shield-vault 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +9 -0
- data/.rspec +2 -0
- data/.travis.yml +4 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +21 -0
- data/README.md +69 -0
- data/Rakefile +6 -0
- data/bin/console +14 -0
- data/bin/setup +7 -0
- data/exe/shield-vault.rb +15 -0
- data/lib/shield-vault.rb +114 -0
- data/lib/shield-vault/version.rb +3 -0
- data/shield-vault.gemspec +28 -0
- metadata +128 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 5af3a26280b97eec4b33e45757c8cc64de631eba
|
4
|
+
data.tar.gz: f55630399e46aad9699c81136cbbbdec74e01ce4
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: be43e8b4670a77a8ec5bde116f29e4dbc8e700fe91b4d3db1f58ae5ea498c4878a42c258543174ebf72d4529cc7fa52ba0365b52ebeaf415978a8780851a1a8b
|
7
|
+
data.tar.gz: 361106453add57f88ecabf20b113099bd55a9ebc03e4ac2d20510239654f4076f5ad0e7c084927642864ac06b9d02efd6bbd332dab636ce0c14bfd9476144fda
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2015 Adam Scott
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,69 @@
|
|
1
|
+
# Shield-Vault
|
2
|
+
|
3
|
+
Shield-Vault is a tool for managing your application's environment variables in a [Vault](https://vaultproject.io/).
|
4
|
+
|
5
|
+
## Installation
|
6
|
+
|
7
|
+
Add this line to your application's Gemfile:
|
8
|
+
|
9
|
+
```ruby
|
10
|
+
gem 'shield-vault'
|
11
|
+
```
|
12
|
+
|
13
|
+
And then execute:
|
14
|
+
|
15
|
+
$ bundle
|
16
|
+
|
17
|
+
Or install it yourself as:
|
18
|
+
|
19
|
+
$ gem install shield
|
20
|
+
|
21
|
+
## Setup
|
22
|
+
This gem assumes that you've already setup [Vault](https://vaultproject.io/). You can use this gem on local vaults or ones that have been deployed to a server. If you are working with a local server you'll just need to start vault and then proceed to the steps below. If you are working on a deployed vault you'll need to create an auth token for your vault and unseal it before you can interact with it using this gem. That setup is out of the scope of this gem but is covered in the official Vault [documentation](https://vaultproject.io/docs/index.html).
|
23
|
+
|
24
|
+
1. `export VAULT_ADDR=YOUR_VAULT_SERVER_ADDRESS`
|
25
|
+
2. `export VAULT_TOKEN=YOUR_VAULT_AUTH_TOKEN`
|
26
|
+
|
27
|
+
## Usage
|
28
|
+
Shield-Vault will store environment variables as a hash of values based on your environment and the name of your app. By default the environment is "development" but can be overriden with the `--environment` flag. The name of your app is taken from your current working directory or by specifying it with the `--app` flag.
|
29
|
+
|
30
|
+
#### Add an environment variable
|
31
|
+
`shield-vault add <key> <value>`
|
32
|
+
|
33
|
+
#### Update an environment variable
|
34
|
+
`shield-vault update <key> <value>`
|
35
|
+
|
36
|
+
#### Remove an environment variable
|
37
|
+
`shield-vault remove <key> <value>`
|
38
|
+
|
39
|
+
#### Fetch all environment variables and update your .env file
|
40
|
+
`shield-vault fetch`
|
41
|
+
|
42
|
+
#### Environment Flag
|
43
|
+
By default, all commands use the "development" environment. You can specify another environment with the `--environment` flag.
|
44
|
+
|
45
|
+
`shield-vault fetch --environment=production` will fetch your production environment variables and update your `.env.production` file.
|
46
|
+
|
47
|
+
#### App flag
|
48
|
+
By default, all commands use your current working directory as the app name. If for some reason you need to override this, you can do so with the `--app` flag.
|
49
|
+
|
50
|
+
`shield-vault fetch --app=seabiscuit` will fetch the environment variables namespaced under the seabiscuit app.
|
51
|
+
|
52
|
+
#### .env files
|
53
|
+
Shield-Vault assumes you are using a tool like [dotenv](https://github.com/bkeepers/dotenv) or [Ember-cli-dotenv](https://github.com/fivetanley/ember-cli-dotenv) to load environment variables in your app as the `fetch` command will create/update the appropriate .env file. For example, if pass the `--environment=production` flag, it'll update the `.env.production` file.
|
54
|
+
|
55
|
+
## Development
|
56
|
+
|
57
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
58
|
+
|
59
|
+
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
60
|
+
|
61
|
+
## Contributing
|
62
|
+
|
63
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/checkmateio/shield-vault.
|
64
|
+
|
65
|
+
|
66
|
+
## License
|
67
|
+
|
68
|
+
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
69
|
+
|
data/Rakefile
ADDED
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "shield-vault"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require "irb"
|
14
|
+
IRB.start
|
data/bin/setup
ADDED
data/exe/shield-vault.rb
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require 'shield-vault'
|
4
|
+
require 'vault'
|
5
|
+
|
6
|
+
# Vault config
|
7
|
+
Vault.configure do |config|
|
8
|
+
# The address of the Vault server, also read as ENV["VAULT_ADDR"]
|
9
|
+
config.address = ENV['VAULT_ADDR'] || 'https://127.0.0.1:8200'
|
10
|
+
|
11
|
+
# The token to authenticate with Vault, also read as ENV["VAULT_TOKEN"]
|
12
|
+
config.token = ENV['VAULT_TOKEN'] || "abcd-1234"
|
13
|
+
end
|
14
|
+
|
15
|
+
ShieldVault::Commander.start(ARGV)
|
data/lib/shield-vault.rb
ADDED
@@ -0,0 +1,114 @@
|
|
1
|
+
require "shield-vault/version"
|
2
|
+
require "thor"
|
3
|
+
require 'vault'
|
4
|
+
|
5
|
+
module ShieldVault
|
6
|
+
class Commander < Thor
|
7
|
+
class_option :app, desc: "specify which app this is for, default is current working directory"
|
8
|
+
class_option :environment, desc: "specify which environment this is for", default: "development"
|
9
|
+
|
10
|
+
desc "fetch", "Fetch all environment variables from Vault and write to .env file"
|
11
|
+
long_desc <<-ADD
|
12
|
+
`fetch` will fetch all environment variables from Vault and write to .env file.
|
13
|
+
ADD
|
14
|
+
def fetch
|
15
|
+
check_seal do
|
16
|
+
values = get_current_values
|
17
|
+
if values
|
18
|
+
File.open(file_name, 'w+') do |file|
|
19
|
+
file.truncate(0)
|
20
|
+
values.keys.each do |key|
|
21
|
+
file.puts "#{key}=#{values[key]}\n"
|
22
|
+
end
|
23
|
+
end
|
24
|
+
puts "Fetched environment variables and updated local #{file_name} file"
|
25
|
+
else
|
26
|
+
puts "No environment variables set for #{main_key} environment."
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
desc "add <key> <value>", "Add environment variable to Vault"
|
32
|
+
long_desc <<-ADD
|
33
|
+
`add <key> <value>` will add an environment variable to the Vault.
|
34
|
+
ADD
|
35
|
+
def add(key, value)
|
36
|
+
check_seal do
|
37
|
+
current_values = get_current_values
|
38
|
+
current_values[key.to_sym] = value
|
39
|
+
Vault.logical.write(main_key, current_values)
|
40
|
+
puts "Added/updated environment variable in #{main_key}: #{key}"
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
desc "update <key> <value>", "Update environment variable in Vault"
|
45
|
+
long_desc <<-UPDATE
|
46
|
+
`update <key> <value>` will update an environment variable to the Vault.
|
47
|
+
UPDATE
|
48
|
+
def update(key, value)
|
49
|
+
invoke :add
|
50
|
+
end
|
51
|
+
|
52
|
+
desc "remove <key>", "Remove environment variable from Vault"
|
53
|
+
long_desc <<-REMOVE
|
54
|
+
`remove <key>` will remove an environment variable from the Vault.
|
55
|
+
REMOVE
|
56
|
+
def remove(key)
|
57
|
+
check_seal do
|
58
|
+
current_values = get_current_values
|
59
|
+
if current_values[key.to_sym]
|
60
|
+
current_values.delete key.to_sym
|
61
|
+
if current_values.empty?
|
62
|
+
Vault.logical.delete(main_key)
|
63
|
+
else
|
64
|
+
Vault.logical.write(main_key, current_values)
|
65
|
+
end
|
66
|
+
puts "Removed environment variable from #{main_key}: #{key}"
|
67
|
+
else
|
68
|
+
puts "Environment variable on #{main_key} does not exist: #{key}"
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
private
|
74
|
+
|
75
|
+
def environment
|
76
|
+
options[:environment] || "development"
|
77
|
+
end
|
78
|
+
|
79
|
+
def app
|
80
|
+
#assume current directory is app name if option not passed in
|
81
|
+
options[:app] || Dir.pwd.split('/').last
|
82
|
+
end
|
83
|
+
|
84
|
+
def get_current_values
|
85
|
+
values = Vault.logical.read(main_key)
|
86
|
+
values ? values.data : {}
|
87
|
+
end
|
88
|
+
|
89
|
+
def main_key
|
90
|
+
"secret/#{app}_#{environment}_env_vars"
|
91
|
+
end
|
92
|
+
|
93
|
+
def file_name
|
94
|
+
@file_name ||= case environment
|
95
|
+
when 'development'
|
96
|
+
File.join(Dir.pwd, '.env')
|
97
|
+
when 'staging'
|
98
|
+
File.join(Dir.pwd, '.env.staging')
|
99
|
+
when 'production'
|
100
|
+
File.join(Dir.pwd, '.env.production')
|
101
|
+
else
|
102
|
+
nil
|
103
|
+
end
|
104
|
+
end
|
105
|
+
|
106
|
+
def check_seal(&block)
|
107
|
+
if Vault.sys.seal_status.sealed
|
108
|
+
puts "Vault is sealed. You must unseal it to interact with it."
|
109
|
+
return
|
110
|
+
end
|
111
|
+
block.call
|
112
|
+
end
|
113
|
+
end
|
114
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'shield-vault/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "shield-vault"
|
8
|
+
spec.version = ShieldVault::VERSION
|
9
|
+
spec.authors = ["Adam Scott"]
|
10
|
+
spec.email = ["ascot21@gmail.com"]
|
11
|
+
|
12
|
+
spec.summary = %q{A tool for managing your application's environment variables in a Vault.}
|
13
|
+
spec.description = %q{A tool for managing your application's environment variables in a Vault.}
|
14
|
+
spec.homepage = "https://github.com/CheckMateIO/shield-vault"
|
15
|
+
spec.license = "MIT"
|
16
|
+
|
17
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
18
|
+
spec.bindir = "exe"
|
19
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
20
|
+
spec.require_paths = ["lib"]
|
21
|
+
|
22
|
+
spec.add_development_dependency "bundler", "~> 1.10"
|
23
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
24
|
+
spec.add_development_dependency "rspec"
|
25
|
+
|
26
|
+
spec.add_dependency 'thor'
|
27
|
+
spec.add_dependency "vault", "~> 0.1"
|
28
|
+
end
|
metadata
ADDED
@@ -0,0 +1,128 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: shield-vault
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Adam Scott
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2015-10-05 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.10'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.10'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rake
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '10.0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '10.0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rspec
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: thor
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :runtime
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: vault
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0.1'
|
76
|
+
type: :runtime
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0.1'
|
83
|
+
description: A tool for managing your application's environment variables in a Vault.
|
84
|
+
email:
|
85
|
+
- ascot21@gmail.com
|
86
|
+
executables:
|
87
|
+
- shield-vault.rb
|
88
|
+
extensions: []
|
89
|
+
extra_rdoc_files: []
|
90
|
+
files:
|
91
|
+
- ".gitignore"
|
92
|
+
- ".rspec"
|
93
|
+
- ".travis.yml"
|
94
|
+
- Gemfile
|
95
|
+
- LICENSE.txt
|
96
|
+
- README.md
|
97
|
+
- Rakefile
|
98
|
+
- bin/console
|
99
|
+
- bin/setup
|
100
|
+
- exe/shield-vault.rb
|
101
|
+
- lib/shield-vault.rb
|
102
|
+
- lib/shield-vault/version.rb
|
103
|
+
- shield-vault.gemspec
|
104
|
+
homepage: https://github.com/CheckMateIO/shield-vault
|
105
|
+
licenses:
|
106
|
+
- MIT
|
107
|
+
metadata: {}
|
108
|
+
post_install_message:
|
109
|
+
rdoc_options: []
|
110
|
+
require_paths:
|
111
|
+
- lib
|
112
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
113
|
+
requirements:
|
114
|
+
- - ">="
|
115
|
+
- !ruby/object:Gem::Version
|
116
|
+
version: '0'
|
117
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
118
|
+
requirements:
|
119
|
+
- - ">="
|
120
|
+
- !ruby/object:Gem::Version
|
121
|
+
version: '0'
|
122
|
+
requirements: []
|
123
|
+
rubyforge_project:
|
124
|
+
rubygems_version: 2.4.8
|
125
|
+
signing_key:
|
126
|
+
specification_version: 4
|
127
|
+
summary: A tool for managing your application's environment variables in a Vault.
|
128
|
+
test_files: []
|