vaultkit 1.0.0 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/vkit/cli/base_cli.rb +110 -0
- data/lib/vkit/cli/commands/approval_watch_command.rb +129 -0
- data/lib/vkit/cli/commands/grant_revoke_command.rb +39 -0
- data/lib/vkit/cli/commands/init_command.rb +82 -0
- data/lib/vkit/cli/commands/policy_pack_add_command.rb +38 -0
- data/lib/vkit/cli/commands/policy_pack_info_command.rb +47 -0
- data/lib/vkit/cli/commands/policy_pack_list_command.rb +47 -0
- data/lib/vkit/cli/commands/policy_pack_remove_command.rb +36 -0
- data/lib/vkit/cli/commands/policy_pack_upgrade_command.rb +81 -0
- data/lib/vkit/cli/commands/policy_revoke_command.rb +40 -0
- data/lib/vkit/cli/commands/reset_command.rb +20 -0
- data/lib/vkit/cli/policy_pack/manager.rb +416 -0
- data/lib/vkit/policy/bundle_compiler.rb +18 -0
- data/lib/vkit/policy/packs/ai_safety/metadata.yaml +10 -0
- data/lib/vkit/policy/packs/ai_safety/policies/01_deny_agent_prod_without_clearance.yaml +14 -0
- data/lib/vkit/policy/packs/ai_safety/policies/02_require_approval_for_sensitive_in_prod.yaml +16 -0
- data/lib/vkit/policy/packs/ai_safety/policies/03_mask_sensitive_by_default_for_agents.yaml +15 -0
- data/lib/vkit/policy/packs/financial_compliance/metadata.yaml +10 -0
- data/lib/vkit/policy/packs/financial_compliance/policies/01_require_approval_for_financial_prod.yaml +16 -0
- data/lib/vkit/policy/packs/financial_compliance/policies/02_mask_payment_tokens.yaml +14 -0
- data/lib/vkit/policy/packs/financial_compliance/policies/03_deny_non_admin_access_pci_in_prod.yaml +15 -0
- data/lib/vkit/policy/packs/financial_compliance/policies/04_short_ttl_for_financial_grants.yaml +14 -0
- data/lib/vkit/policy/packs/starter/metadata.yaml +9 -0
- data/lib/vkit/policy/packs/starter/policies/01_deny_sensitive_without_clearance.yaml +15 -0
- data/lib/vkit/policy/packs/starter/policies/02_mask_pii_by_default.yaml +13 -0
- data/lib/vkit/policy/packs/starter/policies/03_require_approval_high_sensitivity.yaml +17 -0
- data/lib/vkit/policy/packs/starter/policies/04_block_cross_region.yaml +14 -0
- data/lib/vkit/policy/packs/starter/policies/05_limit_production_access.yaml +16 -0
- data/lib/vkit/policy/packs/starter/policies/06_default_ttl.yaml +10 -0
- data/lib/vkit/policy/schema/policy_bundle.schema.json +16 -1
- data/lib/vkit/version.rb +1 -1
- metadata +29 -2
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
id: limit_production_access
|
|
2
|
+
description: "Restrict production data access to approved roles."
|
|
3
|
+
|
|
4
|
+
match: {}
|
|
5
|
+
|
|
6
|
+
context:
|
|
7
|
+
environment: production
|
|
8
|
+
requester_role: analyst
|
|
9
|
+
|
|
10
|
+
priority: 70
|
|
11
|
+
|
|
12
|
+
action:
|
|
13
|
+
require_approval: true
|
|
14
|
+
approver_role: admin
|
|
15
|
+
reason: "Production access for analysts requires approval."
|
|
16
|
+
ttl: "2h"
|
|
@@ -67,7 +67,22 @@
|
|
|
67
67
|
"min_control_plane": { "type": "string" },
|
|
68
68
|
"max_control_plane": { "type": "string" }
|
|
69
69
|
}
|
|
70
|
+
},
|
|
71
|
+
|
|
72
|
+
"installed_packs": {
|
|
73
|
+
"type": "array",
|
|
74
|
+
"description": "List of policy packs active when this bundle was compiled.",
|
|
75
|
+
"items": {
|
|
76
|
+
"type": "object",
|
|
77
|
+
"required": ["name", "version"],
|
|
78
|
+
"additionalProperties": false,
|
|
79
|
+
"properties": {
|
|
80
|
+
"name": { "type": "string" },
|
|
81
|
+
"version": { "type": "string" }
|
|
82
|
+
}
|
|
83
|
+
}
|
|
70
84
|
}
|
|
85
|
+
|
|
71
86
|
}
|
|
72
87
|
},
|
|
73
88
|
|
|
@@ -138,7 +153,7 @@
|
|
|
138
153
|
}
|
|
139
154
|
}
|
|
140
155
|
}
|
|
141
|
-
},
|
|
156
|
+
},
|
|
142
157
|
|
|
143
158
|
"policies": {
|
|
144
159
|
"type": "array",
|
data/lib/vkit/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: vaultkit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nnamdi Ogundu
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2026-
|
|
11
|
+
date: 2026-02-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thor
|
|
@@ -44,26 +44,53 @@ files:
|
|
|
44
44
|
- lib/vkit/cli/commands/agent_tokens_list_command.rb
|
|
45
45
|
- lib/vkit/cli/commands/agent_tokens_revoke_command.rb
|
|
46
46
|
- lib/vkit/cli/commands/approval_command.rb
|
|
47
|
+
- lib/vkit/cli/commands/approval_watch_command.rb
|
|
47
48
|
- lib/vkit/cli/commands/base_command.rb
|
|
48
49
|
- lib/vkit/cli/commands/datasource_command.rb
|
|
49
50
|
- lib/vkit/cli/commands/fetch_command.rb
|
|
51
|
+
- lib/vkit/cli/commands/grant_revoke_command.rb
|
|
52
|
+
- lib/vkit/cli/commands/init_command.rb
|
|
50
53
|
- lib/vkit/cli/commands/login_command.rb
|
|
51
54
|
- lib/vkit/cli/commands/logout_command.rb
|
|
52
55
|
- lib/vkit/cli/commands/policy_bundle_command.rb
|
|
53
56
|
- lib/vkit/cli/commands/policy_deploy_command.rb
|
|
57
|
+
- lib/vkit/cli/commands/policy_pack_add_command.rb
|
|
58
|
+
- lib/vkit/cli/commands/policy_pack_info_command.rb
|
|
59
|
+
- lib/vkit/cli/commands/policy_pack_list_command.rb
|
|
60
|
+
- lib/vkit/cli/commands/policy_pack_remove_command.rb
|
|
61
|
+
- lib/vkit/cli/commands/policy_pack_upgrade_command.rb
|
|
62
|
+
- lib/vkit/cli/commands/policy_revoke_command.rb
|
|
54
63
|
- lib/vkit/cli/commands/policy_validate_command.rb
|
|
55
64
|
- lib/vkit/cli/commands/request_command.rb
|
|
56
65
|
- lib/vkit/cli/commands/requests_list_command.rb
|
|
66
|
+
- lib/vkit/cli/commands/reset_command.rb
|
|
57
67
|
- lib/vkit/cli/commands/scan_command.rb
|
|
58
68
|
- lib/vkit/cli/commands/whoami_command.rb
|
|
59
69
|
- lib/vkit/cli/errors.rb
|
|
60
70
|
- lib/vkit/cli/policy_bundle_validator.rb
|
|
71
|
+
- lib/vkit/cli/policy_pack/manager.rb
|
|
61
72
|
- lib/vkit/cli/requests_cli.rb
|
|
62
73
|
- lib/vkit/core/auth_client.rb
|
|
63
74
|
- lib/vkit/core/credential_resolver.rb
|
|
64
75
|
- lib/vkit/core/credential_store.rb
|
|
65
76
|
- lib/vkit/core/table_formatter.rb
|
|
66
77
|
- lib/vkit/policy/bundle_compiler.rb
|
|
78
|
+
- lib/vkit/policy/packs/ai_safety/metadata.yaml
|
|
79
|
+
- lib/vkit/policy/packs/ai_safety/policies/01_deny_agent_prod_without_clearance.yaml
|
|
80
|
+
- lib/vkit/policy/packs/ai_safety/policies/02_require_approval_for_sensitive_in_prod.yaml
|
|
81
|
+
- lib/vkit/policy/packs/ai_safety/policies/03_mask_sensitive_by_default_for_agents.yaml
|
|
82
|
+
- lib/vkit/policy/packs/financial_compliance/metadata.yaml
|
|
83
|
+
- lib/vkit/policy/packs/financial_compliance/policies/01_require_approval_for_financial_prod.yaml
|
|
84
|
+
- lib/vkit/policy/packs/financial_compliance/policies/02_mask_payment_tokens.yaml
|
|
85
|
+
- lib/vkit/policy/packs/financial_compliance/policies/03_deny_non_admin_access_pci_in_prod.yaml
|
|
86
|
+
- lib/vkit/policy/packs/financial_compliance/policies/04_short_ttl_for_financial_grants.yaml
|
|
87
|
+
- lib/vkit/policy/packs/starter/metadata.yaml
|
|
88
|
+
- lib/vkit/policy/packs/starter/policies/01_deny_sensitive_without_clearance.yaml
|
|
89
|
+
- lib/vkit/policy/packs/starter/policies/02_mask_pii_by_default.yaml
|
|
90
|
+
- lib/vkit/policy/packs/starter/policies/03_require_approval_high_sensitivity.yaml
|
|
91
|
+
- lib/vkit/policy/packs/starter/policies/04_block_cross_region.yaml
|
|
92
|
+
- lib/vkit/policy/packs/starter/policies/05_limit_production_access.yaml
|
|
93
|
+
- lib/vkit/policy/packs/starter/policies/06_default_ttl.yaml
|
|
67
94
|
- lib/vkit/policy/policy_validator.rb
|
|
68
95
|
- lib/vkit/policy/schema/policy_bundle.schema.json
|
|
69
96
|
- lib/vkit/policy/validate_bundle.rb
|