Name: secret
Owner: Futurice
Description: For managing secrets.
Created: 2015-06-05 10:47:03.0
Updated: 2018-03-31 05:55:23.0
Pushed: 2017-10-11 07:53:44.0
Size: 53
Language: Python
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
Secret is for storing secrets. Backed by Amazon Web Services: notably IAM for access policies, KMS for encryption keys and S3 for storage.
pip install secret
secret-python3
.Configure AWS credentials for Boto (http://boto.readthedocs.org/en/latest/boto_config_tut.html).
Add global configuration to ~/.secret/credentials
, for example:
ault]
ult=S3 bucket name
ultkey=KMS encryption key handle
t=secret
tkey=alias/secret
on=eu-central-1
Add any configuration overrides in .secret, eg. {"project":"my-only-project"}
to not need to specify -P my-only-project
.
cret
instructions>
cret list
ty)
cret put hello world
ess! Wrote: secret/default/hello
cret list
o
cret get hello
d
cret put ssh_key ~/.ssh/id_rsa
ess! Wrote: secret/default/ssh_key
cret get ssh_key -o ~/.ssh/id_rsa
Project configuration (defined in .secret) allows for addressing keys with a shorthand syntax. The full naming
is also available. That is, project
/environment
/key
lookups like helloworld/default/hello
equal default/hello
equal hello
.
The /
character is reserved for supporting nested keys.
By namespacing keys it is possible to create groups of interest. Nested key names can be up to 1024 ASCII characters long.
cret put postgres/username joe
cret put postgres/password joespassword
cret put postgres/timeout 3600
cret get postgres
Value
out 3600
word joespassword
name joe
With S3 versioning enabled all changes leave an audit trail:
cret versions
t all versions of all keys>
cret versions ssh_key
t versions of a single key>
cret delete ssh_key
ess! Deleted: helloworld/default/ssh_key
cret get ssh_key
uchKey>
cret get ssh_key --version <version>
value data)
By default all project keys are stored under `default
environment. To store user/situation specific values
for the same keys (and new ones), provide ``
–env``` while issuing operations.
cret envs
cret put hello world --env production
cret get --env production
To enable verbose output for commands use `--debug 1
` argument.
Setup a local development environment for Secret:
ualenv py2venv --python=python2
ce py2venv/bin/activate
install -r requirements.txt
install pytest
r -p ~/.secret/credentials
"""
ault]
t=secret
tkey=alias/secret
on=eu-central-1
> $HOME/.secret/credentials
rt AWS_PROFILE=default
Client usage:
nvcmd ls
Run tests:
est