settings_reader-vault_resolver 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 684115b87887c0d2774679160f1f0d7d7136035053b3af87a9878fd5ab4b5778
+  data.tar.gz: 9d3747fdd02285d0664569ec73566951637aeb1c145223da5be9239078c4a6cf
+SHA512:
+  metadata.gz: 3b7b5512574b61c2b7fd96fdf121152938c7c232e12c8da23a864f52db1502501406dec213e28eec118decdfe142f7f90dbcd1748ae551558583691af26de97f
+  data.tar.gz: 81f2e979bee9b9cfca5ec316c4218bc2260042875eab9fc580443e0d4edcd159299c64398b17ddc12fe9a25aac545d6f217cabd5f71e146fe1c4eb6c31033e4d

data/.github/workflows/main.yml

@@ -0,0 +1,100 @@
+name: ci
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  release:
+    types: [published]
+
+jobs:
+  build:
+    env:
+      COVERAGE: true
+      VAULT_ADDR: 'http://127.0.0.1:8200'
+      VAULT_TOKEN: 'vault_root_token'
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby: [ '2.5.x', '2.6.x', '2.7.x', '3.0.x' ]
+    services:
+      vault:
+        image: vault
+        ports:
+          - "8200:8200"
+        env:
+          VAULT_DEV_ROOT_TOKEN_ID: vault_root_token
+          SKIP_SETCAP: true
+      db:
+        image: postgres:14.1-alpine
+        ports:
+          - "5432:5432"
+        env:
+          POSTGRES_USER: 'vault_root'
+          POSTGRES_PASSWORD: 'root_password'
+          POSTGRES_DB: 'app_db'
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+      - name: Cache dependencies
+        uses: actions/cache@v1
+        with:
+          path: vendor/bundle
+          key: ${{ runner.OS }}-ruby-${{ matrix.ruby }}
+          restore-keys: ${{ runner.OS }}-
+
+      - name: Set up Ruby
+        uses: actions/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+      - name: Set up Bundler
+        run: gem install bundler:2.1.4
+      - name: Set up Dependencies
+        run: bundle install --path vendor/bundle
+      - name: Set up Vault
+        run: sh local/vault/setup.sh
+
+      - name: Run specs
+        env:
+          COVERAGE: true
+        run: bundle exec rspec
+
+      - name: Upload coverage
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+        run: bash <(curl -s https://codecov.io/bash)
+
+  release:
+    runs-on: ubuntu-latest
+    needs: build
+    if: github.event_name == 'release' && github.event.action == 'published'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+
+      - name: Set up Ruby
+        uses: actions/setup-ruby@v1
+        with:
+          ruby-version: 2.7.x
+      - name: Set up Bundler
+        run: gem install bundler:2.1.4
+      - name: Set up credentials
+        run: |
+          mkdir -p $HOME/.gem
+          touch $HOME/.gem/credentials
+          chmod 0600 $HOME/.gem/credentials
+          printf -- "---\n:rubygems_api_key: ${{secrets.RUBYGEMS_AUTH_TOKEN}}\n" > $HOME/.gem/credentials
+
+      - name: Get version
+        run: echo "${GITHUB_REF/refs\/tags\//}" > release.tag
+      - name: Set version
+        run: sed -i "s/0.0.0/$(<release.tag)/g" $(find . -name "version.rb")
+
+      - name: Build gem
+        run: gem build *.gemspec
+      - name: Push gem
+        run: gem push *.gem

data/.gitignore

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.simplecov

@@ -0,0 +1,9 @@
+if ENV["COVERAGE"]
+  require 'simplecov'
+  require 'codecov'
+  SimpleCov.start do
+    enable_coverage :branch
+    primary_coverage :branch
+    formatter SimpleCov::Formatter::Codecov
+  end
+end

data/CHANGELOG.md

@@ -0,0 +1,17 @@
+## [Unreleased]
+
+## [0.1.0]
+### Fixes
+- Fix CI release
+- Add changelog
+
+## [0.1.0]
+### New features
+- Retrieving static and dynamic secrets from vault
+- Secrets caching
+- Automatic secrets lease renewal
+
+[Unreleased]: https://github.com/matic-insurance/settings_reader-vault_resolver/compare/0.1.1...HEAD
+[0.1.0]: https://github.com/matic-insurance/settings_reader-vault_resolver/commits/0.1.1
+[0.1.0]: https://github.com/matic-insurance/settings_reader-vault_resolver/commits/0.1.0
+

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at 712680+volodymyr-mykhailyk@users.noreply.github.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [https://contributor-covenant.org/version/1/4][version]
+
+[homepage]: https://contributor-covenant.org
+[version]: https://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,4 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in settings_reader-vault_resolver.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,80 @@
+PATH
+  remote: .
+  specs:
+    settings_reader-vault_resolver (0.0.0)
+      concurrent-ruby (~> 1.1)
+      vault (~> 0.16)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.4.2)
+    aws-eventstream (1.2.0)
+    aws-sigv4 (1.4.0)
+      aws-eventstream (~> 1, >= 1.0.2)
+    codecov (0.6.0)
+      simplecov (>= 0.15, < 0.22)
+    concurrent-ruby (1.1.9)
+    diff-lcs (1.5.0)
+    docile (1.4.0)
+    parallel (1.21.0)
+    parser (3.1.0.0)
+      ast (~> 2.4.1)
+    rainbow (3.0.0)
+    rake (13.0.6)
+    regexp_parser (2.2.0)
+    rexml (3.2.5)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.3)
+    rubocop (0.93.1)
+      parallel (~> 1.10)
+      parser (>= 2.7.1.5)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8)
+      rexml
+      rubocop-ast (>= 0.6.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 2.0)
+    rubocop-ast (1.15.1)
+      parser (>= 3.0.1.1)
+    rubocop-rspec (1.32.0)
+      rubocop (>= 0.60.0)
+    ruby-progressbar (1.11.0)
+    simplecov (0.21.2)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.3)
+    timecop (0.9.4)
+    unicode-display_width (1.8.0)
+    vault (0.16.0)
+      aws-sigv4
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 2.0)
+  codecov (~> 0.4)
+  rake (~> 13.0)
+  rspec (~> 3.0)
+  rubocop (~> 0.66)
+  rubocop-rspec (~> 1.32.0)
+  settings_reader-vault_resolver!
+  simplecov (~> 0.16)
+  timecop (~> 0.9)
+
+BUNDLED WITH
+   2.1.4

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2022 Volodymyr Mykhailyk
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,87 @@
+# SettingsReader::VaultResolver
+
+![Build Status](https://github.com/matic-insurance/settings_reader-vault_resolver/workflows/ci/badge.svg?branch=main)
+[![Test Coverage](https://codecov.io/gh/matic-insurance/settings_reader-vault_resolver/branch/main/graph/badge.svg?token=dGVDB9judr)](https://codecov.io/gh/matic-insurance/settings_reader-vault_resolver)
+
+Settings Reader plugin to resolve values using in Hashicorp Vault
+
+This gem works as a plugin for [Settings Reader](https://github.com/matic-insurance/consul_application_settings)
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'settings_reader'
+gem 'settings_reader-vault_resolver'
+```
+
+## Usage
+
+### Initialization
+
+At the load of application when initializing `settings_reader`:
+```ruby
+#Init vault
+Vault.address = 'http://127.0.0.1:8200'
+Vault.token = 'MY_SUPER_SECRET_TOKEN'
+
+#Init Settings Reader
+SettingsReader.configure do |config|
+  config.settings_providers = [
+    SettingsReader::Providers::Yaml,
+  ]
+
+  config.value_resolvers = [
+    SettingsReader::Resolvers::Vault,
+    SettingsReader::Resolvers::Env,
+  ]
+end
+
+#Load Settings
+APP_SETTINGS = SettingsReader.load
+```
+
+### Usage
+If one of the values provided will begin with `vault://` scheme - 
+`VaultResolver` gem will kick in and will try to resolve path in Vault
+
+Assuming your settings has following structure:
+```yaml
+app:
+  name: 'MyCoolApp'
+  hostname: 'http://localhost:3001'
+  secret: 'vault://secret/apps/my_cool_app#app_secret'
+```
+
+When requesting `app/secret` from `SettingsReader` it will resolve in Vault as:
+
+```ruby
+secret = APP_SETTINGS.get('app/secret') 
+# Gem will read `vault://secret/app#secret` from YAML
+# Gem will resolve value in Vault using Vault.kv('secret').read('apps/my_cool_app')
+# Gem will return `app_secret` attribute from the secret resolved above
+```
+
+## Development
+
+1. Run `bin/setup` to install dependencies
+2. Run `docker-compose up` to spin up dependencies (Vault)
+3. Run tests `rspec`
+4. Add new test
+5. Add new code
+6. Go to step 3
+7. Create PR
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/matic-insurance/settings_reader-vault_resolver. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/matic-insurance/settings_reader-vault_resolver/blob/master/CODE_OF_CONDUCT.md).
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the SettingsReader::VaultResolver project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/matic-insurance/settings_reader-vault_resolver/blob/master/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "settings_reader/vault_resolver"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/docker-compose.yml

@@ -0,0 +1,30 @@
+# dependencies needed for development environment
+version: '3'
+services:
+  vault:
+    image: vault
+    ports:
+      - "8200:8200"
+    environment:
+      VAULT_DEV_ROOT_TOKEN_ID: 'vault_root_token'
+      SKIP_SETCAP: true
+  db:
+    image: postgres:14.1-alpine
+    ports:
+      - "5432:5432"
+    environment:
+      POSTGRES_USER: 'vault_root'
+      POSTGRES_PASSWORD: 'root_password'
+      POSTGRES_DB: 'app_db'
+  init:
+    image: curlimages/curl
+    depends_on:
+      - vault
+      - db
+    volumes:
+      - './local/vault/setup.sh:/etc/vault/setup.sh'
+    environment:
+      VAULT_ADDR: 'http://vault:8200'
+      VAULT_TOKEN: 'vault_root_token'
+      SKIP_SETCAP: true
+    command: sh /etc/vault/setup.sh

data/lib/settings_reader/resolvers/vault.rb

@@ -0,0 +1,50 @@
+require 'vault'
+
+module SettingsReader
+  module Resolver
+    class Vault
+      IDENTIFIER = 'vault://'.freeze
+      DATABASE_MOUNT = 'database'.freeze
+
+      def resolvable?(value, _path)
+        return unless value.respond_to?(:start_with?)
+
+        value.start_with?(IDENTIFIER)
+      end
+
+      # Expect value in format `vault://mount/path/to/secret?attribute_name`
+      def resolve(value, _path)
+        address = SettingsReader::VaultResolver::Address.new(value)
+        entry = fetch_entry(address)
+        entry&.value_for(address.attribute)
+      end
+
+      #Resolve KV secret
+      def kv_secret(address)
+        ::Vault.kv(address.mount).read(address.path)
+      end
+
+      def database_secret(address)
+        ::Vault.logical.read(address.full_path)
+      rescue ::Vault::HTTPClientError => e
+        raise unless e.message.include?('* unknown role')
+
+        nil
+      end
+
+      private
+
+      def fetch_entry(address)
+        cache.fetch(address) do
+          if (secret = address.mount == DATABASE_MOUNT ? database_secret(address) : kv_secret(address))
+            SettingsReader::VaultResolver::Entry.new(address, secret)
+          end
+        end
+      end
+
+      def cache
+        SettingsReader::VaultResolver.cache
+      end
+    end
+  end
+end

data/lib/settings_reader/vault_resolver/address.rb

@@ -0,0 +1,33 @@
+module SettingsReader
+  module VaultResolver
+    class Address
+      def initialize(uri)
+        @uri = URI.parse(uri)
+      end
+
+      def mount
+        @uri.host
+      end
+
+      def path
+        @uri.path
+      end
+
+      def full_path
+        "#{mount}#{path}"
+      end
+
+      def attribute
+        @uri.fragment
+      end
+
+      def options
+        URI::decode_www_form(@uri.query || '').to_h
+      end
+
+      def to_s
+        @uri.to_s
+      end
+    end
+  end
+end

data/lib/settings_reader/vault_resolver/cache.rb

@@ -0,0 +1,45 @@
+module SettingsReader
+  module VaultResolver
+    class Cache
+      def initialize
+        @secrets = {}
+      end
+
+      def retrieve(address)
+        return nil unless (entry = @secrets[cache_key(address)])
+        return clear(entry) if entry.expired?
+
+        entry
+      end
+
+      def save(entry)
+        @secrets[cache_key(entry.address)] = entry
+      end
+
+      def clear(entry)
+        @secrets.delete(cache_key(entry.address))
+        nil
+      end
+
+      def fetch(address, &block)
+        if (exiting_entry = retrieve(address))
+          exiting_entry
+        else
+          new_entry = block.call(address)
+          save(new_entry) if new_entry
+          new_entry
+        end
+      end
+
+      def entries(&block)
+        @secrets.each_value(&block)
+      end
+
+      private
+
+      def cache_key(address)
+        address.full_path
+      end
+    end
+  end
+end

data/lib/settings_reader/vault_resolver/entry.rb

@@ -0,0 +1,48 @@
+module SettingsReader
+  module VaultResolver
+    class Entry
+      attr_reader :address, :secret
+      MONTH = 30 * 60 * 60
+
+      def initialize(address, secret)
+        @address = address
+        @secret = secret
+        @lease_started = Time.now
+      end
+
+      def leased?
+        @secret.lease_id && lease_duration.positive?
+      end
+
+      def expired?
+        return false unless leased?
+
+        Time.now > @lease_started + lease_duration
+      end
+
+      def expires_in
+        return MONTH unless leased?
+
+        @lease_started + lease_duration - Time.now
+      end
+
+      def renew
+        return unless leased?
+
+        @secret = Vault.sys.renew(@secret.lease_id)
+        @lease_started = Time.now
+        true
+      end
+
+      def value_for(attribute)
+        secret.data[attribute.to_sym]
+      end
+
+      private
+
+      def lease_duration
+        @secret.lease_duration.to_i
+      end
+    end
+  end
+end

data/lib/settings_reader/vault_resolver/refresher.rb

@@ -0,0 +1,28 @@
+module SettingsReader
+  module VaultResolver
+    class Refresher
+      DEFAULT_RENEW_DELAY = 120
+      REFRESH_INTERVAL = 60
+
+      def initialize(cache)
+        @cache = cache
+      end
+
+      def refresh
+        @cache.entries.each do |entry|
+          next unless entry.leased?
+          next unless entry.expires_in < DEFAULT_RENEW_DELAY
+
+          entry.renew
+        end
+      end
+
+      def self.refresh_task(cache)
+        refresher = self
+        Concurrent::TimerTask.new(execution_interval: refresher::REFRESH_INTERVAL) do
+          refresher.new(cache).refresh
+        end
+      end
+    end
+  end
+end

data/lib/settings_reader/vault_resolver/version.rb

@@ -0,0 +1,5 @@
+module SettingsReader
+  module VaultResolver
+    VERSION = "0.1.1"
+  end
+end

data/lib/settings_reader/vault_resolver.rb

@@ -0,0 +1,33 @@
+require 'concurrent/timer_task.rb'
+require "settings_reader/vault_resolver/version"
+require "settings_reader/vault_resolver/address"
+require "settings_reader/vault_resolver/entry"
+require "settings_reader/vault_resolver/cache"
+require "settings_reader/vault_resolver/refresher"
+require "settings_reader/resolvers/vault"
+
+module SettingsReader
+  module VaultResolver
+    class Error < StandardError; end
+
+    class << self
+      attr_accessor :cache, :refresher_timer_task
+    end
+
+    def self.setup_cache
+      self.cache ||= SettingsReader::VaultResolver::Cache.new
+    end
+
+    def self.setup_lease_refresher
+      self.refresher_timer_task ||= SettingsReader::VaultResolver::Refresher.refresh_task(self.cache)
+      self.refresher_timer_task.execute
+    end
+
+    def self.resolver
+      SettingsReader::VaultResolver::Vault
+    end
+
+    setup_cache
+    setup_lease_refresher
+  end
+end

data/settings_reader-vault_resolver.gemspec

@@ -0,0 +1,41 @@
+require_relative 'lib/settings_reader/vault_resolver/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'settings_reader-vault_resolver'
+  spec.version       = SettingsReader::VaultResolver::VERSION
+  spec.authors       = ['Volodymyr Mykhailyk']
+  spec.email         = ['712680+volodymyr-mykhailyk@users.noreply.github.com']
+
+  spec.summary       = 'Settings Reader plugin to resolve values using in Hashicorp Vault'
+  spec.description   = 'This gem works as a resolver for `settings_reader` gem. \
+                        Any value with matching format will be resolved using Vault \
+                        with support of dynamic secrets and lease renewal.'
+  spec.homepage      = 'https://github.com/matic-insurance/settings_reader-vault_resolver'
+  spec.license       = 'MIT'
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.3.0')
+
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = spec.homepage
+  spec.metadata['changelog_uri'] = spec.homepage + "/blob/master/CHANGELOG.md"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features|local)/}) }
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'concurrent-ruby', '~> 1.1'
+  spec.add_dependency 'vault', '~> 0.16'
+
+  spec.add_development_dependency 'bundler', '~> 2.0'
+  spec.add_development_dependency 'codecov', '~> 0.4'
+  spec.add_development_dependency 'rake', '~> 13.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'rubocop', '~> 0.66'
+  spec.add_development_dependency 'rubocop-rspec', '~> 1.32.0'
+  spec.add_development_dependency 'simplecov', '~> 0.16'
+  spec.add_development_dependency 'timecop', '~> 0.9'
+end

metadata

@@ -0,0 +1,211 @@
+--- !ruby/object:Gem::Specification
+name: settings_reader-vault_resolver
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Volodymyr Mykhailyk
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2022-01-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: concurrent-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: vault
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: codecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.66'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.66'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.32.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.32.0
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+description: |-
+  This gem works as a resolver for `settings_reader` gem. \
+                          Any value with matching format will be resolved using Vault \
+                          with support of dynamic secrets and lease renewal.
+email:
+- 712680+volodymyr-mykhailyk@users.noreply.github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/workflows/main.yml"
+- ".gitignore"
+- ".rspec"
+- ".simplecov"
+- CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- docker-compose.yml
+- lib/settings_reader/resolvers/vault.rb
+- lib/settings_reader/vault_resolver.rb
+- lib/settings_reader/vault_resolver/address.rb
+- lib/settings_reader/vault_resolver/cache.rb
+- lib/settings_reader/vault_resolver/entry.rb
+- lib/settings_reader/vault_resolver/refresher.rb
+- lib/settings_reader/vault_resolver/version.rb
+- settings_reader-vault_resolver.gemspec
+homepage: https://github.com/matic-insurance/settings_reader-vault_resolver
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/matic-insurance/settings_reader-vault_resolver
+  source_code_uri: https://github.com/matic-insurance/settings_reader-vault_resolver
+  changelog_uri: https://github.com/matic-insurance/settings_reader-vault_resolver/blob/master/CHANGELOG.md
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.6
+signing_key: 
+specification_version: 4
+summary: Settings Reader plugin to resolve values using in Hashicorp Vault
+test_files: []