secrets_cli 1.12.3 → 1.13.0.beta

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ab3dc381cb5faef26b4d248db2cef823176c22bbc1751934861a9f14349996c4
-  data.tar.gz: 90c0f76a289e64bbf5c37be71cf584b6ffd9f7413311bbcb263750f95ca8ec7f
+  metadata.gz: 773250ad4e70bcac74743dfdaa458994a5cb6c505ac0f52de4b756f0e167da2b
+  data.tar.gz: 41a43aa03afde98131ac62a903fd14bda5f91661fc840adbc81eefa033ca64dc
 SHA512:
-  metadata.gz: 5e5b7920c0bf7a3e5d0b52759f9c33ae84dcd925d4c73d01662de67d5502eca33dcdca9c000deea1ead0dce0ee344596289828d5eaa78304acfd1b0d0d1a8494
-  data.tar.gz: 0def29e0a5572c5c671e505170cf2db7bb0c024abad82d3ee5d372a774fb219617b5228cbec6f69aeab2d3a36611a8e6f780f2185ce174435dba255de5a58945
+  metadata.gz: df5a91b0c95f0592d44f03347d1b788a2857a7a2e2e2fc1d9aba437769f81c65b1de163dc88cad2790f661d28055caf9e1a3b8ff5228b05f8095ee29a7f344d5
+  data.tar.gz: 3a3a2815393070aa91121b3a84cdab022028b7c8e93cdc449bfbda5873ea470f4c9b775053bb3026232a6f3b53de7f868ec2fc7d4be1127a1bbb1ca024656ead

data/.gitignore

@@ -8,4 +8,5 @@
 /spec/reports/
 /tmp/
 .secrets
+.env
 /config/

data/exe/secrets

@@ -18,6 +18,7 @@ command :init do |c|
   c.option '-f', '--secrets_file STRING', String, 'Define secrets file'
   c.option '-k', '--secrets_storage_key STRING', String, 'Define secrets storage_key'
   c.option '-a', '--vault_addr STRING', String, 'Vault url'
+  c.option '-b', '--vault_backend STRING', String, 'Vault backend'
   c.action do |_args, options|
     SecretsCli::Init.new(options).call
   end
@@ -27,8 +28,7 @@ command :policies do |c|
   c.syntax = 'secrets policies'
   c.summary = 'Check what policies your auth has'
   c.action do |_args, options|
-    options.default verbose: true
-    SecretsCli::Vault::Policies.new(options).call
+    SecretsCli::Vault::Policies.new(options).call(verbose: true)
   end
 end
 
@@ -41,7 +41,7 @@ command :pull do |c|
   c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
   c.option '-d', '--secrets_dir STRING', String, 'Override secrets_dir, default: "."'
   c.action do |_args, options|
-    SecretsCli::Vault::Pull.new(options).call
+    SecretsCli::Vault::Pull.new(options).call(verbose: options.verbose)
   end
 end
 
@@ -53,7 +53,7 @@ command :push do |c|
   c.option '-f', '--secrets_file STRING', String, 'Override secrets_file'
   c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
   c.action do |_args, options|
-    SecretsCli::Vault::Push.new(options).call
+    SecretsCli::Vault::Push.new(options).call(verbose: options.verbose)
   end
 end
 
@@ -62,8 +62,10 @@ command :read do |c|
   c.summary = 'Use to only read from vault server without writing to secrets file'
   c.option '-e', '--environment STRING', String, 'Set environment, default: development'
   c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
+  c.option '-m', '--mount STRING', String, 'Set mount point (used in kv backend)'
+  c.option '-n', '--kv_version STRING', Integer, 'Version of secret (used in kv backend)'
   c.action do |_args, options|
-    SecretsCli::Vault::Read.new(options).call
+    SecretsCli::Vault::Read.new(options).call(verbose: !options.ci_mode)
   end
 end
 
@@ -82,6 +84,6 @@ command :list do |c|
   c.summary = 'Use to list all environemnts'
   c.option '-k', '--secrets_storage_key STRING', String, 'Override secrets_storage_key'
   c.action do |_args, options|
-    SecretsCli::Vault::List.new(options).call
+    SecretsCli::Vault::List.new(options).call(verbose: true)
   end
 end

data/lib/secrets_cli/backend/kv.rb

@@ -0,0 +1,24 @@
+module SecretsCli
+  module Backend
+    class KV
+      attr_reader :version, :client
+
+      def initialize(vault, mount, version = nil)
+        @client = vault.kv(mount)
+        @version = version
+      end
+
+      def list(path)
+        client.list(path)
+      end
+
+      def read(path)
+        client.read(path, version)
+      end
+
+      def write(path, data)
+        client.write(path, data)
+      end
+    end
+  end
+end

data/lib/secrets_cli/backend/logical.rb

@@ -0,0 +1,23 @@
+module SecretsCli
+  module Backend
+    class Logical
+      attr_reader :client
+
+      def initialize(vault)
+        @client = vault.logical
+      end
+
+      def list(path)
+        client.list(path)
+      end
+
+      def read(path)
+        client.read(path)
+      end
+
+      def write(path, data)
+        client.write(path, data)
+      end
+    end
+  end
+end

data/lib/secrets_cli/configuration.rb

@@ -24,6 +24,14 @@ module SecretsCli
       fetch(:vault_addr) || ENV['VAULT_ADDR']
     end
 
+    def backend
+      fetch(:backend) || 'logical'
+    end
+
+    def mount
+      fetch(:mount)
+    end
+
     def self.write(config)
       File.open(SECRETS_CONFIG_FILE, 'w') { |file| file.write(config.to_yaml) }
     end

data/lib/secrets_cli/init.rb

@@ -20,7 +20,8 @@ module SecretsCli
       {}.tap do |hash|
         hash[:secrets_file] = secrets_file
         hash[:secrets_storage_key] = secrets_storage_key
-        hash[:vault_addr] = vault_addr if vault_addr
+        hash[:vault_addr] = vault_addr
+        hash[:backend] = backend
       end
     end
 
@@ -37,5 +38,9 @@ module SecretsCli
     def vault_addr
       @vault_addr ||= options.vault_addr || SecretsCli::Prompts::VaultAddr.new.call
     end
+
+    def backend 
+      @backend ||= options.backend || SecretsCli::Prompts::Backend.new.call
+    end
   end
 end

data/lib/secrets_cli/prompts/backend.rb

@@ -0,0 +1,11 @@
+module SecretsCli
+  module Prompts
+    class Backend
+      include SecretsCli::Helpers
+
+      def call
+        prompt.ask('What is the vault backend? (logical or kv)', default: 'logical')
+      end
+    end
+  end
+end

data/lib/secrets_cli/prompts/vault_addr.rb

@@ -4,7 +4,7 @@ module SecretsCli
       include SecretsCli::Helpers
 
       def call
-        prompt.ask('What is the vault address? (if not supplied VAULT_ADDR env will be used)')
+        prompt.ask('What is the vault address? (https://vault.example.com:8200)')
       end
     end
   end

data/lib/secrets_cli/vault/auth.rb

@@ -21,16 +21,16 @@ module SecretsCli
       def command
         case auth_method
         when 'github'
-          vault.auth.github(auth_token)
+          vault.auth.github(auth_token).auth.client_token
         when 'token'
-          vault.auth.token(auth_token)
+          auth_token
         when 'app_id'
-          vault.auth.app_id(auth_app_id, auth_user_id)
+          vault.auth.app_id(auth_app_id, auth_user_id).auth.client_token
         when 'approle'
-          vault.auth.approle(auth_role_id, auth_secret_id)
+          vault.auth.approle(auth_role_id, auth_secret_id).auth.client_token
         else
           error! "Unknown auth method #{auth_method}"
-        end.auth
+        end
       end
 
       def vault

data/lib/secrets_cli/vault/base.rb

@@ -9,8 +9,8 @@ module SecretsCli
         @options = options
       end
 
-      def call
-        options.verbose && !self.is_a?(SecretsCli::Vault::Auth) ? prompt.ok(command).first : command
+      def call(verbose: false)
+        verbose ? prompt.ok(command).first : command
       rescue => exception
         # require 'pry'; binding.pry
         error!(exception.message)
@@ -26,10 +26,18 @@ module SecretsCli
         @vault ||=
           ::Vault::Client.new(
             address: config.vault_addr,
-            token: SecretsCli::Vault::Auth.new(options).call.client_token
+            token: SecretsCli::Vault::Auth.new(options).call
           )
       end
 
+      def backend
+        @backend ||= 
+          case config.backend
+          when 'logical' then SecretsCli::Backend::Logical.new(vault)
+          when 'kv' then SecretsCli::Backend::KV.new(vault, config.mount, options.kv_version)
+          end
+      end
+
       def secrets_full_storage_key
         File.join(secrets_storage_key, config.environment.to_s)
       end
@@ -37,6 +45,7 @@ module SecretsCli
       def compare(first, second)
         diff = TTY::File.diff(first, second, verbose: false)
         return if diff == ''
+
         prompt.ok('There are some differences:')
         pretty_diff(diff)
         exit 0 unless prompt.yes?('Are you sure you want to override?')

data/lib/secrets_cli/vault/edit.rb

@@ -12,10 +12,10 @@ module SecretsCli
       attr_reader :secrets_storage_key
 
       def command
-        secrets = vault.logical.read(secrets_full_storage_key)
+        secrets = backend.read(secrets_full_storage_key)
         new_secrets = ask_editor(content(secrets))
         compare(content(secrets), new_secrets)
-        vault.logical.write(secrets_full_storage_key, SECRETS_FIELD => new_secrets)
+        backend.write(secrets_full_storage_key, SECRETS_FIELD => new_secrets)
         new_secrets
       end
 

data/lib/secrets_cli/vault/list.rb

@@ -13,7 +13,7 @@ module SecretsCli
       attr_reader :secrets_storage_key
 
       def command
-        vault.logical.list(secrets_storage_key).join("\n")
+        backend.list(secrets_storage_key).join("\n")
       end
     end
   end

data/lib/secrets_cli/vault/push.rb

@@ -11,8 +11,9 @@ module SecretsCli
         @secrets = File.read(secrets_file)
       end
 
-      def call
+      def call(verbose: false)
         return if !options.ci_mode && !are_you_sure?
+
         compare unless options.ci_mode
         super
       end
@@ -20,12 +21,12 @@ module SecretsCli
       private
 
       def command
-        vault.logical.write(secrets_full_storage_key, SECRETS_FIELD => secrets)
+        backend.write(secrets_full_storage_key, SECRETS_FIELD => secrets)
         secrets
       end
 
       def compare
-        secrets = vault.logical.read(secrets_full_storage_key)
+        secrets = backend.read(secrets_full_storage_key)
         secrets = secrets.nil? ? ' ' : secrets.data[SECRETS_FIELD]
         diff = TTY::File.diff(secrets, secrets_file, verbose: false)
         return if diff == ''

data/lib/secrets_cli/vault/read.rb

@@ -3,7 +3,6 @@ module SecretsCli
     class Read < SecretsCli::Vault::Base
       def initialize(options)
         super
-        options.default(verbose: !options.ci_mode)
         SecretsCli::Check::Secrets.new(:read, options).call
         @secrets_storage_key = options.secrets_storage_key || config.secrets_storage_key
       end
@@ -13,7 +12,7 @@ module SecretsCli
       attr_reader :secrets_storage_key
 
       def command
-        secrets = vault.logical.read(secrets_full_storage_key)
+        secrets = backend.read(secrets_full_storage_key)
         error!("There are no secrets in #{config.vault_addr} #{secrets_full_storage_key}") if secrets.nil?
         secrets.data[SECRETS_FIELD]
       end

data/lib/secrets_cli/version.rb

@@ -1,3 +1,3 @@
 module SecretsCli
-  VERSION = '1.12.3'
+  VERSION = '1.13.0.beta'
 end

data/lib/secrets_cli.rb

@@ -12,6 +12,8 @@ require 'secrets_cli/check/vault'
 require 'secrets_cli/prompts/secrets_file'
 require 'secrets_cli/prompts/secrets_storage_key'
 require 'secrets_cli/prompts/vault_addr'
+require 'secrets_cli/backend/logical'
+require 'secrets_cli/backend/kv'
 require 'secrets_cli/vault/base'
 require 'secrets_cli/vault/auth'
 require 'secrets_cli/vault/list'

data/secrets_cli.gemspec

@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
   spec.email         = ['d4be4st@gmail.com']
 
   spec.summary       = 'This is a CLI for easier use of https://www.vaultproject.io/'
-  spec.homepage      = 'http://github.com/infinum/secrets_cli'
+  spec.homepage      = 'http://github.com/infinum.secrets_cli'
   spec.license       = 'MIT'
 
   # Prevent pushing this gem to RubyGems.org by setting 'allowed_push_host', or
@@ -26,8 +26,8 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_development_dependency 'bundler'
-  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'bundler', '~> 1.10'
+  spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec'
   spec.add_development_dependency 'pry'
 

metadata

@@ -1,43 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: secrets_cli
 version: !ruby/object:Gem::Version
-  version: 1.12.3
+  version: 1.13.0.beta
 platform: ruby
 authors:
 - Stjepan Hadjic
-autorequire:
+autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-09-29 00:00:00.000000000 Z
+date: 2020-02-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.10'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.10'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '10.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '10.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -122,7 +122,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.7'
-description:
+description: 
 email:
 - d4be4st@gmail.com
 executables:
@@ -142,11 +142,14 @@ files:
 - bin/console
 - exe/secrets
 - lib/secrets_cli.rb
+- lib/secrets_cli/backend/kv.rb
+- lib/secrets_cli/backend/logical.rb
 - lib/secrets_cli/check/secrets.rb
 - lib/secrets_cli/check/vault.rb
 - lib/secrets_cli/configuration.rb
 - lib/secrets_cli/helpers.rb
 - lib/secrets_cli/init.rb
+- lib/secrets_cli/prompts/backend.rb
 - lib/secrets_cli/prompts/secrets_file.rb
 - lib/secrets_cli/prompts/secrets_storage_key.rb
 - lib/secrets_cli/prompts/vault_addr.rb
@@ -160,12 +163,12 @@ files:
 - lib/secrets_cli/vault/read.rb
 - lib/secrets_cli/version.rb
 - secrets_cli.gemspec
-homepage: http://github.com/infinum/secrets_cli
+homepage: http://github.com/infinum.secrets_cli
 licenses:
 - MIT
 metadata:
   allowed_push_host: https://rubygems.org
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -176,12 +179,13 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubygems_version: 3.0.3
-signing_key:
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
 specification_version: 4
 summary: This is a CLI for easier use of https://www.vaultproject.io/
 test_files: []