GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → infinum → secrets_cli

infinum / secrets_cli

Licence: MIT license
CLI for storing and reading your secrets via vault

Programming Languages

ruby
36898 projects - #4 most used programming language

Labels

cliopen-sourceruby-gemvaultsecretsecret-managementsecretshashicorp-vault

Projects that are alternatives of or similar to secrets cli

k8s-vault-webhook
A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers
Stars: ✭ 107 (+345.83%)
Mutual labels:  vault, secret-management, secrets, hashicorp-vault
Secretserver
Secret Server PowerShell Module
Stars: ✭ 82 (+241.67%)
Mutual labels:  secret, secret-management, secrets
secrets-proxy
🔑 A secure proxy service for managing OneOps secrets.
Stars: ✭ 12 (-50%)
Mutual labels:  vault, secret-management, secrets
thycotic.secretserver
PowerShell module for automating with Thycotic Secret Server REST API
Stars: ✭ 41 (+70.83%)
Mutual labels:  vault, secret-management, secrets
Hashicorp Vault Plugin
Jenkins plugin to populate environment variables from secrets stored in HashiCorp's Vault.
Stars: ✭ 191 (+695.83%)
Mutual labels:  vault, secret-management, secrets
Cryptr
Cryptr: a GUI for Hashicorp's Vault
Stars: ✭ 324 (+1250%)
Mutual labels:  vault, secret-management, secrets
lockgit
A CLI tool for storing encrypted data in a git repo
Stars: ✭ 121 (+404.17%)
Mutual labels:  vault, secret, secret-management
Vault Secrets Operator
Create Kubernetes secrets from Vault for a secure GitOps based workflow.
Stars: ✭ 298 (+1141.67%)
Mutual labels:  vault, secret, secrets
T Vault
Simplified secrets management solution
Stars: ✭ 316 (+1216.67%)
Mutual labels:  vault, secret, secrets
Helm Secrets
Successor of zendesk/helm-secrets - A helm plugin that help manage secrets with Git workflow and store them anywhere
Stars: ✭ 165 (+587.5%)
Mutual labels:  vault, secret-management, secrets
teller
Cloud native secrets management for developers - never leave your command line for secrets.
Stars: ✭ 998 (+4058.33%)
Mutual labels:  vault, secret-management, secrets
kubevault
🔐 KubeVault Documentation
Stars: ✭ 210 (+775%)
Mutual labels:  vault, secret-management
hookpick
A tool to manage some operational concepts of Hashicorp Vault
Stars: ✭ 83 (+245.83%)
Mutual labels:  vault, hashicorp-vault
vault-monkey
Extract secrets from your vault in a multi-machine cluster environment.
Stars: ✭ 12 (-50%)
Mutual labels:  vault, secrets
puppet-vault
Puppet module to manage Vault (https://vaultproject.io)
Stars: ✭ 41 (+70.83%)
Mutual labels:  vault, hashicorp-vault
SecureStore
A .NET implementation of the cross-platform SecureStore (symmetrically-encrypted secrets) protocol
Stars: ✭ 62 (+158.33%)
Mutual labels:  secret-management, secrets
actions
Load secrets into GitHub Actions
Stars: ✭ 47 (+95.83%)
Mutual labels:  secret-management, secrets
marathon-vault-plugin
Marathon plugin which injects Vault secrets via environment variables
Stars: ✭ 30 (+25%)
Mutual labels:  vault, secret-management
vault-converter
Support converting Vault Secrets to diffrent formats.
Stars: ✭ 15 (-37.5%)
Mutual labels:  vault, hashicorp-vault
ghost
A simple, server/less, single-api, multi-backend, ghostly secret-store/key-store for your passwords, ssh-keys and cloud credentials. Ghost isn't real, it's just in your head.
Stars: ✭ 36 (+50%)
Mutual labels:  vault, secret
View All Similar Projects ➔

Gem Version

SecretsCli

This is a CLI for easier use of vault

There is also a mina plugin mina-secrets

Table of contents

  1. Installation
  2. Prerequisites
  3. Usage
    1. Init
    2. Policies
    3. Environments
    4. storage_keys and environments
    5. Read
    6. Edit
    7. Pull
    8. Push
  4. Development
  5. Contributing
  6. License

Installation

Add this line to your application's Gemfile:

gem 'secrets_cli'

And then execute:

$ bundle

Or install it yourself as:

$ gem install secrets_cli

Prerequisites

The following environment variables need to be set:

For vault itself:

VAULT_ADDR   - address to your vault server (can also be set through config)
VAULT_CACERT - if you have a self issued certificate, point this environment variable to the location of the root CA file

For secrets_cli:

VAULT_AUTH_METHOD - this is auth method ('github', 'token', 'app_id' and 'approle' supported for now)
VAULT_AUTH_TOKEN - this is vault auth token
VAULT_AUTH_APP_ID - machine app_id (for app_id auth)
VAULT_AUTH_USER_ID - machine user_id which matches app_id (for app_id auth)
VAULT_AUTH_ROLE_id - machine role_id (for approle auth)
VAULT_AUTH_SECRET_ID - machine secret_id which matches role_id (for approle auth)

For github token you only need read:org permissions.

Usage

All commands have --help with detailed descriptions of options. Some of the commands have --verbose switch which will print out the commands it run.

Init

$ secrets init

This will create .secrets file with project configuration. The command will ask you all it needs to know if you do not supply the config through options.

Example of the .secrets:

---
:secrets_file: config/application.yml   # Required; file where your secrets are kept, depending on your environment gem (figaro, dotenv, etc)
:secrets_storage_key: rails/my_project/ # Required; vault 'storage_key' where your secrets will be kept.
development:                            # Any configuration can be nested under environment
  :vault_addr: https://myvault.com      # Optional; vault url (default: VAULT_ADDR environment variable)

Policies

$ secrets policies

To get all the policies your auth grants please use this command.

Environments

$ secrets list

To get the list of all current environments please use this command.

storage_keys and environments

Next 3 commands read and write to your project storage_key in vault. The value of the storage_key is generated by secrets_storage_key + environment. Example:

  `rails/my_project/development`

Environment is development by default, but it can be overwriten by passing --environment option, or setting RAILS_ENV environment variable.

Read

$ secrets read

This will read development secrets from the vault.

To read secrets from a different environment, use the -e flag:

$ secrets read -e production

Edit

$ secrets edit

This will allow you to edit secrets on the fly. You choose which editor to use by defining an $EDITOR variable, otherwise it will use one of these: mate -w, vim, vi, emacs, nano, pico

The same flags apply for editing as for reading:

$ EDITOR='atom -w' secrets edit -e production

Pull

$ secrets pull

This will pull from vault and write to your secrets file. The deafult file it will pull is the development one.

To pull from a different environment, also supply the -e flag and the -f flag for the file path:

$ secrets pull -e production -f config/application.production.yml

You can also supply the --ci_mode or -y flag to disable prompts and outputs.

Push

$ secrets push

This will push from your secrets file to vault.

The same flags apply for pushing as for pulling:

$ secrets push -e production -f config/application.production.yml

Development

After checking out the storage_key, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/infinum/secrets_cli. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

License

The gem is available as open source under the terms of the MIT License.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].