Module: GoogleCloudEnvSecrets

Defined in:
lib/google_cloud_env_secrets/config.rb,
lib/google_cloud_env_secrets/railtie.rb,
lib/google_cloud_env_secrets/secrets.rb,
lib/google_cloud_env_secrets/version.rb

Defined Under Namespace

Classes: Configuration, Railtie

Constant Summary collapse

VERSION = 
"0.1.3"

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.configurationObject

Returns the value of attribute configuration.



16
17
18
 
# File 'lib/google_cloud_env_secrets/config.rb', line 16

def configuration
  @configuration
end

Class Method Details

.allObject 



2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/google_cloud_env_secrets/secrets.rb', line 2

def self.all
  @secrets = nil unless self.configuration.cache_secrets
  @secrets ||= begin
      # Skip if not running on Google Cloud and credentials are not set explicitly
      if self.configuration.credentials.nil? && Google::Cloud.env.project_id.nil?
        return {}
      end

      # Configure and initialize
      # https://googleapis.dev/ruby/google-cloud-secret_manager/latest/Google/Cloud/SecretManager.html
      Google::Cloud::SecretManager.configure do |config|
        config.credentials = self.configuration.credentials
      end

      client = Google::Cloud::SecretManager.secret_manager_service

      # create worker pool to read secrets in parallel
      pool = Concurrent::FixedThreadPool.new(Concurrent.processor_count * 4)
      secrets = Concurrent::Hash.new

      # read all secrets ...
      client.list_secrets(parent: "projects/" + self.configuration.project).each do |secret|
        pool.post(secret) do |secret|
          name = secret.name.split("/").last

          # only consider prefixed secrets?
          if self.configuration.prefix
            next unless name.start_with? self.configuration.prefix

            # clean up name
            name.delete_prefix! self.configuration.prefix
            name.sub! /^[^a-z0-9]+/i, ""
          end

          secrets[name] = client.access_secret_version(name: secret.name + "/versions/latest").payload.data
        end
      end

      # shutdown worker pool
      pool.shutdown
      pool.wait_for_termination

      secrets
    end

  @secrets || {}
end

.configure {|configuration| ... } ⇒ Object

Yields:



19
20
21
22
 
# File 'lib/google_cloud_env_secrets/config.rb', line 19

def self.configure
  self.configuration ||= Configuration.new
  yield(configuration)
end

.find(name) ⇒ Object 



50
51
52
 
# File 'lib/google_cloud_env_secrets/secrets.rb', line 50

def self.find(name)
  self.all[name.to_s]
end

.inject_env!(secrets = {}, force = true, env = ENV) ⇒ Object 



54
55
56
57
58
59
60
61
62
63
 
# File 'lib/google_cloud_env_secrets/secrets.rb', line 54

def self.inject_env!(secrets = {}, force = true, env = ENV)
  secrets.each do |name, value|
    name = name.to_s
    if force
      env[name] = value
    else
      env[name] ||= value
    end
  end
end

.loadObject

load Google Secrets into ENV



11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
# File 'lib/google_cloud_env_secrets/railtie.rb', line 11

def self.load
  GoogleCloudEnvSecrets.configure do |config|
    config.credentials = ENV["GOOGLE_APPLICATION_CREDENTIALS"] || nil
    config.project = ENV["GOOGLE_PROJECT"] || Google::Cloud.env.project_id
    config.prefix = ENV["GOOGLE_SECRETS_PREFIX"] || nil

    if ENV.has_key?("GOOGLE_SECRETS_FORCE")
      config.force = ENV["GOOGLE_SECRETS_FORCE"]&.to_s&.downcase == "true"
    end
  end

  secrets = GoogleCloudEnvSecrets.all
  GoogleCloudEnvSecrets.inject_env!(secrets, GoogleCloudEnvSecrets.configuration.force)
end