securenv 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ruby.yml +35 -0
- data/Gemfile.lock +37 -1
- data/exe/securenv +4 -0
- data/lib/securenv.rb +5 -2
- data/lib/securenv/cli/application.rb +88 -0
- data/lib/securenv/client.rb +99 -0
- data/lib/securenv/parameter.rb +17 -0
- data/lib/securenv/version.rb +1 -1
- data/securenv.gemspec +7 -0
- metadata +66 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f98e4349739d04c45f76ef3065a0c1929910fe9e9b29332d0a1d384cd69a6a73
|
4
|
+
data.tar.gz: 23abb50be1835f36adea2c3a76d28aa7cda2997951d08bdfef49b4bbd1a1d969
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d0298049140580e3a89db7abf0a5dee76c14b5202e101a10fd41b2cd0946d9fdb835825397529fc30848e4b310f7e81d75eaa5a697a485ef6692de9b37d9a59c
|
7
|
+
data.tar.gz: 165c89584a73624004788ba1b11d4dbf9ca653ef60b1b3405b2417a3c614db5c5a6d94d9202138b45f75502c2da38d01351ad5d69daf083f54fb26151c992b13
|
@@ -0,0 +1,35 @@
|
|
1
|
+
# This workflow uses actions that are not certified by GitHub.
|
2
|
+
# They are provided by a third-party and are governed by
|
3
|
+
# separate terms of service, privacy policy, and support
|
4
|
+
# documentation.
|
5
|
+
# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
|
6
|
+
# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
|
7
|
+
|
8
|
+
name: Ruby
|
9
|
+
|
10
|
+
on:
|
11
|
+
push:
|
12
|
+
branches: [ main ]
|
13
|
+
pull_request:
|
14
|
+
branches: [ main ]
|
15
|
+
|
16
|
+
jobs:
|
17
|
+
test:
|
18
|
+
|
19
|
+
runs-on: ubuntu-latest
|
20
|
+
strategy:
|
21
|
+
matrix:
|
22
|
+
ruby-version: ['2.6', '2.7', '3.0']
|
23
|
+
|
24
|
+
steps:
|
25
|
+
- uses: actions/checkout@v2
|
26
|
+
- name: Set up Ruby
|
27
|
+
# To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
|
28
|
+
# change this to (see https://github.com/ruby/setup-ruby#versioning):
|
29
|
+
# uses: ruby/setup-ruby@v1
|
30
|
+
uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
|
31
|
+
with:
|
32
|
+
ruby-version: ${{ matrix.ruby-version }}
|
33
|
+
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
34
|
+
- name: Run tests
|
35
|
+
run: bundle exec rake
|
data/Gemfile.lock
CHANGED
@@ -1,13 +1,36 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
securenv (0.1.
|
4
|
+
securenv (0.1.1)
|
5
|
+
aws-sdk-ssm
|
6
|
+
thor
|
5
7
|
|
6
8
|
GEM
|
7
9
|
remote: https://rubygems.org/
|
8
10
|
specs:
|
11
|
+
addressable (2.7.0)
|
12
|
+
public_suffix (>= 2.0.2, < 5.0)
|
13
|
+
aws-eventstream (1.1.1)
|
14
|
+
aws-partitions (1.471.0)
|
15
|
+
aws-sdk-core (3.115.0)
|
16
|
+
aws-eventstream (~> 1, >= 1.0.2)
|
17
|
+
aws-partitions (~> 1, >= 1.239.0)
|
18
|
+
aws-sigv4 (~> 1.1)
|
19
|
+
jmespath (~> 1.0)
|
20
|
+
aws-sdk-ssm (1.111.0)
|
21
|
+
aws-sdk-core (~> 3, >= 3.112.0)
|
22
|
+
aws-sigv4 (~> 1.1)
|
23
|
+
aws-sigv4 (1.2.3)
|
24
|
+
aws-eventstream (~> 1, >= 1.0.2)
|
25
|
+
crack (0.4.5)
|
26
|
+
rexml
|
9
27
|
diff-lcs (1.4.4)
|
28
|
+
docile (1.4.0)
|
29
|
+
hashdiff (1.0.1)
|
30
|
+
jmespath (1.4.0)
|
31
|
+
public_suffix (4.0.6)
|
10
32
|
rake (12.3.3)
|
33
|
+
rexml (3.2.5)
|
11
34
|
rspec (3.10.0)
|
12
35
|
rspec-core (~> 3.10.0)
|
13
36
|
rspec-expectations (~> 3.10.0)
|
@@ -21,6 +44,17 @@ GEM
|
|
21
44
|
diff-lcs (>= 1.2.0, < 2.0)
|
22
45
|
rspec-support (~> 3.10.0)
|
23
46
|
rspec-support (3.10.2)
|
47
|
+
simplecov (0.21.2)
|
48
|
+
docile (~> 1.1)
|
49
|
+
simplecov-html (~> 0.11)
|
50
|
+
simplecov_json_formatter (~> 0.1)
|
51
|
+
simplecov-html (0.12.3)
|
52
|
+
simplecov_json_formatter (0.1.3)
|
53
|
+
thor (1.1.0)
|
54
|
+
webmock (3.13.0)
|
55
|
+
addressable (>= 2.3.6)
|
56
|
+
crack (>= 0.3.2)
|
57
|
+
hashdiff (>= 0.4.0, < 2.0.0)
|
24
58
|
|
25
59
|
PLATFORMS
|
26
60
|
ruby
|
@@ -29,6 +63,8 @@ DEPENDENCIES
|
|
29
63
|
rake (~> 12.0)
|
30
64
|
rspec (~> 3.0)
|
31
65
|
securenv!
|
66
|
+
simplecov
|
67
|
+
webmock
|
32
68
|
|
33
69
|
BUNDLED WITH
|
34
70
|
2.1.4
|
data/exe/securenv
ADDED
data/lib/securenv.rb
CHANGED
@@ -0,0 +1,88 @@
|
|
1
|
+
require "thor"
|
2
|
+
require "securenv"
|
3
|
+
|
4
|
+
module Securenv
|
5
|
+
module CLI
|
6
|
+
class Application < Thor
|
7
|
+
# This makes thor report the correct exit code in the event of a failure.
|
8
|
+
def self.exit_on_failure?
|
9
|
+
true
|
10
|
+
end
|
11
|
+
|
12
|
+
desc "set VAR=value", "set a secure environment variable"
|
13
|
+
option :app, :required => true, :aliases => "-a", :desc => "The name of the app."
|
14
|
+
option :stage, :required => true, :aliases => "-s", :desc => "The name of the stage."
|
15
|
+
def set(var)
|
16
|
+
variable, value = var.split('=')
|
17
|
+
if value.nil?
|
18
|
+
raise Thor::Error.new "You must supply a value for #{variable}. To unset a value you can use : securenv unset #{variable}"
|
19
|
+
end
|
20
|
+
client = Securenv::Client.new({
|
21
|
+
app: options[:app],
|
22
|
+
stage: options[:stage]
|
23
|
+
})
|
24
|
+
parameter = client.set({
|
25
|
+
variable: variable,
|
26
|
+
value: value,
|
27
|
+
})
|
28
|
+
|
29
|
+
puts "Set value for parameter name #{parameter.name} for version #{parameter.version}"
|
30
|
+
end
|
31
|
+
|
32
|
+
desc "get VAR", "get the current value of a secure environment variable"
|
33
|
+
option :app, :required => true, :aliases => "-a", :desc => "The name of the app."
|
34
|
+
option :stage, :required => true, :aliases => "-s", :desc => "The name of the stage."
|
35
|
+
def get(var)
|
36
|
+
client = Securenv::Client.new({
|
37
|
+
app: options[:app],
|
38
|
+
stage: options[:stage]
|
39
|
+
})
|
40
|
+
parameter = client.get({
|
41
|
+
variable: var
|
42
|
+
})
|
43
|
+
|
44
|
+
puts "#{parameter.var_name}: #{parameter.value}"
|
45
|
+
rescue Securenv::ParameterNotFoundError => e
|
46
|
+
puts e.to_s
|
47
|
+
end
|
48
|
+
|
49
|
+
desc "unset VAR", "remove a secure environment variable"
|
50
|
+
option :app, :required => true, :aliases => "-a", :desc => "The name of the app."
|
51
|
+
option :stage, :required => true, :aliases => "-s", :desc => "The name of the stage."
|
52
|
+
def unset(var)
|
53
|
+
client = Securenv::Client.new({
|
54
|
+
app: options[:app],
|
55
|
+
stage: options[:stage]
|
56
|
+
})
|
57
|
+
parameter = client.unset({
|
58
|
+
variable: var
|
59
|
+
})
|
60
|
+
|
61
|
+
puts "#{parameter.name} was removed"
|
62
|
+
rescue Securenv::ParameterNotFoundError => e
|
63
|
+
puts e.to_s
|
64
|
+
end
|
65
|
+
|
66
|
+
desc "list", "list all secure environment variables for an app and stage"
|
67
|
+
option :app, :required => true, :aliases => "-a", :desc => "The name of the app."
|
68
|
+
option :stage, :required => true, :aliases => "-s", :desc => "The name of the stage."
|
69
|
+
def list
|
70
|
+
client = Securenv::Client.new({
|
71
|
+
app: options[:app],
|
72
|
+
stage: options[:stage]
|
73
|
+
})
|
74
|
+
parameters = client.list
|
75
|
+
if parameters.any?
|
76
|
+
parameters.each do |param|
|
77
|
+
puts "#{param.var_name}: #{param.value}"
|
78
|
+
end
|
79
|
+
else
|
80
|
+
puts "No securenv variables are present for this app and stage"
|
81
|
+
end
|
82
|
+
|
83
|
+
rescue Securenv::ParameterNotFoundError => e
|
84
|
+
puts e.to_s
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
88
|
+
end
|
@@ -0,0 +1,99 @@
|
|
1
|
+
module Securenv
|
2
|
+
class Client
|
3
|
+
attr_reader :app
|
4
|
+
attr_reader :stage
|
5
|
+
def initialize(app:, stage:)
|
6
|
+
@app = app
|
7
|
+
@stage = stage
|
8
|
+
end
|
9
|
+
|
10
|
+
def set(variable:, value:)
|
11
|
+
parameter_name = parameter_name_for(variable)
|
12
|
+
|
13
|
+
resp = ssm_client.put_parameter({
|
14
|
+
name: parameter_name,
|
15
|
+
description: "Set via securenv",
|
16
|
+
value: value,
|
17
|
+
type: "SecureString",
|
18
|
+
#key_id: "ParameterKeyId",
|
19
|
+
overwrite: true,
|
20
|
+
tier: "Standard" # accepts Standard, Advanced, Intelligent-Tiering
|
21
|
+
})
|
22
|
+
parameter = Parameter.new(
|
23
|
+
name: parameter_name,
|
24
|
+
version: resp.version,
|
25
|
+
value: value
|
26
|
+
)
|
27
|
+
|
28
|
+
return parameter
|
29
|
+
end
|
30
|
+
|
31
|
+
def get(variable:)
|
32
|
+
parameter_name = parameter_name_for(variable)
|
33
|
+
resp = ssm_client.get_parameter({
|
34
|
+
name: parameter_name,
|
35
|
+
with_decryption: true
|
36
|
+
})
|
37
|
+
parameter = Parameter.new(
|
38
|
+
name: parameter_name,
|
39
|
+
version: resp.parameter.version,
|
40
|
+
value: resp.parameter.value
|
41
|
+
)
|
42
|
+
|
43
|
+
return parameter
|
44
|
+
rescue Aws::SSM::Errors::ParameterNotFound
|
45
|
+
raise ParameterNotFoundError.new "#{variable} is not set for app: #{app} and stage: #{stage}"
|
46
|
+
end
|
47
|
+
|
48
|
+
def unset(variable:)
|
49
|
+
parameter_name = parameter_name_for(variable)
|
50
|
+
ssm_client.delete_parameter({
|
51
|
+
name: parameter_name
|
52
|
+
})
|
53
|
+
parameter = Parameter.new(
|
54
|
+
name: parameter_name,
|
55
|
+
version: nil,
|
56
|
+
value: nil
|
57
|
+
)
|
58
|
+
|
59
|
+
return parameter
|
60
|
+
rescue Aws::SSM::Errors::ParameterNotFound
|
61
|
+
raise ParameterNotFoundError.new "#{variable} is not set for app: #{app} and stage: #{stage}"
|
62
|
+
end
|
63
|
+
|
64
|
+
def list
|
65
|
+
resp = ssm_client.get_parameters_by_path({
|
66
|
+
path: parameter_path,
|
67
|
+
with_decryption: true
|
68
|
+
})
|
69
|
+
parameters = resp.parameters.map do |param|
|
70
|
+
Parameter.new(
|
71
|
+
name: param.name,
|
72
|
+
version: param.version,
|
73
|
+
value: param.value
|
74
|
+
)
|
75
|
+
end
|
76
|
+
|
77
|
+
return parameters
|
78
|
+
end
|
79
|
+
|
80
|
+
def populate_env
|
81
|
+
parameters = list
|
82
|
+
parameters.each do |param|
|
83
|
+
ENV[param.var_name] = param.value
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
def parameter_path
|
88
|
+
"/#{app}/#{stage}"
|
89
|
+
end
|
90
|
+
|
91
|
+
def parameter_name_for(variable)
|
92
|
+
"#{parameter_path}/#{variable}"
|
93
|
+
end
|
94
|
+
|
95
|
+
def ssm_client
|
96
|
+
@ssm_client = Aws::SSM::Client.new
|
97
|
+
end
|
98
|
+
end
|
99
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
module Securenv
|
2
|
+
class Parameter
|
3
|
+
attr_reader :name
|
4
|
+
attr_reader :value
|
5
|
+
attr_reader :version
|
6
|
+
|
7
|
+
def initialize(name:, value:, version:)
|
8
|
+
@name = name
|
9
|
+
@value = value
|
10
|
+
@version = version
|
11
|
+
end
|
12
|
+
|
13
|
+
def var_name
|
14
|
+
name.split('/').last
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
data/lib/securenv/version.rb
CHANGED
data/securenv.gemspec
CHANGED
@@ -26,4 +26,11 @@ Gem::Specification.new do |spec|
|
|
26
26
|
spec.bindir = "exe"
|
27
27
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
28
28
|
spec.require_paths = ["lib"]
|
29
|
+
|
30
|
+
|
31
|
+
spec.add_dependency "thor" # Thor drives the CLI
|
32
|
+
spec.add_dependency "aws-sdk-ssm"
|
33
|
+
|
34
|
+
spec.add_development_dependency 'simplecov'
|
35
|
+
spec.add_development_dependency 'webmock'
|
29
36
|
end
|
metadata
CHANGED
@@ -1,22 +1,80 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: securenv
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jeremy Green
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-06-
|
12
|
-
dependencies:
|
11
|
+
date: 2021-06-25 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: thor
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: aws-sdk-ssm
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: simplecov
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: webmock
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
13
69
|
description: Securely store and set ENV variables via AWS SSM.
|
14
70
|
email:
|
15
71
|
- jeremy@octolabs.com
|
16
|
-
executables:
|
72
|
+
executables:
|
73
|
+
- securenv
|
17
74
|
extensions: []
|
18
75
|
extra_rdoc_files: []
|
19
76
|
files:
|
77
|
+
- ".github/workflows/ruby.yml"
|
20
78
|
- ".gitignore"
|
21
79
|
- ".rspec"
|
22
80
|
- ".travis.yml"
|
@@ -28,7 +86,11 @@ files:
|
|
28
86
|
- Rakefile
|
29
87
|
- bin/console
|
30
88
|
- bin/setup
|
89
|
+
- exe/securenv
|
31
90
|
- lib/securenv.rb
|
91
|
+
- lib/securenv/cli/application.rb
|
92
|
+
- lib/securenv/client.rb
|
93
|
+
- lib/securenv/parameter.rb
|
32
94
|
- lib/securenv/version.rb
|
33
95
|
- securenv.gemspec
|
34
96
|
homepage: https://github.com/Octo-Labs/securenv
|