trixie 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: d9fb9e4a817416d5df9d692a6da48f03afc54c429b1956e6b74724739253776e
+  data.tar.gz: f0cbfc84bccc590573c633fe8a36ee00762fd4d6a94748c928ebb55668730d64
+SHA512:
+  metadata.gz: d897d133563fc5ce764cb7dda155f58b9822191ae74d24113736626cab6a172acbc15cd316d18d9c43cc2b473a7d1dbf93c0b655acfb7373bf09ec6d67120eda
+  data.tar.gz: 41c803e3e23ba1a91d2c523b98e95e053ef8a5a00c72f4cbfee3427aa73f7e8a577c57ac5abc72fcc4ca3e9836069c8479a3da016305fe98276a6520f559dd9f

data/.github/workflows/main.yml

@@ -0,0 +1,25 @@
+name: Ruby
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ['2.7', '3.0', '3.1']
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+    - name: Run the default task
+      run: |
+        gem install bundler -v 2.2.7
+        bundle install
+        bundle exec rake

data/.gitignore

@@ -0,0 +1,12 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status
+/.trixie.yml

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,17 @@
+AllCops:
+  TargetRubyVersion: 2.4
+
+Style/StringLiterals:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Style/StringLiteralsInInterpolation:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Layout/LineLength:
+  Max: 120
+
+Metrics/BlockLength:
+  Exclude:
+    - spec/**/*

data/.ruby-version

@@ -0,0 +1 @@
+3.0.4

data/Gemfile

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in trixie.gemspec
+gemspec
+
+gem "rake", "~> 13.0"
+
+gem "rspec", "~> 3.0"
+
+gem "rubocop", "~> 1.7"
+
+gem "pry-byebug"

data/Gemfile.lock

@@ -0,0 +1,69 @@
+PATH
+  remote: .
+  specs:
+    trixie (0.1.1)
+      dry-cli (~> 0.7.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.4.2)
+    byebug (11.1.3)
+    coderay (1.1.3)
+    diff-lcs (1.5.0)
+    dry-cli (0.7.0)
+    json (2.6.2)
+    method_source (1.0.0)
+    parallel (1.22.1)
+    parser (3.1.2.1)
+      ast (~> 2.4.1)
+    pry (0.14.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.10.1)
+      byebug (~> 11.0)
+      pry (>= 0.13, < 0.15)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    regexp_parser (2.5.0)
+    rexml (3.2.5)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.0)
+    rubocop (1.35.0)
+      json (~> 2.3)
+      parallel (~> 1.10)
+      parser (>= 3.1.2.1)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.20.1, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.21.0)
+      parser (>= 3.1.1.0)
+    ruby-progressbar (1.11.0)
+    unicode-display_width (2.2.0)
+
+PLATFORMS
+  x86_64-linux
+
+DEPENDENCIES
+  pry-byebug
+  rake (~> 13.0)
+  rspec (~> 3.0)
+  rubocop (~> 1.7)
+  trixie!
+
+BUNDLED WITH
+   2.2.33

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2022 Toptal
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,89 @@
+# Trixie
+
+Trixie let you load 1password secrets as ENVs for your development environment
+
+## Usage
+
+Initialize a `.trixie.yml` config file with:
+
+```sh
+trixie init
+```
+
+Then update it with a URI for you secret as `op://<vault>/<item>[/<section>]/<field>`, and the ENV your want, eg:
+
+```yaml
+secrets:
+  -  env: 'NPM_TOKEN'
+     value: "{{ op://Developers/NPM_TOKEN/SETUP_SECRET/value }}"
+```
+
+Then you can run `trixie load > .env.secrets` to update your env file with the `NPM_TOKEN`
+
+### Groups
+
+If you have multiple secrets you can declare groups, eg:
+
+```yaml
+secrets:
+  -  env: 'NPM_TOKEN'
+     value: "{{ op://Developers/NPM_TOKEN/SETUP_SECRET/value }}"
+     groups: [ dev ]
+  -  env: 'MY_API_TOKEN'
+     value: "{{ op://Developers/MY_API_TOKEN/SETUP_SECRET/password }}"
+     groups: [ api ]
+  -  env: 'MY_TEST_API_TOKEN'
+     value: "{{ op://Developers/MY_TEST_API_TOKEN/SETUP_SECRET/password }}"
+     groups: [ test ]
+```
+
+Then you could run `trixie load --groups GROUP_NAME` to select which group you want to fetch, eg: `trixie load --groups api,test`
+
+### Formats
+
+Trixie also supports other formats as the output as json, pretty_json and sh (ENVs with export), eg:
+
+```sh
+# Load envs in the current shell session
+eval $(trixie load --format sh)
+
+# Handle your ENVs in JSON format
+trixie load --format json | jq '.[0].value'
+```
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'trixie'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install trixie
+
+## TODO IDEAS
+
+1. Support Multiple Backends/Password Managers, Trixie::Loader can be refactored to be an adapter for the op CLI
+2. Allow specific Backend options, eg: trixie load --backend op --backend-options '{ "email": "bar@foo.com",   "address": "foo.1password.com"}'
+3. Validate the `.trixie.yml`, check if we have the required values for trixie to run
+4. Add a load --cache option, so fetched secrets could be retained for a while without using the Password Manager Backend
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/toptal/trixie.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+require "rubocop/rake_task"
+
+RuboCop::RakeTask.new
+
+task default: %i[spec rubocop]

data/bin/console

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "trixie"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/exe/trixie

@@ -0,0 +1,11 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require_relative "../lib/trixie"
+
+begin
+  Dry::CLI.new(Trixie::CLI).call
+rescue Trixie::Error => e
+  puts e
+  warn "Exiting trixie..."
+end

data/lib/trixie/cli.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module Trixie
+  class CLI # rubocop:disable Style/Documentation
+    extend Dry::CLI::Registry
+
+    class Init < Dry::CLI::Command # rubocop:disable Style/Documentation
+      desc "Creates an initial .trixie.yml"
+
+      option :output, type: :string, default: ".trixie.yml", desc: "Output File", aliases: ["-o"]
+      option :template, type: :string, default: "default", desc: "Template to be used", aliases: ["-t"]
+
+      def call(template:, output:)
+        warn "Creating trixie secrets file to #{output}"
+        Template.render(template, to: output)
+      end
+    end
+
+    class Load < Dry::CLI::Command # rubocop:disable Style/Documentation
+      desc "Load envs"
+      option :file, type: :string, default: ".trixie.yml", desc: "Secrets file", aliases: ["-f"]
+      option :groups, type: :array, default: [], desc: "Secrets groups to consider", aliases: ["-g"]
+      option :format, type: :string, default: "env", desc: "Format to output (env, sh, json, pretty_json)"
+
+      def call(**options)
+        puts Trixie::Load.new(**options).call
+      end
+    end
+
+    class Version < Dry::CLI::Command # rubocop:disable Style/Documentation
+      desc "Prints trixie version"
+
+      def call(*)
+        puts Trixie::VERSION
+      end
+    end
+
+    register "--version", Version, aliases: ["-v"]
+    register "load", Load, aliases: ["l"]
+    register "init", Init, aliases: ["i"]
+  end
+end

data/lib/trixie/formatter.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Trixie
+  # Inlcludes the possible formats to output the secrets and the main entrypoint with Formatter.for(format)
+  class Formatter
+    FORMATTERS = {
+      "env" => ->(secrets) { secrets.map { |secret| "#{secret["env"]}=#{secret["value"]}" }.join("\n") },
+      "sh" => ->(secrets) { secrets.map { |secret| "export #{secret["env"]}=#{secret["value"]}" }.join("\n") },
+      "json" => ->(secrets) { secrets.to_json },
+      "pretty_json" => ->(secrets) { JSON.pretty_generate(secrets) }
+    }.freeze
+
+    def self.for(format)
+      FORMATTERS[format]
+    end
+  end
+end

data/lib/trixie/load.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module Trixie
+  # Fetches the specified secrets with op cli and returns them formatted
+  class Load
+    OP_NOT_INSTALLED = "op cli is not installed please download and install at https://developer.1password.com/docs/cli/get-started#install"
+
+    def initialize(file:, groups: [], format: "env")
+      @file = file
+      @groups = groups
+      @formatter = Formatter.for(format)
+    end
+
+    def call
+      verify_op_installed!
+
+      create_account unless account_is_configured?
+
+      fetch_secrets
+    end
+
+    def verify_op_installed!
+      raise Trixie::OpCLINotInstalled, OP_NOT_INSTALLED unless system("which op > /dev/null")
+    end
+
+    def account_is_configured?
+      !Open3.capture2("op account list").first.empty?
+    end
+
+    def create_account
+      warn "* Configuring 1password Account"
+      warn "To get the Secret Key take a look at https://support.1password.com/secret-key/"
+
+      `op account add`
+    end
+
+    def fetch_secrets
+      `eval $(op signin) && echo '#{formatted_secrets}' | op inject`
+    end
+
+    def secrets_config
+      @secrets_config ||= YAML.load_file(@file)
+    end
+
+    def filtered_secrets
+      return secrets_config["secrets"] if @groups.empty?
+
+      secrets_config["secrets"].select { |secret| secret["groups"].any? { |group| @groups.include?(group) } }
+    end
+
+    def formatted_secrets
+      @formatter.call(filtered_secrets)
+    end
+  end
+end

data/lib/trixie/template.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Trixie
+  # Render templates in lib/templates folder to a custom path
+  class Template
+    def self.render(template_name, to:)
+      new(template_name).render(to: to)
+    end
+
+    def initialize(template_name)
+      @template_name = template_name
+    end
+
+    def render(to:)
+      path = Pathname.new(to)
+      path.write(template_content)
+    end
+
+    private
+
+    def template_content
+      @template_content = template_path.join(@template_name).read
+    end
+
+    def template_path
+      Trixie.root_path.join("lib/trixie/templates")
+    end
+  end
+end

data/lib/trixie/templates/default

@@ -0,0 +1,8 @@
+---
+secrets:
+  -  env: 'MY_SECRET1'
+     value: "{{ op://Developers/MySecret1/SETUP_SECRET/value }}"
+     groups: [group1]
+  -  env: 'MY_SECRET2'
+     value: "{{ op://Developers/MySecret2/SETUP_SECRET/value }}"
+     groups: [group2]

data/lib/trixie/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Trixie
+  VERSION = "0.1.1"
+end

data/lib/trixie.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require "open3"
+require "yaml"
+require "json"
+require "pathname"
+require "dry/cli"
+
+require_relative "trixie/version"
+require_relative "trixie/template"
+require_relative "trixie/formatter"
+require_relative "trixie/load"
+require_relative "trixie/cli"
+
+module Trixie # rubocop:disable Style/Documentation
+  class Error < StandardError; end
+  class OpCLINotInstalled < Error; end
+
+  class << self
+    def root_path
+      Pathname.new File.expand_path("#{__dir__}/..")
+    end
+  end
+end

data/trixie.gemspec

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require_relative "lib/trixie/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "trixie"
+  spec.version       = Trixie::VERSION
+  spec.authors       = ["Toptal, LLC"]
+  spec.email         = ["open-source@toptal.com", "carlos.atkinson@toptal.com", "dalibor.kezele@toptal.com",
+                        "tiago.melo@toptal.com"]
+
+  spec.summary       = "CLI tool to fetch secrets in development"
+  spec.homepage      = "https://github.com/toptal/trixie"
+  spec.license       = "MIT"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.4.0")
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = "https://github.com/toptal/trixie"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{\A(?:test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  # Uncomment to register a new dependency of your gem
+  # spec.add_dependency "example-gem", "~> 1.0"
+
+  # For more information and examples about making a new gem, checkout our
+  # guide at: https://bundler.io/guides/creating_gem.html
+  spec.add_dependency "dry-cli", "~> 0.7.0"
+end

metadata

@@ -0,0 +1,84 @@
+--- !ruby/object:Gem::Specification
+name: trixie
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Toptal, LLC
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2022-08-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dry-cli
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.0
+description: 
+email:
+- open-source@toptal.com
+- carlos.atkinson@toptal.com
+- dalibor.kezele@toptal.com
+- tiago.melo@toptal.com
+executables:
+- trixie
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/workflows/main.yml"
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".ruby-version"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- exe/trixie
+- lib/trixie.rb
+- lib/trixie/cli.rb
+- lib/trixie/formatter.rb
+- lib/trixie/load.rb
+- lib/trixie/template.rb
+- lib/trixie/templates/default
+- lib/trixie/version.rb
+- trixie.gemspec
+homepage: https://github.com/toptal/trixie
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/toptal/trixie
+  source_code_uri: https://github.com/toptal/trixie
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.4.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.33
+signing_key: 
+specification_version: 4
+summary: CLI tool to fetch secrets in development
+test_files: []