RubyGems - secrets_cli - Versions diffs - 1.12.3 → 1.13.0.beta - Mend

secrets_cli 1.12.3 → 1.13.0.beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/exe/secrets +8 -6
data/lib/secrets_cli/backend/kv.rb +24 -0
data/lib/secrets_cli/backend/logical.rb +23 -0
data/lib/secrets_cli/configuration.rb +8 -0
data/lib/secrets_cli/init.rb +6 -1
data/lib/secrets_cli/prompts/backend.rb +11 -0
data/lib/secrets_cli/prompts/vault_addr.rb +1 -1
data/lib/secrets_cli/vault/auth.rb +5 -5
data/lib/secrets_cli/vault/base.rb +12 -3
data/lib/secrets_cli/vault/edit.rb +2 -2
data/lib/secrets_cli/vault/list.rb +1 -1
data/lib/secrets_cli/vault/push.rb +4 -3
data/lib/secrets_cli/vault/read.rb +1 -2
data/lib/secrets_cli/version.rb +1 -1
data/lib/secrets_cli.rb +2 -0
data/secrets_cli.gemspec +3 -3
metadata +22 -18

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ab3dc381cb5faef26b4d248db2cef823176c22bbc1751934861a9f14349996c4
-  data.tar.gz: 90c0f76a289e64bbf5c37be71cf584b6ffd9f7413311bbcb263750f95ca8ec7f
+  metadata.gz: 773250ad4e70bcac74743dfdaa458994a5cb6c505ac0f52de4b756f0e167da2b
+  data.tar.gz: 41a43aa03afde98131ac62a903fd14bda5f91661fc840adbc81eefa033ca64dc
 SHA512:
-  metadata.gz: 5e5b7920c0bf7a3e5d0b52759f9c33ae84dcd925d4c73d01662de67d5502eca33dcdca9c000deea1ead0dce0ee344596289828d5eaa78304acfd1b0d0d1a8494
-  data.tar.gz: 0def29e0a5572c5c671e505170cf2db7bb0c024abad82d3ee5d372a774fb219617b5228cbec6f69aeab2d3a36611a8e6f780f2185ce174435dba255de5a58945
+  metadata.gz: df5a91b0c95f0592d44f03347d1b788a2857a7a2e2e2fc1d9aba437769f81c65b1de163dc88cad2790f661d28055caf9e1a3b8ff5228b05f8095ee29a7f344d5
+  data.tar.gz: 3a3a2815393070aa91121b3a84cdab022028b7c8e93cdc449bfbda5873ea470f4c9b775053bb3026232a6f3b53de7f868ec2fc7d4be1127a1bbb1ca024656ead

data/.gitignore CHANGED Viewed

@@ -8,4 +8,5 @@
 /spec/reports/
 /tmp/
 .secrets
+.env
 /config/

data/exe/secrets CHANGED Viewed

@@ -18,6 +18,7 @@ command :init do |c|
   c.option '-f', '--secrets_file STRING', String, 'Define secrets file'
   c.option '-k', '--secrets_storage_key STRING', String, 'Define secrets storage_key'
   c.option '-a', '--vault_addr STRING', String, 'Vault url'
+  c.option '-b', '--vault_backend STRING', String, 'Vault backend'
   c.action do |_args, options|
     SecretsCli::Init.new(options).call
   end
@@ -27,8 +28,7 @@ command :policies do |c|
   c.syntax = 'secrets policies'
   c.summary = 'Check what policies your auth has'
   c.action do |_args, options|
-    options.default verbose: true
-    SecretsCli::Vault::Policies.new(options).call
+    SecretsCli::Vault::Policies.new(options).call(verbose: true)
   end
 end
@@ -41,7 +41,7 @@ command :pull do |c|
   c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
   c.option '-d', '--secrets_dir STRING', String, 'Override secrets_dir, default: "."'
   c.action do |_args, options|
-    SecretsCli::Vault::Pull.new(options).call
+    SecretsCli::Vault::Pull.new(options).call(verbose: options.verbose)
   end
 end
@@ -53,7 +53,7 @@ command :push do |c|
   c.option '-f', '--secrets_file STRING', String, 'Override secrets_file'
   c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
   c.action do |_args, options|
-    SecretsCli::Vault::Push.new(options).call
+    SecretsCli::Vault::Push.new(options).call(verbose: options.verbose)
   end
 end
@@ -62,8 +62,10 @@ command :read do |c|
   c.summary = 'Use to only read from vault server without writing to secrets file'
   c.option '-e', '--environment STRING', String, 'Set environment, default: development'
   c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
+  c.option '-m', '--mount STRING', String, 'Set mount point (used in kv backend)'
+  c.option '-n', '--kv_version STRING', Integer, 'Version of secret (used in kv backend)'
   c.action do |_args, options|
-    SecretsCli::Vault::Read.new(options).call
+    SecretsCli::Vault::Read.new(options).call(verbose: !options.ci_mode)
   end
 end
@@ -82,6 +84,6 @@ command :list do |c|
   c.summary = 'Use to list all environemnts'
   c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
   c.action do |_args, options|
-    SecretsCli::Vault::List.new(options).call
+    SecretsCli::Vault::List.new(options).call(verbose: true)
   end
 end

data/lib/secrets_cli/backend/kv.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module SecretsCli
+  module Backend
+    class KV
+      attr_reader :version, :client
+      def initialize(vault, mount, version = nil)
+        @client = vault.kv(mount)
+        @version = version
+      end
+      def list(path)
+        client.list(path)
+      end
+      def read(path)
+        client.read(path, version)
+      end
+      def write(path, data)
+        client.write(path, data)
+      end
+    end
+  end
+end

data/lib/secrets_cli/backend/logical.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module SecretsCli
+  module Backend
+    class Logical
+      attr_reader :client
+      def initialize(vault)
+        @client = vault.logical
+      end
+      def list(path)
+        client.list(path)
+      end
+      def read(path)
+        client.read(path)
+      end
+      def write(path, data)
+        client.write(path, data)
+      end
+    end
+  end
+end

data/lib/secrets_cli/configuration.rb CHANGED Viewed

@@ -24,6 +24,14 @@ module SecretsCli
       fetch(:vault_addr) || ENV['VAULT_ADDR']
     end
+    def backend
+      fetch(:backend) || 'logical'
+    end
+    def mount
+      fetch(:mount)
+    end
     def self.write(config)
       File.open(SECRETS_CONFIG_FILE, 'w') { |file| file.write(config.to_yaml) }
     end

data/lib/secrets_cli/init.rb CHANGED Viewed

@@ -20,7 +20,8 @@ module SecretsCli
       {}.tap do |hash|
         hash[:secrets_file] = secrets_file
         hash[:secrets_storage_key] = secrets_storage_key
-        hash[:vault_addr] = vault_addr if vault_addr
+        hash[:vault_addr] = vault_addr
+        hash[:backend] = backend
       end
     end
@@ -37,5 +38,9 @@ module SecretsCli
     def vault_addr
       @vault_addr ||= options.vault_addr || SecretsCli::Prompts::VaultAddr.new.call
     end
+    def backend
+      @backend ||= options.backend || SecretsCli::Prompts::Backend.new.call
+    end
   end
 end

data/lib/secrets_cli/prompts/backend.rb ADDED Viewed

@@ -0,0 +1,11 @@
+module SecretsCli
+  module Prompts
+    class Backend
+      include SecretsCli::Helpers
+      def call
+        prompt.ask('What is the vault backend? (logical or kv)', default: 'logical')
+      end
+    end
+  end
+end

data/lib/secrets_cli/prompts/vault_addr.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module SecretsCli
       include SecretsCli::Helpers
       def call
-        prompt.ask('What is the vault address? (if not supplied VAULT_ADDR env will be used)')
+        prompt.ask('What is the vault address? (https://vault.example.com:8200)')
       end
     end
   end

data/lib/secrets_cli/vault/auth.rb CHANGED Viewed

@@ -21,16 +21,16 @@ module SecretsCli
       def command
         case auth_method
         when 'github'
-          vault.auth.github(auth_token)
+          vault.auth.github(auth_token).auth.client_token
         when 'token'
-          vault.auth.token(auth_token)
+          auth_token
         when 'app_id'
-          vault.auth.app_id(auth_app_id, auth_user_id)
+          vault.auth.app_id(auth_app_id, auth_user_id).auth.client_token
         when 'approle'
-          vault.auth.approle(auth_role_id, auth_secret_id)
+          vault.auth.approle(auth_role_id, auth_secret_id).auth.client_token
         else
           error! "Unknown auth method #{auth_method}"
-        end.auth
+        end
       end
       def vault

data/lib/secrets_cli/vault/base.rb CHANGED Viewed

@@ -9,8 +9,8 @@ module SecretsCli
         @options = options
       end
-      def call
-        options.verbose && !self.is_a?(SecretsCli::Vault::Auth) ? prompt.ok(command).first : command
+      def call(verbose: false)
+        verbose ? prompt.ok(command).first : command
       rescue => exception
         # require 'pry'; binding.pry
         error!(exception.message)
@@ -26,10 +26,18 @@ module SecretsCli
         @vault ||=
           ::Vault::Client.new(
             address: config.vault_addr,
-            token: SecretsCli::Vault::Auth.new(options).call.client_token
+            token: SecretsCli::Vault::Auth.new(options).call
           )
       end
+      def backend
+        @backend ||=
+          case config.backend
+          when 'logical' then SecretsCli::Backend::Logical.new(vault)
+          when 'kv' then SecretsCli::Backend::KV.new(vault, config.mount, options.kv_version)
+          end
+      end
       def secrets_full_storage_key
         File.join(secrets_storage_key, config.environment.to_s)
       end
@@ -37,6 +45,7 @@ module SecretsCli
       def compare(first, second)
         diff = TTY::File.diff(first, second, verbose: false)
         return if diff == ''
         prompt.ok('There are some differences:')
         pretty_diff(diff)
         exit 0 unless prompt.yes?('Are you sure you want to override?')

data/lib/secrets_cli/vault/edit.rb CHANGED Viewed

@@ -12,10 +12,10 @@ module SecretsCli
       attr_reader :secrets_storage_key
       def command
-        secrets = vault.logical.read(secrets_full_storage_key)
+        secrets = backend.read(secrets_full_storage_key)
         new_secrets = ask_editor(content(secrets))
         compare(content(secrets), new_secrets)
-        vault.logical.write(secrets_full_storage_key, SECRETS_FIELD => new_secrets)
+        backend.write(secrets_full_storage_key, SECRETS_FIELD => new_secrets)
         new_secrets
       end

data/lib/secrets_cli/vault/list.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module SecretsCli
       attr_reader :secrets_storage_key
       def command
-        vault.logical.list(secrets_storage_key).join("\n")
+        backend.list(secrets_storage_key).join("\n")
       end
     end
   end

data/lib/secrets_cli/vault/push.rb CHANGED Viewed

@@ -11,8 +11,9 @@ module SecretsCli
         @secrets = File.read(secrets_file)
       end
-      def call
+      def call(verbose: false)
         return if !options.ci_mode && !are_you_sure?
         compare unless options.ci_mode
         super
       end
@@ -20,12 +21,12 @@ module SecretsCli
       private
       def command
-        vault.logical.write(secrets_full_storage_key, SECRETS_FIELD => secrets)
+        backend.write(secrets_full_storage_key, SECRETS_FIELD => secrets)
         secrets
       end
       def compare
-        secrets = vault.logical.read(secrets_full_storage_key)
+        secrets = backend.read(secrets_full_storage_key)
         secrets = secrets.nil? ? ' ' : secrets.data[SECRETS_FIELD]
         diff = TTY::File.diff(secrets, secrets_file, verbose: false)
         return if diff == ''

data/lib/secrets_cli/vault/read.rb CHANGED Viewed

@@ -3,7 +3,6 @@ module SecretsCli
     class Read < SecretsCli::Vault::Base
       def initialize(options)
         super
-        options.default(verbose: !options.ci_mode)
         SecretsCli::Check::Secrets.new(:read, options).call
         @secrets_storage_key = options.secrets_storage_key || config.secrets_storage_key
       end
@@ -13,7 +12,7 @@ module SecretsCli
       attr_reader :secrets_storage_key
       def command
-        secrets = vault.logical.read(secrets_full_storage_key)
+        secrets = backend.read(secrets_full_storage_key)
         error!("There are no secrets in #{config.vault_addr} #{secrets_full_storage_key}") if secrets.nil?
         secrets.data[SECRETS_FIELD]
       end

data/lib/secrets_cli/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module SecretsCli
-  VERSION = '1.12.3'
+  VERSION = '1.13.0.beta'
 end

data/lib/secrets_cli.rb CHANGED Viewed

@@ -12,6 +12,8 @@ require 'secrets_cli/check/vault'
 require 'secrets_cli/prompts/secrets_file'
 require 'secrets_cli/prompts/secrets_storage_key'
 require 'secrets_cli/prompts/vault_addr'
+require 'secrets_cli/backend/logical'
+require 'secrets_cli/backend/kv'
 require 'secrets_cli/vault/base'
 require 'secrets_cli/vault/auth'
 require 'secrets_cli/vault/list'

data/secrets_cli.gemspec CHANGED Viewed

@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
   spec.email         = ['d4be4st@gmail.com']
   spec.summary       = 'This is a CLI for easier use of https://www.vaultproject.io/'
-  spec.homepage      = 'http://github.com/infinum/secrets_cli'
+  spec.homepage      = 'http://github.com/infinum.secrets_cli'
   spec.license       = 'MIT'
   # Prevent pushing this gem to RubyGems.org by setting 'allowed_push_host', or
@@ -26,8 +26,8 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
-  spec.add_development_dependency 'bundler'
-  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'bundler', '~> 1.10'
+  spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec'
   spec.add_development_dependency 'pry'

metadata CHANGED Viewed

@@ -1,43 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: secrets_cli
 version: !ruby/object:Gem::Version
-  version: 1.12.3
+  version: 1.13.0.beta
 platform: ruby
 authors:
 - Stjepan Hadjic
-autorequire:
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-09-29 00:00:00.000000000 Z
+date: 2020-02-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.10'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.10'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '10.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '10.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -122,7 +122,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.7'
-description:
+description:
 email:
 - d4be4st@gmail.com
 executables:
@@ -142,11 +142,14 @@ files:
 - bin/console
 - exe/secrets
 - lib/secrets_cli.rb
+- lib/secrets_cli/backend/kv.rb
+- lib/secrets_cli/backend/logical.rb
 - lib/secrets_cli/check/secrets.rb
 - lib/secrets_cli/check/vault.rb
 - lib/secrets_cli/configuration.rb
 - lib/secrets_cli/helpers.rb
 - lib/secrets_cli/init.rb
+- lib/secrets_cli/prompts/backend.rb
 - lib/secrets_cli/prompts/secrets_file.rb
 - lib/secrets_cli/prompts/secrets_storage_key.rb
 - lib/secrets_cli/prompts/vault_addr.rb
@@ -160,12 +163,12 @@ files:
 - lib/secrets_cli/vault/read.rb
 - lib/secrets_cli/version.rb
 - secrets_cli.gemspec
-homepage: http://github.com/infinum/secrets_cli
+homepage: http://github.com/infinum.secrets_cli
 licenses:
 - MIT
 metadata:
   allowed_push_host: https://rubygems.org
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -176,12 +179,13 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubygems_version: 3.0.3
-signing_key:
+rubyforge_project:
+rubygems_version: 2.7.6
+signing_key:
 specification_version: 4
 summary: This is a CLI for easier use of https://www.vaultproject.io/
 test_files: []