class ECSUtil::Commands::SecretsCommand

Public Instance Methods

run() click to toggle source
# File lib/ecsutil/commands/secrets.rb, line 2
def run
  case action
  when nil, "show"
    show_local_secrets
  when "edit"
    edit_secrets
  when "push"
    push_secrets
  when "live"
    load_secrets
    show_live_secrets
  when "delete"
    confirm
    load_secrets
    deregister_secrets
  else
    fail "Invalid action: #{action}"
  end
end

Private Instance Methods

edit_secrets() click to toggle source
# File lib/ecsutil/commands/secrets.rb, line 44
def edit_secrets
  step_info "Editing secrets file %s", config["secrets_file"]
  vault_edit(config["secrets_file"], config["secrets_vaultpass"])
end
load_local_secrets() click to toggle source
# File lib/ecsutil/commands/secrets.rb, line 24
def load_local_secrets
  vault_read(config["secrets_file"], config["secrets_vaultpass"])
end
push_secrets() click to toggle source
# File lib/ecsutil/commands/secrets.rb, line 49
def push_secrets
  confirm("Will push secrets live to #{config["secrets_prefix"]}")
  load_secrets

  local = parse_env_data(load_local_secrets)
  live  = config["secrets_data"].map { |item| [item[:key], item[:value]] }.to_h

  added_count   = 0
  skipped_count = 0
  removed_count = 0

  local.each_pair do |key, value|
    if live[key] == value
      step_info "Skipping #{key}, already set"
      skipped_count += 1
      next
    end

    step_info "Setting #{key} to #{value}"
    aws_call("ssm", "put-parameter", {
      Type:      "SecureString",
      Name:      sprintf("%s/%s", config["secrets_prefix"], key),
      Value:     value,
      KeyId:     config["secrets_key"],
      Overwrite: true
    })
    added_count += 1
  end

  config["secrets_data"].each do |secret|
    if !local[secret[:key]]
      step_info "Removing #{secret[:key]}"
      aws_call("ssm", "delete-parameter", "--name=#{secret[:name]}")
      removed_count += 1
    end
  end

  step_info "Skipped: %d, Added: %d, Removed: %d\n",
    skipped_count,
    added_count,
    removed_count
end
show_live_secrets() click to toggle source
# File lib/ecsutil/commands/secrets.rb, line 33
def show_live_secrets
  if config["secrets_data"].empty?
    puts "No secrets found for prefix #{config["secrets_prefix"]}"
    return
  end
  
  config["secrets_data"].each do |secret|
    printf("%s=%s\n", secret[:key], secret[:value])
  end
end
show_local_secrets() click to toggle source
# File lib/ecsutil/commands/secrets.rb, line 28
def show_local_secrets
  step_info "Loading secrets from %s", config["secrets_file"]
  puts load_local_secrets
end