sekreto 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: cff3247881cd262117cb9d52dabb89a1c8d9e1cf0a43163fae65a475bf263d58
+  data.tar.gz: 5d812493f43185897381d8777a74f4c969709336a3f4d23aa9b1047e4804cbce
+SHA512:
+  metadata.gz: ccf53bf1bc6fbcff3f5710229ac040156609448ffb7895a36e1ddbf5347efd5933e3b53c43a8d16904f085e004f54630c5956ca9fc0be4953af05f338fb34e3e
+  data.tar.gz: c5fbbd40bcdacfb763ac8cb6d642a83111a0ad0c49a66f66f6c3c6699af6822c0588fa5fdcd97738eea42cb5bedf10df1a71cbb6b1cb6a1cfc955a739da5d3e8

data/README.md

@@ -0,0 +1,78 @@
+# Sekreto
+
+[![Gem Version](https://badge.fury.io/rb/sekreto.svg)](https://badge.fury.io/rb/sekreto)
+[![Build Status](https://travis-ci.org/autolist/sekreto.svg?branch=master)](https://travis-ci.org/autolist/sekreto)
+
+Use AWS Secrets Manager from Ruby, with rails support
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'sekreto'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install sekreto
+
+## Usage
+
+### Configuration
+
+Configuration will happen automatically in a Rails environment to set defaults
+that make integrating easy. The defaults look like
+
+```ruby
+Sekreto.setup do |setup|
+  # Default secrets manager is a new client
+  setup.secrets_manager = Aws::SecretsManager::Client.new
+
+  # Prefix of secrets set to Rails app name and RAILS_ENV
+  setup.prefix = 'railsappname-staging'
+
+  # Allowed environments to use secrets is set to production/staging
+  # Any block can be given that responds to #call and returns a true or false
+  # that will use secrets calls if allowed and use the fallback if not
+  setup.is_allowed_env = -> { %w[production staging].include?(::Rails.env) }
+
+  # Default fallback is to look up the secret in the ENV if it is not an
+  # allowed env to use the secret manager
+  setup.fallback_lookup = ->(secret_id) { ENV[secret_id] }
+end
+```
+
+You can use an initializer to customize any of the defaults
+
+_config/initializers/sekreto.rb_
+```ruby
+Sekreto.setup do |setup|
+  setup.secrets_manager = Aws::SecretsManager::Client.new
+  setup.prefix = 'some/other/prefix'
+  setup.is_allowed_env = -> { ENV.fetch('USE_SECRETS', false) }
+  setup.fallback_lookup = ->(secret_id) { Secrets.where(name: secret_id).pluck(:value).first }
+end
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/sekreto. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the Sekreto project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/sekreto/blob/master/CODE_OF_CONDUCT.md).

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'sekreto'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require 'irb'
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/sekreto/config.rb

@@ -0,0 +1,15 @@
+module Sekreto
+  class Config
+    attr_accessor :prefix
+    attr_accessor :is_allowed_env
+    attr_accessor :fallback_lookup
+    attr_accessor :secrets_manager
+
+    def initialize
+      @prefix = 'secrets'
+      @is_allowed_env = -> { true }
+      @fallback_lookup = ->(secret_id) { ENV[secret_id] }
+      @secrets_manager = nil
+    end
+  end
+end

data/lib/sekreto/railtie.rb

@@ -0,0 +1,16 @@
+require 'rails'
+
+module Sekreto
+  # Rails Railtie to set up the Sekreto configuration
+  class Railtie < ::Rails::Railtie
+    config.after_initialize do
+      app_name = ::Rails.application.class.to_s.split('::').first.downcase
+
+      Sekreto.setup do |setup|
+        setup.secrets_manager = Aws::SecretsManager::Client.new
+        setup.prefix = [app_name, ::Rails.env.downcase].join('-')
+        setup.is_allowed_env = -> { %w[production staging].include?(::Rails.env) }
+      end
+    end
+  end
+end

data/lib/sekreto/version.rb

@@ -0,0 +1,3 @@
+module Sekreto
+  VERSION = '0.1.1'.freeze
+end

data/lib/sekreto.rb

@@ -0,0 +1,41 @@
+require 'aws-sdk-secretsmanager'
+require 'multi_json'
+
+require 'sekreto/version'
+require 'sekreto/config'
+
+require 'sekreto/railtie' if defined?(Rails)
+
+# Sekreto holds configuration and interface for getting secrets
+module Sekreto
+  class << self
+    def setup
+      yield config if block_given?
+    end
+
+    def get_value(secret_id)
+      return config.fallback_lookup.call(secret_id) unless config.is_allowed_env.call
+      response = secrets_manager.get_secret_value(secret_id: secret_name(secret_id))
+      response.secret_string
+    end
+
+    def get_json_value(secret_id)
+      response = get_value(secret_id)
+      MultiJson.load(response)
+    end
+
+    def config
+      @config ||= Config.new
+    end
+
+    private
+
+    def secret_name(secret_id)
+      [config.prefix, secret_id].join('/')
+    end
+
+    def secrets_manager
+      config.secrets_manager
+    end
+  end
+end

metadata

@@ -0,0 +1,197 @@
+--- !ruby/object:Gem::Specification
+name: sekreto
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Autolist Engineering
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-04-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-secretsmanager
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: multi_json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.3'
+- !ruby/object:Gem::Dependency
+  name: autocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.4
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.4
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.11.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.11.3
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-mocks
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: stub_env
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+description: Manage AWS Secrets from Rails
+email:
+- dev@autolist.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- bin/console
+- bin/setup
+- lib/sekreto.rb
+- lib/sekreto/config.rb
+- lib/sekreto/railtie.rb
+- lib/sekreto/version.rb
+homepage: https://github.com/autolist/sekreto
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.3
+signing_key: 
+specification_version: 4
+summary: AwsSecretsManager for Rails
+test_files: []