle'
|
30
|
-
::Vault.auth.approle(auth_role_id, auth_secret_id)
|
30
|
+
::Vault.auth.approle(auth_role_id, auth_secret_id)
|
31
31
|
else
|
32
32
|
error! "Unknown auth method #{auth_method}"
|
33
|
-
end
|
33
|
+
end.auth.policies
|
34
34
|
end
|
35
35
|
end
|
36
36
|
end
|
@@ -18,12 +18,20 @@ module SecretsCli
|
|
18
18
|
private
|
19
19
|
|
20
20
|
def command
|
21
|
-
|
21
|
+
raise NotImplementedError
|
22
22
|
end
|
23
23
|
|
24
24
|
def secrets_full_storage_key
|
25
25
|
File.join(secrets_storage_key, config.environment)
|
26
26
|
end
|
27
|
+
|
28
|
+
def compare(first, second)
|
29
|
+
diff = TTY::File.diff(first, second, verbose: false)
|
30
|
+
return if diff == ''
|
31
|
+
prompt.ok('There are some differences:')
|
32
|
+
pretty_diff(diff)
|
33
|
+
exit 0 unless prompt.yes?('Are you sure you want to override?')
|
34
|
+
end
|
27
35
|
end
|
28
36
|
end
|
29
37
|
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module SecretsCli
|
2
|
+
module Vault
|
3
|
+
class Edit < SecretsCli::Vault::Base
|
4
|
+
def initialize(options)
|
5
|
+
super
|
6
|
+
SecretsCli::Check::Secrets.new(:edit, options).call
|
7
|
+
@secrets_storage_key = options.secrets_storage_key || config.secrets_storage_key
|
8
|
+
end
|
9
|
+
|
10
|
+
private
|
11
|
+
|
12
|
+
attr_reader :secrets_storage_key
|
13
|
+
|
14
|
+
def command
|
15
|
+
secrets = ::Vault.logical.read(secrets_full_storage_key)
|
16
|
+
new_secrets = ask_editor(content(secrets))
|
17
|
+
compare(content(secrets), new_secrets)
|
18
|
+
::Vault.logical.write(secrets_full_storage_key, SECRETS_FIELD => new_secrets)
|
19
|
+
new_secrets
|
20
|
+
end
|
21
|
+
|
22
|
+
def content(secrets)
|
23
|
+
return '' if secrets.nil?
|
24
|
+
secrets.data[SECRETS_FIELD]
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -14,19 +14,11 @@ module SecretsCli
|
|
14
14
|
|
15
15
|
def command
|
16
16
|
secrets = super
|
17
|
-
compare(secrets) unless options.ci_mode
|
17
|
+
compare(secrets_file, secrets) unless options.ci_mode
|
18
18
|
write(secrets)
|
19
19
|
secrets
|
20
20
|
end
|
21
21
|
|
22
|
-
def compare(secrets)
|
23
|
-
diff = TTY::File.diff(secrets_file, secrets, verbose: false)
|
24
|
-
return if diff == ''
|
25
|
-
prompt.ok("There are some differences between #{secrets_file} and vault:")
|
26
|
-
pretty_diff(diff)
|
27
|
-
exit 0 unless prompt.yes?("Are you sure you want to override #{secrets_file}?")
|
28
|
-
end
|
29
|
-
|
30
22
|
def write(secrets)
|
31
23
|
print_verbose("Writing to #{secrets_file}")
|
32
24
|
File.open(secrets_path, 'w') { |file| file.write(secrets) }
|
data/lib/secrets_cli/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: secrets_cli
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.10.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Stjepan Hadjic
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-10-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -151,6 +151,7 @@ files:
|
|
151
151
|
- lib/secrets_cli/prompts/secrets_storage_key.rb
|
152
152
|
- lib/secrets_cli/vault/auth.rb
|
153
153
|
- lib/secrets_cli/vault/base.rb
|
154
|
+
- lib/secrets_cli/vault/edit.rb
|
154
155
|
- lib/secrets_cli/vault/list.rb
|
155
156
|
- lib/secrets_cli/vault/pull.rb
|
156
157
|
- lib/secrets_cli/vault/push.rb
|