secrets_cli 1.10.0 → 1.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a7c1d5dacd65932996391d02598e8f06d76a7d4f844cdf06b0a2de0ddad05f6e
-  data.tar.gz: 5fe3a3f7002d3f3b1922ad6db4f4d2f485eab1c2fb48d4405aec7893fcebfbca
+  metadata.gz: 6af10caecd588872e7b6b71370738b48f7724ea57780e3f25617723e5bbd7c1a
+  data.tar.gz: 3547a5dac42ca6ae752e6fd60fbf330e3da9b85d00a685b7deb9cff01805aff2
 SHA512:
-  metadata.gz: 90fa5d1a00f982fc2bcb49348a960bca4a0756ac9f814536ebaba2131b53d8439cd4b80460515df53e1612fbc7325122164f0627c86a3625e8db6d754c85bc58
-  data.tar.gz: 22a9d89f6d11560f5761b287fbd6c46ada673607bcbc0ca51c407c59b50ff0bf82a64b2a43274d0abd0be4df48e908a2792a374ba753b38110140ac70b2ba108
+  metadata.gz: 3efd83f8f1abcfc6d61188531be16e7e9f9e93386a89b27c9bb56f2dd6710e5e6ec05282008fd5702e17652a3455ae1934696e14aad774942f0957e6ec022cca
+  data.tar.gz: e923815d6e97e9b0f1cf36216863cc16cfa71f7a43eca53263eb47df4148d4deed60e47827d1482e782d53a01fe52cc9fc49aaf397dee3b9cdca7094f98cf032

data/README.md

@@ -28,7 +28,7 @@ The following environment variables need to be set:
 
 For `vault` itself:
 
-    VAULT_ADDR - this is an address to your vault server
+    VAULT_ADDR   - address to your vault server (can also be set through config)
     VAULT_CACERT - if you have a self issued certificate, point this environment variable to the location of the root CA file
 
 For `secrets_cli`:
@@ -57,8 +57,10 @@ supply the config through options.
 Example of the `.secrets`:
 
     ---
-    :secrets_file: config/application.yml   # file where your secrets are kept, depending on your environment gem (figaro, dotenv, etc)
-    :secrets_storage_key: rails/my_project/ # vault 'storage_key' where your secrets will be kept.
+    :secrets_file: config/application.yml   # Required; file where your secrets are kept, depending on your environment gem (figaro, dotenv, etc)
+    :secrets_storage_key: rails/my_project/ # Required; vault 'storage_key' where your secrets will be kept.
+    development:                            # Any configuration can be nested under environment
+      :vault_addr: https://myvault.com      # Optional; vault url (default: VAULT_ADDR environment variable) 
 
 ### Policies
 
@@ -99,7 +101,7 @@ This will allow you to edit secrets on the fly. You choose which editor to use b
 
 The same flags apply for editing as for reading:
 
-    $ EDIOTR='atom -w' secrets edit -e production
+    $ EDITOR='atom -w' secrets edit -e production
 
 ### Pull
 
@@ -111,6 +113,8 @@ To pull from a different environment, also supply the `-e` flag and the `-f` fla
 
     $ secrets pull -e production -f config/application.production.yml
 
+You can also supply the `--ci_mode` or `-y` flag to disable prompts and outputs.
+
 ### Push
 
     $ secrets push

data/exe/secrets

@@ -17,6 +17,7 @@ command :init do |c|
   c.summary = 'Use to initialize project, create .secrets file'
   c.option '-f', '--secrets_file STRING', String, 'Define secrets file'
   c.option '-k', '--secrets_storage_key STRING', String, 'Define secrets storage_key'
+  c.option '-a', '--vault_addr STRING', String, 'Vault url'
   c.action do |_args, options|
     SecretsCli::Init.new(options).call
   end

data/lib/secrets_cli.rb

@@ -11,6 +11,7 @@ require 'secrets_cli/check/secrets'
 require 'secrets_cli/check/vault'
 require 'secrets_cli/prompts/secrets_file'
 require 'secrets_cli/prompts/secrets_storage_key'
+require 'secrets_cli/prompts/vault_addr'
 require 'secrets_cli/vault/base'
 require 'secrets_cli/vault/auth'
 require 'secrets_cli/vault/list'
@@ -20,6 +21,8 @@ require 'secrets_cli/vault/push'
 require 'secrets_cli/vault/edit'
 require 'secrets_cli/version'
 
+# require 'pry'
+
 module SecretsCli
   SECRETS_CONFIG_FILE = '.secrets'.freeze
   SECRETS_FIELD = :secrets

data/lib/secrets_cli/check/vault.rb

@@ -10,7 +10,7 @@ module SecretsCli
       end
 
       def call
-        error! 'Missing VAULT_ADDR env' if ENV['VAULT_ADDR'].nil?
+        error! 'Missing vault_addr' if config.vault_addr.nil?
         error! 'Missing VAULT_AUTH_METHOD env' if missing_auth_method?
         case auth_method
         when 'app_id'

data/lib/secrets_cli/configuration.rb

@@ -3,24 +3,35 @@ module SecretsCli
     attr_reader :environment, :verbose
 
     def initialize(options)
-      @environment = options.environment || ENV['RAILS_ENV'] || ENV['NODE_ENV'] || 'development'
+      @environment = (options.environment || ENV['RAILS_ENV'] || ENV['NODE_ENV'] || 'development').to_sym
       @verbose = options.verbose
     end
 
     def config
-      @config ||= YAML.load_file(SECRETS_CONFIG_FILE)
+      @config ||=
+        Psych.load(File.read(SECRETS_CONFIG_FILE), symbolize_names: true)
     end
 
     def secrets_file
-      config[:secrets_file]
+      fetch(:secrets_file)
     end
 
     def secrets_storage_key
-      config[:secrets_storage_key]
+      fetch(:secrets_storage_key)
+    end
+
+    def vault_addr
+      fetch(:vault_addr) || ENV['VAULT_ADDR']
     end
 
     def self.write(config)
       File.open(SECRETS_CONFIG_FILE, 'w') { |file| file.write(config.to_yaml) }
     end
+
+    private
+
+    def fetch(var)
+      config.fetch(environment, {}).fetch(var, nil) || config[var]
+    end
   end
 end

data/lib/secrets_cli/init.rb

@@ -17,10 +17,11 @@ module SecretsCli
     private
 
     def config
-      {
-        secrets_file: secrets_file,
-        secrets_storage_key: secrets_storage_key
-      }
+      {}.tap do |hash|
+        hash[:secrets_file] = secrets_file
+        hash[:secrets_storage_key] = secrets_storage_key
+        hash[:vault_addr] = vault_addr if vault_addr
+      end
     end
 
     def secrets_file
@@ -32,5 +33,9 @@ module SecretsCli
       storage_key << '/' unless storage_key.end_with?('/')
       storage_key
     end
+
+    def vault_addr
+      @vault_addr ||= options.vault_addr || SecretsCli::Prompts::VaultAddr.new.call
+    end
   end
 end

data/lib/secrets_cli/prompts/vault_addr.rb

@@ -0,0 +1,11 @@
+module SecretsCli
+  module Prompts
+    class VaultAddr
+      include SecretsCli::Helpers
+
+      def call
+        prompt.ask('What is the vault address? (if not supplied VAULT_ADDR env will be used)')
+      end
+    end
+  end
+end

data/lib/secrets_cli/vault/auth.rb

@@ -21,13 +21,13 @@ module SecretsCli
       def command
         case auth_method
         when 'github'
-          ::Vault.auth.github(auth_token)
+          vault.auth.github(auth_token)
         when 'token'
-          ::Vault.auth.token(auth_token)
+          vault.auth.token(auth_token)
         when 'app_id'
-          ::Vault.auth.app_id(auth_app_id, auth_user_id)
+          vault.auth.app_id(auth_app_id, auth_user_id)
         when 'approle'
-          ::Vault.auth.approle(auth_role_id, auth_secret_id)
+          vault.auth.approle(auth_role_id, auth_secret_id)
         else
           error! "Unknown auth method #{auth_method}"
         end.auth.policies

data/lib/secrets_cli/vault/base.rb

@@ -12,6 +12,7 @@ module SecretsCli
       def call
         options.verbose ? prompt.ok(command) : command
       rescue => exception
+        # require 'pry'; binding.pry
         error!(exception.message)
       end
 
@@ -21,8 +22,12 @@ module SecretsCli
         raise NotImplementedError
       end
 
+      def vault
+        @vault ||= ::Vault::Client.new(address: config.vault_addr)
+      end
+
       def secrets_full_storage_key
-        File.join(secrets_storage_key, config.environment)
+        File.join(secrets_storage_key, config.environment.to_s)
       end
 
       def compare(first, second)

data/lib/secrets_cli/vault/edit.rb

@@ -12,10 +12,10 @@ module SecretsCli
       attr_reader :secrets_storage_key
 
       def command
-        secrets = ::Vault.logical.read(secrets_full_storage_key)
+        secrets = vault.logical.read(secrets_full_storage_key)
         new_secrets = ask_editor(content(secrets))
         compare(content(secrets), new_secrets)
-        ::Vault.logical.write(secrets_full_storage_key, SECRETS_FIELD => new_secrets)
+        vault.logical.write(secrets_full_storage_key, SECRETS_FIELD => new_secrets)
         new_secrets
       end
 

data/lib/secrets_cli/vault/list.rb

@@ -13,7 +13,7 @@ module SecretsCli
       attr_reader :secrets_storage_key
 
       def command
-        ::Vault.logical.list(secrets_storage_key).join("\n")
+        vault.logical.list(secrets_storage_key).join("\n")
       end
     end
   end

data/lib/secrets_cli/vault/push.rb

@@ -20,22 +20,22 @@ module SecretsCli
       private
 
       def command
-        ::Vault.logical.write(secrets_full_storage_key, SECRETS_FIELD => secrets)
+        vault.logical.write(secrets_full_storage_key, SECRETS_FIELD => secrets)
         secrets
       end
 
       def compare
-        secrets = ::Vault.logical.read(secrets_full_storage_key)
+        secrets = vault.logical.read(secrets_full_storage_key)
         secrets = secrets.nil? ? ' ' : secrets.data[SECRETS_FIELD]
         diff = TTY::File.diff(secrets, secrets_file, verbose: false)
         return if diff == ''
         prompt.ok("There are some differences between #{secrets_file} and vault:")
         pretty_diff(diff)
-        exit 0 unless prompt.yes?("Are you sure you want to override #{secrets_full_storage_key}?")
+        exit 0 unless prompt.yes?("Are you sure you want to override #{config.vault_addr} #{secrets_full_storage_key}?")
       end
 
       def are_you_sure?
-        prompt.yes?("Are you sure you want to write #{secrets_file} to #{secrets_full_storage_key}")
+        prompt.yes?("Are you sure you want to write #{secrets_file} to #{config.vault_addr} #{secrets_full_storage_key}")
       end
     end
   end

data/lib/secrets_cli/vault/read.rb

@@ -13,8 +13,8 @@ module SecretsCli
       attr_reader :secrets_storage_key
 
       def command
-        secrets = ::Vault.logical.read(secrets_full_storage_key)
-        error!("There are no secrets in #{secrets_full_storage_key}") if secrets.nil?
+        secrets = vault.logical.read(secrets_full_storage_key)
+        error!("There are no secrets in #{config.vault_addr} #{secrets_full_storage_key}") if secrets.nil?
         secrets.data[SECRETS_FIELD]
       end
     end

data/lib/secrets_cli/version.rb

@@ -1,3 +1,3 @@
 module SecretsCli
-  VERSION = '1.10.0'
+  VERSION = '1.11.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: secrets_cli
 version: !ruby/object:Gem::Version
-  version: 1.10.0
+  version: 1.11.0
 platform: ruby
 authors:
 - Stjepan Hadjic
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-10-30 00:00:00.000000000 Z
+date: 2019-08-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -149,6 +149,7 @@ files:
 - lib/secrets_cli/init.rb
 - lib/secrets_cli/prompts/secrets_file.rb
 - lib/secrets_cli/prompts/secrets_storage_key.rb
+- lib/secrets_cli/prompts/vault_addr.rb
 - lib/secrets_cli/vault/auth.rb
 - lib/secrets_cli/vault/base.rb
 - lib/secrets_cli/vault/edit.rb
@@ -179,7 +180,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.3
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: This is a CLI for easier use of https://www.vaultproject.io/