vaultez-cli 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: '07770618a022bbabf6a89511dbeb1366ead244d90fc938435aba94bb9e7ccbbd'
+  data.tar.gz: 03afca8c6b3846442c78791cddda0232b9882d37104708b31ce8e38e4e985a11
+SHA512:
+  metadata.gz: 5346e840aa94d43ea44fb8c6a0394bc511e1d139bc812f2fcf95c4616619e35a210aa8b94b2d7616b7dfaa271a13bb8759674ae5b752c8d0239fa6742d9a50d4
+  data.tar.gz: 2dda8d7e5fb79f72d3b8b5b65dc338a5af379149b28cd949984a4ce24ad6db86b5d7b9d138eec86f331278d83246da738c5aa0235fcfa723b13c7f32db6a6614

data/bin/vaultez

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require_relative "../lib/vaultez"
+
+Vaultez::CLI.start(ARGV)

data/lib/vaultez/cli.rb

@@ -0,0 +1,59 @@
+require "thor"
+require_relative "commands/auth"
+require_relative "commands/fetch"
+require_relative "commands/config_command"
+
+module Vaultez
+  class CLI < Thor
+    include Vaultez::Commands::Auth
+    include Vaultez::Commands::Fetch
+    include Vaultez::Commands::ConfigCommand
+
+    desc "login", "Authenticate with Vaultez"
+    long_desc <<~DESC, wrap: false
+      Authenticate with your Vaultez account. You will be prompted for your
+      email and password. Your session token is stored in ~/.vaultez/config.yml.
+
+      Example:
+        vaultez login
+    DESC
+    def login; super; end
+
+    desc "logout", "Log out and revoke your token"
+    long_desc <<~DESC, wrap: false
+      Revokes your session token on the server and clears your local credentials.
+
+      Example:
+        vaultez logout
+    DESC
+    def logout; super; end
+
+    desc "fetch", "Fetch companies, projects, or secrets"
+    long_desc <<~DESC, wrap: false
+      Fetch resources from Vaultez. The --company flag is optional when you
+      have a default company set or only belong to one company.
+
+      Examples:
+        vaultez fetch --companies
+        vaultez fetch --company="Acme" --projects
+        vaultez fetch --company="Acme" --project="Backend"
+        vaultez fetch --company="Acme" --project="Backend" --secret="DATABASE_URL"
+    DESC
+    option :companies, type: :boolean, desc: "List all your companies"
+    option :company,   type: :string,  desc: "Company name"
+    option :projects,  type: :boolean, desc: "List projects in a company"
+    option :project,   type: :string,  desc: "Project name"
+    option :secret,    type: :string,  desc: "Secret name"
+    def fetch; super; end
+
+    desc "config", "Configure Vaultez CLI settings"
+    long_desc <<~DESC, wrap: false
+      Update your local Vaultez CLI configuration.
+
+      Examples:
+        vaultez config --default-company="Acme"
+    DESC
+    option :"default-company", type: :string, desc: "Set the default company"
+    def config; super; end
+  end
+end

data/lib/vaultez/client.rb

@@ -0,0 +1,84 @@
+require "net/http"
+require "json"
+require "uri"
+
+module Vaultez
+  class Client
+    def initialize
+      @api_url = Vaultez::Config.api_url
+      @token   = Vaultez::Config.token
+    end
+
+    def login(email, password)
+      post("/api/v1/auth/login", { email: email, password: password }, authenticated: false)
+    end
+
+    def logout
+      delete("/api/v1/auth/logout")
+    end
+
+    def companies
+      get("/api/v1/companies")
+    end
+
+    def projects(company_id)
+      get("/api/v1/companies/#{company_id}/projects")
+    end
+
+    def secrets(project_id)
+      get("/api/v1/projects/#{project_id}/secrets")
+    end
+
+    private
+
+    def get(path)
+      request(:get, path)
+    end
+
+    def post(path, body, authenticated: true)
+      request(:post, path, body, authenticated: authenticated)
+    end
+
+    def delete(path)
+      request(:delete, path)
+    end
+
+    def request(method, path, body = nil, authenticated: true)
+      uri  = URI("#{@api_url}#{path}")
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = uri.scheme == "https"
+
+      req = build_request(method, uri)
+      req["Content-Type"] = "application/json"
+      req["Accept"]       = "application/json"
+
+      if authenticated
+        raise Vaultez::NotAuthenticatedError, "Not logged in. Run `vaultez login` first." unless @token
+        req["Authorization"] = "Bearer #{@token}"
+      end
+
+      req.body = body.to_json if body
+
+      parse_response(http.request(req))
+    end
+
+    def build_request(method, uri)
+      case method
+      when :get    then Net::HTTP::Get.new(uri)
+      when :post   then Net::HTTP::Post.new(uri)
+      when :delete then Net::HTTP::Delete.new(uri)
+      end
+    end
+
+    def parse_response(response)
+      body = JSON.parse(response.body) rescue {}
+
+      case response.code.to_i
+      when 200, 201 then body
+      when 401 then raise Vaultez::AuthenticationError, body["error"] || "Authentication failed"
+      when 404 then raise Vaultez::NotFoundError,       body["error"] || "Not found"
+      else          raise Vaultez::ApiError,            body["error"] || "API error (#{response.code})"
+      end
+    end
+  end
+end

data/lib/vaultez/commands/auth.rb

@@ -0,0 +1,35 @@
+module Vaultez
+  module Commands
+    module Auth
+      def login
+        puts "Email: "
+        email = $stdin.gets.chomp
+
+        puts "Password: "
+        system("stty -echo")
+        password = $stdin.gets.chomp
+        system("stty echo")
+        puts
+
+        client = Vaultez::Client.new
+        response = client.login(email, password)
+
+        Vaultez::Config.set("token", response["token"])
+        puts "Logged in successfully."
+      rescue Vaultez::AuthenticationError => error
+        puts "Error: #{error.message}"
+        exit 1
+      end
+
+      def logout
+        client = Vaultez::Client.new
+        client.logout
+        Vaultez::Config.clear
+        puts "Logged out successfully."
+      rescue Vaultez::NotAuthenticatedError => error
+        puts "Error: #{error.message}"
+        exit 1
+      end
+    end
+  end
+end

data/lib/vaultez/commands/config_command.rb

@@ -0,0 +1,30 @@
+module Vaultez
+  module Commands
+    module ConfigCommand
+      def config
+        if options[:"default-company"]
+          client    = Vaultez::Client.new
+          companies = client.companies
+          company   = companies.find { |company| company["name"] == options[:"default-company"] }
+
+          unless company
+            puts "Error: company \"#{options[:"default-company"]}\" not found."
+            exit 1
+          end
+
+          Vaultez::Config.set("default_company", company["name"])
+          puts "Default company set to \"#{company["name"]}\"."
+        else
+          puts "No config option provided. See `vaultez help config`."
+          exit 1
+        end
+      rescue Vaultez::NotAuthenticatedError => error
+        puts "Error: #{error.message}"
+        exit 1
+      rescue Vaultez::ApiError => error
+        puts "Error: #{error.message}"
+        exit 1
+      end
+    end
+  end
+end

data/lib/vaultez/commands/fetch.rb

@@ -0,0 +1,121 @@
+module Vaultez
+  module Commands
+    module Fetch
+      def fetch
+        client = Vaultez::Client.new
+
+        if options[:companies]
+          fetch_companies(client)
+        elsif options[:projects]
+          fetch_projects(client)
+        elsif options[:project] && options[:secret]
+          fetch_secret(client)
+        elsif options[:project]
+          fetch_secrets(client)
+        else
+          puts "Error: not enough options. See `vaultez help fetch`."
+          exit 1
+        end
+      rescue Vaultez::NotAuthenticatedError => error
+        puts "Error: #{error.message}"
+        exit 1
+      rescue Vaultez::NotFoundError => error
+        puts "Error: #{error.message}"
+        exit 1
+      rescue Vaultez::ApiError => error
+        puts "Error: #{error.message}"
+        exit 1
+      end
+
+      private
+
+      def fetch_companies(client)
+        companies = client.companies
+        if companies.empty?
+          puts "No companies found."
+          return
+        end
+        puts "Companies:"
+        companies.each do |company|
+          puts "  #{company["name"]} (#{company["role"]})"
+        end
+      end
+
+      def fetch_projects(client)
+        company  = resolve_company(client)
+        projects = client.projects(company["id"])
+        if projects.empty?
+          puts "No projects found in #{company["name"]}."
+          return
+        end
+        puts "Projects in #{company["name"]}:"
+        projects.each do |project|
+          puts "  #{project["name"]} (#{project["role"]})"
+        end
+      end
+
+      def fetch_secrets(client)
+        company = resolve_company(client)
+        project = resolve_project(client, company)
+        secrets = client.secrets(project["id"])
+        if secrets.empty?
+          puts "No secrets found in #{project["name"]}."
+          return
+        end
+        secrets.each do |secret|
+          puts "#{secret["name"]}=#{secret["value"]}"
+        end
+      end
+
+      def fetch_secret(client)
+        company = resolve_company(client)
+        project = resolve_project(client, company)
+        secrets = client.secrets(project["id"])
+        secret  = secrets.find { |secret| secret["name"] == options[:secret] }
+
+        unless secret
+          puts "Error: secret \"#{options[:secret]}\" not found in #{project["name"]}."
+          exit 1
+        end
+
+        print secret["value"]
+      end
+
+      def resolve_company(client)
+        companies = client.companies
+
+        if options[:company]
+          company = companies.find { |company| company["name"] == options[:company] }
+          unless company
+            puts "Error: company \"#{options[:company]}\" not found."
+            exit 1
+          end
+          return company
+        end
+
+        default_name = Vaultez::Config.default_company
+        if default_name
+          company = companies.find { |company| company["name"] == default_name }
+          return company if company
+        end
+
+        if companies.size == 1
+          return companies.first
+        end
+
+        puts "Error: multiple companies found. Specify one with --company or set a default with `vaultez config --default-company`."
+        exit 1
+      end
+
+      def resolve_project(client, company)
+        projects = client.projects(company["id"])
+        project  = projects.find { |project| project["name"] == options[:project] }
+        unless project
+          puts "Error: project \"#{options[:project]}\" not found in #{company["name"]}."
+          exit 1
+        end
+        project
+      end
+    end
+  end
+end

data/lib/vaultez/config.rb

@@ -0,0 +1,52 @@
+require "yaml"
+require "fileutils"
+
+module Vaultez
+  class Config
+    CONFIG_PATH = File.expand_path("~/.vaultez/config.yml")
+
+    def self.get(key)
+      read[key.to_s]
+    end
+
+    def self.set(key, value)
+      data = read
+      data[key.to_s] = value
+      write(data)
+    end
+
+    def self.delete(key)
+      data = read
+      data.delete(key.to_s)
+      write(data)
+    end
+
+    def self.clear
+      FileUtils.rm_f(CONFIG_PATH)
+    end
+
+    def self.token
+      get("token")
+    end
+
+    def self.api_url
+      get("api_url") || "https://vaultez.app"
+    end
+
+    def self.default_company
+      get("default_company")
+    end
+
+    private
+
+    def self.read
+      return {} unless File.exist?(CONFIG_PATH)
+      YAML.safe_load(File.read(CONFIG_PATH)) || {}
+    end
+
+    def self.write(data)
+      FileUtils.mkdir_p(File.dirname(CONFIG_PATH))
+      File.write(CONFIG_PATH, data.to_yaml)
+    end
+  end
+end

data/lib/vaultez/errors.rb

@@ -0,0 +1,7 @@
+module Vaultez
+  class Error                < StandardError; end
+  class NotAuthenticatedError < Error; end
+  class AuthenticationError  < Error; end
+  class NotFoundError        < Error; end
+  class ApiError             < Error; end
+end

data/lib/vaultez/version.rb

@@ -0,0 +1,3 @@
+module Vaultez
+  VERSION = "0.1.0"
+end

data/lib/vaultez.rb

@@ -0,0 +1,5 @@
+require_relative "vaultez/version"
+require_relative "vaultez/errors"
+require_relative "vaultez/config"
+require_relative "vaultez/client"
+require_relative "vaultez/cli"

metadata

@@ -0,0 +1,64 @@
+--- !ruby/object:Gem::Specification
+name: vaultez-cli
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Nur Ketene
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+email:
+- nur@vaultez.app
+executables:
+- vaultez
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/vaultez
+- lib/vaultez.rb
+- lib/vaultez/cli.rb
+- lib/vaultez/client.rb
+- lib/vaultez/commands/auth.rb
+- lib/vaultez/commands/config_command.rb
+- lib/vaultez/commands/fetch.rb
+- lib/vaultez/config.rb
+- lib/vaultez/errors.rb
+- lib/vaultez/version.rb
+homepage: https://vaultez.app
+licenses:
+- MIT
+metadata: {}
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: CLI tool for Vaultez — manage your secrets from the terminal
+test_files: []