valec

command module
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 1, 2016 License: MIT Imports: 1 Imported by: 0

README

Valec

Build Status codecov GitHub release

Handle application secrets securely

Valec is a CLI tool to handle application secrets securely using AWS DynamoDB and KMS. Valec enables you to manage application secrets in your favorite VCS.

Workflow

  1. Set up DynamoDB and KMS (first time only).

    $ valec init

  2. Store secrets in local file. Values are encrypted.

    $ valec encrypt AWS_ACCESS_KEY_ID=AKIAxxxx --add production.yaml
$ valec encrypt AWS_SECRET_ACCESS_KEY=yyyyyyyy --add production.yaml
$ cat production.yaml
- key: AWS_SECRET_ACCESS_KEY
  value: AQECAHi1osu...
- key: AWS_ACCESS_KEY_ID
  value: AQECAHi1osu...

  3. Save secrets to DynamoDB table.

    $ valec sync production.yaml
No config will be deleted.

2 configs of production namespace will be added.
- AWS_SECRET_ACCESS_KEY
- AWS_ACCESS_KEY_ID
2 configs of production namespace were successfully added.

  4. Use stored secrets in your application.

    Use stored secrets directly:

    $ valec exec bin/server

    or use as dotenv:

    $ valec dump production > .env
$ bin/server

Usage

valec dump

Dump secrets in dotenv format

$ valec dump hoge
HOGE=fuga

With -t TEMPLATE flag, Valec dumps secrets as the form of embedding them in the given dotenv file. To override all values written in dotenv file, please specify --override flag too.

$ cat .env.sample
FOO=
HOGE=hogehoge
hogehoge
YEAR=2015

# comment
SSSS=

$ valec dump hoge -t .env.sample
FOO=barbarbar
HOGE=hogehoge
hogehoge
YEAR=2015

# comment
SSSS=

$ valec dump hoge -t .env.sample > .env
valec encrypt

Encrypt secret

With --add FILE flag, encrypted secret will be added to the specified file.

$ valec encrypt NAME=awesome
AQECAHi1osu8IsEnPMo1...

$ valec encrypt NAME=awesome --add secrets.yml
$ cat secrets.yml
- key: NAME
  value: AQECAHi1osu8IsEnPMo1...
valec exec

Execute commands using stored secrets

$ env | grep HOGE

$ valec exec hoge env | grep HOGE
HOGE=fuga
valec init

Initialize Valec environment

These resources will be created:

  • KMS key and alias (default: valec)
  • DynamoDB table (default: valec)
$ valec init
valec list

List stored secrets

# List secrets stored in DynamoDB
$ valec list hoge
HOGE: fuga

# List secrets stored in local file
$ valec list -f hoge.yaml
valec namespaces

List all namespaces

$ valec namespaces
hoge
valec sync

Synchronize secrets between local file and DynamoDB

$ valec sync hoge.yaml
No config will be deleted.

1 configs of hoge namespace will be added.
- PPAP
1 configs of hoge namespace was successfully added.

If --dry-run flag is given, Valec does not modify DynamoDB table actually. This might be useful for CI use.

$ valec sync hoge.yaml --dry-run
No config will be deleted.

1 configs of hoge namespace will be added.
- PPAP

Development

Retrieve this repository and build using make.

$ go get -d github.com/dtan4/valec
$ cd $GOPATH/src/github.com/dtan4/valec
$ make deps
$ make

Author

Daisuke Fujita (@dtan4)

License

MIT License

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
aws
dynamodb
kms

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.