Itamae::Secrets - Encrypted Data Bag for Itamae
This is itamae plugin that provides store for secrets, like encrypted data bag in chef.
Installation
“by gem ‘itamae-secrets’
“
or
“ gem install itamae-secrets
“
Basic
itamae-secretscommand for storing data or manually readingItamae::Secretsinterface for itamae recipes- Data are stored in base directory.
- You must avoid
${base}/keysfrom checked into VCS. (.gitignoreit!)
- You must avoid
Walkthrough
Generate a key
randomly
“ itamae-secrets newkey –base=./secret –method=aes-random
“
from passphrase
“ itamae-secrets newkey –base=./secret –method=aes-passphrase
“
Both generates ./secret/keys/default. Make sure ./secret/keys be excluded from VCS.
Store value
“ itamae-secrets set –base=./secret awesome_secret value
“
(when omit value, it’ll read from STDIN until EOF. You can also use --noecho if you want hide value in your terminal’s buffer completely.)
Reading data from itamae
on your itamae recipe, do:
“uby require ‘itamae/secrets’ node[:secrets] = Itamae::Secrets(File.join(__dir__, ‘secrets’))
Use it
p node[:secrets][:awesome_secret]
“
Reading data from CLI
“ itamae-secrets get –base=./secret awesome_secret
“
Remembering --base
“ echo ‘base: ./secret’ » .itamae-secrets.yml
“
Development
After checking out the repo, run bin/setup to install dependencies. Then, run rake rspec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.
Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/sorah/itamae-secrets.
Security issues? Send me directly at [email protected]. My GPG key is available here: http://sorah.jp/id.html (SSL)
License
The gem is available as open source under the terms of the MIT License.
To-dos
- [] Missing test :(