S3crets

s3crets looks for a YAML config file and performs a deep merge against a directory of json files but only if the top level yaml key is present in the destination JSON file. This ensures your secrets are only merged into the files you intended. The purpose of s3crets was to help us keep secrets out of configuration JSON, which is kept in source control.

Installation

Add this line to your application's Gemfile:

gem 's3crets'

And then execute:

$ bundle

Or install it yourself as:

$ gem install s3crets

Usage

Secrets takes 3 arguments, of which only 2 are required [:json_dir, :secrets_file]

    -s, --secrets-file FILE          Secret file to merge into JSON (required)
    -j, --json-dir DIR               Directory to search for json files (required)
    -o, --overwrite                  Overwrite JSON, default is false which will add '.new' to the file name, eg: something.json -> something.new.json

Example Secrets File:

mysql:
    server_repl_password: 11111
    server_root_password: 22222
    server_debian_password: 33333
random:
    config: something

Example JSON File

{
  "node_type": "management-slave_server",
  "run_list": "recipe[management-slave_server]",
  "mysql": {
    "server_root_password": 22222,
    "server_repl_password": 11111,
    "server_debian_password": 33333
  },
  "prism": {
    "console": {
      "realm": "ProvisioningRealm"
    }
  },
  "provisioning_api": {
    "brokers": [
      "management1.qa.voxeolabs.net",
      "management2.qa.voxeolabs.net"
    ],
    "jdbc_url": "jdbc:mysql://management1.qa.voxeolabs.net:3306/provisioning"
  }
}

If the preceeding secrets file is applied against the JSON file above only the mysql key will be merged in, since s3crets assumes all top level keys in the JSON object are correct. This allows you to have one secrets file and apply it against multiple JSON templates and only the indended data will be merged in.

Examples

Applying Secrets while perserving original JSON files
s3crets --secrets-file ~/Projects/deployment_models/full_ha_deployment_model/.secrets --json-dir ~/Projects/deployment_models/full_ha_deployment_model/ec2_json
Applying Secrets to original JSON files
s3crets --secrets-file ~/Projects/deployment_models/full_ha_deployment_model/.secrets --json-dir ~/Projects/deployment_models/full_ha_deployment_model/ec2_json  --overwrite

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request