vaml 0.1.0 → 0.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/README.md +8 -7
- data/docker/config/consul-config.json +5 -0
- data/docker/config/vault.hcl +12 -0
- data/docker/config/vault.prod.hcl +20 -0
- data/docker/docker-compose.with_ssl.yml +50 -0
- data/docker/docker-compose.yml +38 -0
- data/lib/tasks/add_secret.rake +2 -0
- data/lib/vaml.rb +1 -1
- data/lib/vaml/configuration.rb +2 -1
- data/lib/vaml/github.rb +3 -3
- data/lib/vaml/vault_config.rb +2 -1
- data/lib/vaml/version.rb +1 -1
- metadata +7 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3b2ebabfa0526b8241ba6497e5d93f41a6e95b61
|
4
|
+
data.tar.gz: 3820ffa87e3dffa4d13d29dcbf280dd9a6ed566f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ce9219c27887b53640b4fd9774a93380c690ac5e83f840463282b00487e2b119f7fc214b613da2e589b36773070294699851abd2959b60950b00b8dfdf5e0d04
|
7
|
+
data.tar.gz: 84df93926bc8a34ba9d74e14e4bd9b39b73c45226edd71a0f78171178367bea28bb644e55066b6b21d8508918f5be21ea82680ba7bd8e770cea4b94992ececa7
|
data/.gitignore
CHANGED
data/README.md
CHANGED
@@ -124,15 +124,16 @@ Vaml::Github.enable_auth(organization)
|
|
124
124
|
Vaml::Github.grant_policy(team_name, policy_name)
|
125
125
|
```
|
126
126
|
|
127
|
-
## Using Vault
|
127
|
+
## Using Vault
|
128
128
|
|
129
|
-
|
129
|
+
This gem also contains a `docker/` directory with vault and consul setup for you.
|
130
|
+
To start vault on your local system with consul as the backend, clone the repo and run
|
131
|
+
|
132
|
+
`cd docker`
|
133
|
+
`docker-compose up`
|
134
|
+
|
135
|
+
or you can follow the official Vault documentation and install vault.
|
130
136
|
|
131
|
-
```
|
132
|
-
brew install vault
|
133
|
-
vault server --dev
|
134
|
-
```
|
135
|
-
And Follow the official Vault documentation.
|
136
137
|
|
137
138
|
## Development
|
138
139
|
|
@@ -0,0 +1,20 @@
|
|
1
|
+
backend "consul" {
|
2
|
+
address = "my_server_address:8500"
|
3
|
+
redirect_addr = "https://vault:8200"
|
4
|
+
path = "vault"
|
5
|
+
scheme = "https"
|
6
|
+
tls_skip_verify = 0
|
7
|
+
tls_cert_file= "/config/cert.pem"
|
8
|
+
tls_key_file = "/config/privkey.pem"
|
9
|
+
tls_ca_file = "/config/fullchain.pem"
|
10
|
+
}
|
11
|
+
|
12
|
+
listener "tcp" {
|
13
|
+
address = "0.0.0.0:8200"
|
14
|
+
tls_disable = 0
|
15
|
+
tls_cert_file = "/config/cert.pem"
|
16
|
+
tls_key_file = "/config/privkey.pem"
|
17
|
+
cluster_address = "0.0.0.0:8200"
|
18
|
+
}
|
19
|
+
|
20
|
+
disable_mlock = true
|
@@ -0,0 +1,50 @@
|
|
1
|
+
version: '3'
|
2
|
+
services:
|
3
|
+
consul-base:
|
4
|
+
image: consul:latest
|
5
|
+
container_name: "consul-base"
|
6
|
+
ports:
|
7
|
+
- "8400:8400"
|
8
|
+
- "8500:8500"
|
9
|
+
- "8600:8600"
|
10
|
+
- "53:53/udp"
|
11
|
+
command: "consul agent -server -bootstrap-expect 1 -ui-dir /ui -bind 0.0.0.0 -data-dir=/consul-data -config-file=/config/consul-config.json"
|
12
|
+
volumes:
|
13
|
+
- ./consul-data:/consul-data:Z
|
14
|
+
- ./config:/config
|
15
|
+
environment:
|
16
|
+
CONSUL_LOCAL_CONFIG: "{'key_file': '/consul/config/privkey1.pem', 'cert_file': '/consul/config/cert1.pem', 'ca_file': '/consul/config/fullchain1.pem', {'ports': {'http': 8501, 'https': 8500}}}"
|
17
|
+
consul-agent:
|
18
|
+
image: consul:latest
|
19
|
+
expose:
|
20
|
+
- "8400"
|
21
|
+
- "8500"
|
22
|
+
- "8600"
|
23
|
+
links:
|
24
|
+
- "consul-base:consul"
|
25
|
+
command: "consul agent -retry-join consul -bind 0.0.0.0 -data-dir=/consul-data"
|
26
|
+
depends_on:
|
27
|
+
- consul-base
|
28
|
+
volumes:
|
29
|
+
- ./consul-data:/consul-data:Z
|
30
|
+
environment:
|
31
|
+
CONSUL_LOCAL_CONFIG: "{'key_file': '/consul/config/privkey1.pem', 'cert_file': '/consul/config/cert1.pem', 'ca_file': '/consul/config/fullchain1.pem'}"
|
32
|
+
vault:
|
33
|
+
image: "vault"
|
34
|
+
#restart: always
|
35
|
+
cap_add:
|
36
|
+
- IPC_LOCK
|
37
|
+
#privileged: true
|
38
|
+
depends_on:
|
39
|
+
- consul-base
|
40
|
+
- consul-agent
|
41
|
+
links:
|
42
|
+
- "consul-base:consul"
|
43
|
+
environment:
|
44
|
+
- VAULT_ADDR=https://encrypt.homify.com:8200
|
45
|
+
ports:
|
46
|
+
- "8200:8200"
|
47
|
+
volumes:
|
48
|
+
- /home/ubuntu/vault-docker/config:/config:rw
|
49
|
+
#privileged: true
|
50
|
+
command: "vault server -config=/config/vault.hcl -log-level=trace"
|
@@ -0,0 +1,38 @@
|
|
1
|
+
version: '3'
|
2
|
+
services:
|
3
|
+
consul-base:
|
4
|
+
image: progrium/consul:latest
|
5
|
+
container_name: "consul-base"
|
6
|
+
ports:
|
7
|
+
- "8400:8400"
|
8
|
+
- "8500:8500"
|
9
|
+
- "8600:8600"
|
10
|
+
- "53:53/udp"
|
11
|
+
command: "-server -bootstrap-expect 1 -ui-dir /ui -bind 0.0.0.0 -data-dir=/consul-data"
|
12
|
+
volumes:
|
13
|
+
- ./consul-data:/consul-data
|
14
|
+
consul-agent:
|
15
|
+
image: progrium/consul:latest
|
16
|
+
expose:
|
17
|
+
- "8400"
|
18
|
+
- "8500"
|
19
|
+
- "8600"
|
20
|
+
command: "-server -join consul-base -bind 0.0.0.0"
|
21
|
+
depends_on:
|
22
|
+
- consul-base
|
23
|
+
vault:
|
24
|
+
image: "vault"
|
25
|
+
restart: always
|
26
|
+
depends_on:
|
27
|
+
- consul-base
|
28
|
+
- consul-agent
|
29
|
+
links:
|
30
|
+
- "consul-base:consul"
|
31
|
+
environment:
|
32
|
+
- VAULT_ADDR=http://vault:8200
|
33
|
+
ports:
|
34
|
+
- "8200:8200"
|
35
|
+
volumes:
|
36
|
+
- ./config:/config
|
37
|
+
- ./certbot-data:/etc/letsencrypt
|
38
|
+
command: "vault server -config=/config/vault.hcl -log-level=trace"
|
data/lib/tasks/add_secret.rake
CHANGED
@@ -7,6 +7,7 @@ namespace :vaml do
|
|
7
7
|
raise
|
8
8
|
end
|
9
9
|
Vaml.configure(host: ENV['VAULT_HOST'], token: ENV['VAULT_TOKEN'])
|
10
|
+
Vaml::Github.auth(ENV['VAULT_TOKEN'])
|
10
11
|
Vaml.write_string(key, value)
|
11
12
|
puts "the rake task did something"
|
12
13
|
exit
|
@@ -14,6 +15,7 @@ namespace :vaml do
|
|
14
15
|
|
15
16
|
task :read_secret do
|
16
17
|
Vaml.configure(host: ENV['VAULT_HOST'], token: ENV['VAULT_TOKEN'])
|
18
|
+
Vaml::Github.auth(ENV['VAULT_TOKEN'])
|
17
19
|
puts Vaml.read_string(ARGV[1])
|
18
20
|
exit
|
19
21
|
end
|
data/lib/vaml.rb
CHANGED
@@ -6,7 +6,6 @@ require 'vaml/vault_config'
|
|
6
6
|
require 'vaml/configuration'
|
7
7
|
require 'vaml/github'
|
8
8
|
require 'vaml/railtie' if defined?(Rails)
|
9
|
-
require 'pry'
|
10
9
|
|
11
10
|
module Vaml
|
12
11
|
|
@@ -17,6 +16,7 @@ module Vaml
|
|
17
16
|
def configure(options)
|
18
17
|
options[:host] ||= 'http://127.0.0.1:8200'
|
19
18
|
options[:token] ||= ENV['VAULT_TOKEN']
|
19
|
+
options[:ssl_verify] ||= false
|
20
20
|
|
21
21
|
self.configuration ||= Configuration.new(options)
|
22
22
|
yield configuration if block_given?
|
data/lib/vaml/configuration.rb
CHANGED
@@ -1,10 +1,11 @@
|
|
1
1
|
module Vaml
|
2
2
|
class Configuration
|
3
|
-
attr_accessor :organization, :host, :token
|
3
|
+
attr_accessor :organization, :host, :token, :ssl_verify
|
4
4
|
def initialize(options)
|
5
5
|
@host = options[:host]
|
6
6
|
@token = options[:token]
|
7
7
|
@organization = options[:organization]
|
8
|
+
@ssl_verify = options[:ssl_verify]
|
8
9
|
end
|
9
10
|
end
|
10
11
|
end
|
data/lib/vaml/github.rb
CHANGED
@@ -2,13 +2,13 @@ module Vaml
|
|
2
2
|
module Github
|
3
3
|
def self.enable_auth(org = Vaml.configuration.organization)
|
4
4
|
puts "Enabling auth for #{org} ... "
|
5
|
-
Vault.sys.enable_auth("github", "github")
|
5
|
+
Vault.sys.enable_auth("github", "github") unless Vault.sys.auths[:github]
|
6
6
|
Vault.logical.write("auth/github/config", organization: org)
|
7
7
|
end
|
8
8
|
|
9
9
|
def self.grant_policy(team_name, policy_name)
|
10
|
-
|
11
|
-
|
10
|
+
puts "Granting policy for #{team_name} ... #{policy_name} "
|
11
|
+
Vaml.write_string("auth/github/map/teams/#{team_name}", policy_name)
|
12
12
|
end
|
13
13
|
|
14
14
|
def self.auth(token)
|
data/lib/vaml/vault_config.rb
CHANGED
@@ -5,7 +5,8 @@ module Vaml
|
|
5
5
|
::Vault.configure do |config|
|
6
6
|
config.address = Vaml.configuration.host
|
7
7
|
config.token = Vaml.configuration.token
|
8
|
-
config.ssl_verify =
|
8
|
+
config.ssl_verify = true
|
9
|
+
config.ssl_verify = Vaml.configuration.ssl_verify
|
9
10
|
config.timeout = 30
|
10
11
|
config.ssl_timeout = 5
|
11
12
|
config.open_timeout = 5
|
data/lib/vaml/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: vaml
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dipesh
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-07-
|
11
|
+
date: 2017-07-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: vault
|
@@ -81,6 +81,11 @@ files:
|
|
81
81
|
- Rakefile
|
82
82
|
- bin/console
|
83
83
|
- bin/setup
|
84
|
+
- docker/config/consul-config.json
|
85
|
+
- docker/config/vault.hcl
|
86
|
+
- docker/config/vault.prod.hcl
|
87
|
+
- docker/docker-compose.with_ssl.yml
|
88
|
+
- docker/docker-compose.yml
|
84
89
|
- exe/vaml
|
85
90
|
- lib/tasks/add_secret.rake
|
86
91
|
- lib/vaml.rb
|