S3crets
s3crets looks for a YAML config file and performs a deep merge against a directory of json files but only if the top level yaml key is present in the destination JSON file. This ensures your secrets are only merged into the files you intended. The purpose of s3crets was to help us keep secrets out of configuration JSON, which is kept in source control.
Installation
Add this line to your application's Gemfile:
gem 's3crets'
And then execute:
$ bundle
Or install it yourself as:
$ gem install s3crets
Usage
Secrets takes 3 arguments, of which only 2 are required [:json_dir, :secrets_file]
-s, --secrets-file FILE Secret file to merge into JSON (required)
-j, --json-dir DIR Directory to search for json files (required)
-o, --overwrite Overwrite JSON, default is false which will add '.new' to the file name, eg: something.json -> something.new.json
Example Secrets File:
mysql:
server_repl_password: 11111
server_root_password: 22222
server_debian_password: 33333
random:
config: something
Example JSON File
{
"node_type": "management-slave_server",
"run_list": "recipe[management-slave_server]",
"mysql": {
"server_root_password": 22222,
"server_repl_password": 11111,
"server_debian_password": 33333
},
"prism": {
"console": {
"realm": "ProvisioningRealm"
}
},
"provisioning_api": {
"brokers": [
"management1.qa.voxeolabs.net",
"management2.qa.voxeolabs.net"
],
"jdbc_url": "jdbc:mysql://management1.qa.voxeolabs.net:3306/provisioning"
}
}
If the preceeding secrets file is applied against the JSON file above only the mysql key will be merged in, since s3crets assumes all top level keys in the JSON object are correct. This allows you to have one secrets file and apply it against multiple JSON templates and only the indended data will be merged in.
Examples
Applying Secrets while perserving original JSON files
s3crets --secrets-file ~/Projects/deployment_models/full_ha_deployment_model/.secrets --json-dir ~/Projects/deployment_models/full_ha_deployment_model/ec2_json
Applying Secrets to original JSON files
s3crets --secrets-file ~/Projects/deployment_models/full_ha_deployment_model/.secrets --json-dir ~/Projects/deployment_models/full_ha_deployment_model/ec2_json --overwrite
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request