sekreto 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: cff3247881cd262117cb9d52dabb89a1c8d9e1cf0a43163fae65a475bf263d58
4
+ data.tar.gz: 5d812493f43185897381d8777a74f4c969709336a3f4d23aa9b1047e4804cbce
5
+ SHA512:
6
+ metadata.gz: ccf53bf1bc6fbcff3f5710229ac040156609448ffb7895a36e1ddbf5347efd5933e3b53c43a8d16904f085e004f54630c5956ca9fc0be4953af05f338fb34e3e
7
+ data.tar.gz: c5fbbd40bcdacfb763ac8cb6d642a83111a0ad0c49a66f66f6c3c6699af6822c0588fa5fdcd97738eea42cb5bedf10df1a71cbb6b1cb6a1cfc955a739da5d3e8
data/README.md ADDED
@@ -0,0 +1,78 @@
1
+ # Sekreto
2
+
3
+ [![Gem Version](https://badge.fury.io/rb/sekreto.svg)](https://badge.fury.io/rb/sekreto)
4
+ [![Build Status](https://travis-ci.org/autolist/sekreto.svg?branch=master)](https://travis-ci.org/autolist/sekreto)
5
+
6
+ Use AWS Secrets Manager from Ruby, with rails support
7
+
8
+ ## Installation
9
+
10
+ Add this line to your application's Gemfile:
11
+
12
+ ```ruby
13
+ gem 'sekreto'
14
+ ```
15
+
16
+ And then execute:
17
+
18
+ $ bundle
19
+
20
+ Or install it yourself as:
21
+
22
+ $ gem install sekreto
23
+
24
+ ## Usage
25
+
26
+ ### Configuration
27
+
28
+ Configuration will happen automatically in a Rails environment to set defaults
29
+ that make integrating easy. The defaults look like
30
+
31
+ ```ruby
32
+ Sekreto.setup do |setup|
33
+ # Default secrets manager is a new client
34
+ setup.secrets_manager = Aws::SecretsManager::Client.new
35
+
36
+ # Prefix of secrets set to Rails app name and RAILS_ENV
37
+ setup.prefix = 'railsappname-staging'
38
+
39
+ # Allowed environments to use secrets is set to production/staging
40
+ # Any block can be given that responds to #call and returns a true or false
41
+ # that will use secrets calls if allowed and use the fallback if not
42
+ setup.is_allowed_env = -> { %w[production staging].include?(::Rails.env) }
43
+
44
+ # Default fallback is to look up the secret in the ENV if it is not an
45
+ # allowed env to use the secret manager
46
+ setup.fallback_lookup = ->(secret_id) { ENV[secret_id] }
47
+ end
48
+ ```
49
+
50
+ You can use an initializer to customize any of the defaults
51
+
52
+ _config/initializers/sekreto.rb_
53
+ ```ruby
54
+ Sekreto.setup do |setup|
55
+ setup.secrets_manager = Aws::SecretsManager::Client.new
56
+ setup.prefix = 'some/other/prefix'
57
+ setup.is_allowed_env = -> { ENV.fetch('USE_SECRETS', false) }
58
+ setup.fallback_lookup = ->(secret_id) { Secrets.where(name: secret_id).pluck(:value).first }
59
+ end
60
+ ```
61
+
62
+ ## Development
63
+
64
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
65
+
66
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
67
+
68
+ ## Contributing
69
+
70
+ Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/sekreto. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
71
+
72
+ ## License
73
+
74
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
75
+
76
+ ## Code of Conduct
77
+
78
+ Everyone interacting in the Sekreto project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/sekreto/blob/master/CODE_OF_CONDUCT.md).
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require 'bundler/setup'
4
+ require 'sekreto'
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require 'irb'
14
+ IRB.start(__FILE__)
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,15 @@
1
+ module Sekreto
2
+ class Config
3
+ attr_accessor :prefix
4
+ attr_accessor :is_allowed_env
5
+ attr_accessor :fallback_lookup
6
+ attr_accessor :secrets_manager
7
+
8
+ def initialize
9
+ @prefix = 'secrets'
10
+ @is_allowed_env = -> { true }
11
+ @fallback_lookup = ->(secret_id) { ENV[secret_id] }
12
+ @secrets_manager = nil
13
+ end
14
+ end
15
+ end
@@ -0,0 +1,16 @@
1
+ require 'rails'
2
+
3
+ module Sekreto
4
+ # Rails Railtie to set up the Sekreto configuration
5
+ class Railtie < ::Rails::Railtie
6
+ config.after_initialize do
7
+ app_name = ::Rails.application.class.to_s.split('::').first.downcase
8
+
9
+ Sekreto.setup do |setup|
10
+ setup.secrets_manager = Aws::SecretsManager::Client.new
11
+ setup.prefix = [app_name, ::Rails.env.downcase].join('-')
12
+ setup.is_allowed_env = -> { %w[production staging].include?(::Rails.env) }
13
+ end
14
+ end
15
+ end
16
+ end
@@ -0,0 +1,3 @@
1
+ module Sekreto
2
+ VERSION = '0.1.1'.freeze
3
+ end
data/lib/sekreto.rb ADDED
@@ -0,0 +1,41 @@
1
+ require 'aws-sdk-secretsmanager'
2
+ require 'multi_json'
3
+
4
+ require 'sekreto/version'
5
+ require 'sekreto/config'
6
+
7
+ require 'sekreto/railtie' if defined?(Rails)
8
+
9
+ # Sekreto holds configuration and interface for getting secrets
10
+ module Sekreto
11
+ class << self
12
+ def setup
13
+ yield config if block_given?
14
+ end
15
+
16
+ def get_value(secret_id)
17
+ return config.fallback_lookup.call(secret_id) unless config.is_allowed_env.call
18
+ response = secrets_manager.get_secret_value(secret_id: secret_name(secret_id))
19
+ response.secret_string
20
+ end
21
+
22
+ def get_json_value(secret_id)
23
+ response = get_value(secret_id)
24
+ MultiJson.load(response)
25
+ end
26
+
27
+ def config
28
+ @config ||= Config.new
29
+ end
30
+
31
+ private
32
+
33
+ def secret_name(secret_id)
34
+ [config.prefix, secret_id].join('/')
35
+ end
36
+
37
+ def secrets_manager
38
+ config.secrets_manager
39
+ end
40
+ end
41
+ end
metadata ADDED
@@ -0,0 +1,197 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: sekreto
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.1
5
+ platform: ruby
6
+ authors:
7
+ - Autolist Engineering
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2018-04-27 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: aws-sdk-secretsmanager
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: multi_json
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rails
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '4.1'
48
+ - - "<"
49
+ - !ruby/object:Gem::Version
50
+ version: '5.3'
51
+ type: :runtime
52
+ prerelease: false
53
+ version_requirements: !ruby/object:Gem::Requirement
54
+ requirements:
55
+ - - ">="
56
+ - !ruby/object:Gem::Version
57
+ version: '4.1'
58
+ - - "<"
59
+ - !ruby/object:Gem::Version
60
+ version: '5.3'
61
+ - !ruby/object:Gem::Dependency
62
+ name: autocop
63
+ requirement: !ruby/object:Gem::Requirement
64
+ requirements:
65
+ - - "~>"
66
+ - !ruby/object:Gem::Version
67
+ version: 0.1.4
68
+ type: :development
69
+ prerelease: false
70
+ version_requirements: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - "~>"
73
+ - !ruby/object:Gem::Version
74
+ version: 0.1.4
75
+ - !ruby/object:Gem::Dependency
76
+ name: bundler
77
+ requirement: !ruby/object:Gem::Requirement
78
+ requirements:
79
+ - - "~>"
80
+ - !ruby/object:Gem::Version
81
+ version: '1.16'
82
+ type: :development
83
+ prerelease: false
84
+ version_requirements: !ruby/object:Gem::Requirement
85
+ requirements:
86
+ - - "~>"
87
+ - !ruby/object:Gem::Version
88
+ version: '1.16'
89
+ - !ruby/object:Gem::Dependency
90
+ name: pry
91
+ requirement: !ruby/object:Gem::Requirement
92
+ requirements:
93
+ - - "~>"
94
+ - !ruby/object:Gem::Version
95
+ version: 0.11.3
96
+ type: :development
97
+ prerelease: false
98
+ version_requirements: !ruby/object:Gem::Requirement
99
+ requirements:
100
+ - - "~>"
101
+ - !ruby/object:Gem::Version
102
+ version: 0.11.3
103
+ - !ruby/object:Gem::Dependency
104
+ name: rake
105
+ requirement: !ruby/object:Gem::Requirement
106
+ requirements:
107
+ - - "~>"
108
+ - !ruby/object:Gem::Version
109
+ version: '10.0'
110
+ type: :development
111
+ prerelease: false
112
+ version_requirements: !ruby/object:Gem::Requirement
113
+ requirements:
114
+ - - "~>"
115
+ - !ruby/object:Gem::Version
116
+ version: '10.0'
117
+ - !ruby/object:Gem::Dependency
118
+ name: rspec
119
+ requirement: !ruby/object:Gem::Requirement
120
+ requirements:
121
+ - - "~>"
122
+ - !ruby/object:Gem::Version
123
+ version: '3.0'
124
+ type: :development
125
+ prerelease: false
126
+ version_requirements: !ruby/object:Gem::Requirement
127
+ requirements:
128
+ - - "~>"
129
+ - !ruby/object:Gem::Version
130
+ version: '3.0'
131
+ - !ruby/object:Gem::Dependency
132
+ name: rspec-mocks
133
+ requirement: !ruby/object:Gem::Requirement
134
+ requirements:
135
+ - - "~>"
136
+ - !ruby/object:Gem::Version
137
+ version: '3.0'
138
+ type: :development
139
+ prerelease: false
140
+ version_requirements: !ruby/object:Gem::Requirement
141
+ requirements:
142
+ - - "~>"
143
+ - !ruby/object:Gem::Version
144
+ version: '3.0'
145
+ - !ruby/object:Gem::Dependency
146
+ name: stub_env
147
+ requirement: !ruby/object:Gem::Requirement
148
+ requirements:
149
+ - - "~>"
150
+ - !ruby/object:Gem::Version
151
+ version: '1.0'
152
+ type: :development
153
+ prerelease: false
154
+ version_requirements: !ruby/object:Gem::Requirement
155
+ requirements:
156
+ - - "~>"
157
+ - !ruby/object:Gem::Version
158
+ version: '1.0'
159
+ description: Manage AWS Secrets from Rails
160
+ email:
161
+ - dev@autolist.com
162
+ executables: []
163
+ extensions: []
164
+ extra_rdoc_files: []
165
+ files:
166
+ - README.md
167
+ - bin/console
168
+ - bin/setup
169
+ - lib/sekreto.rb
170
+ - lib/sekreto/config.rb
171
+ - lib/sekreto/railtie.rb
172
+ - lib/sekreto/version.rb
173
+ homepage: https://github.com/autolist/sekreto
174
+ licenses:
175
+ - MIT
176
+ metadata: {}
177
+ post_install_message:
178
+ rdoc_options: []
179
+ require_paths:
180
+ - lib
181
+ required_ruby_version: !ruby/object:Gem::Requirement
182
+ requirements:
183
+ - - ">="
184
+ - !ruby/object:Gem::Version
185
+ version: '0'
186
+ required_rubygems_version: !ruby/object:Gem::Requirement
187
+ requirements:
188
+ - - ">="
189
+ - !ruby/object:Gem::Version
190
+ version: '0'
191
+ requirements: []
192
+ rubyforge_project:
193
+ rubygems_version: 2.7.3
194
+ signing_key:
195
+ specification_version: 4
196
+ summary: AwsSecretsManager for Rails
197
+ test_files: []