Skip to content

Gyro Vault#79

Open
beetlebugorg wants to merge 30 commits intomasterfrom
feature/vault
Open

Gyro Vault#79
beetlebugorg wants to merge 30 commits intomasterfrom
feature/vault

Conversation

@beetlebugorg
Copy link
Contributor

@beetlebugorg beetlebugorg commented Jul 18, 2019
edited
Loading

Fixes #176

Implements Gyro Vault functionality. This includes a Vault plugin interface, a vault command to manipulate a vault, and a reference resolver for using vault secrets in Gyro configs.

Gyro Vault is intended to interface with existing secrets managers such as AWS Secrets Manager. It includes a basic file system based vault.

Gyro vault command syntax:

gyro vault put key value
gyro vault get key
gyro vault list [prefix]

Gyro vault resolver syntax:

$(vault-lookup secret [vault])

Jeremy Collins added 4 commits July 18, 2019 14:00
Move checking for resources in .gyro/init to Gyro.main
7e5fe7b 
This is so we can use RootScope to load any Gyro file. This will be used by the new Vault system to load/store secrets using the Gyro language format.
Initial implementation of Gyro vault functionality
341d579 
Implements:

- Vault abstract class that custom vault implementations can subclass
- LocalVault implementation that stores encrypted secrets in .gyro directory
- VaultCommand for getting/setting and listing secrets
- VaultReferenceResolver to provide a method to lookup secrets within Gyro configs
- VaultDirectiveProcessor for configuring vault implementations in .gyro/init.gyro
Make save method private, only used internally
8d7a8a1
Cleanup
07820a7
@beetlebugorg beetlebugorg changed the title Feature/vault GYRO-275: Gyro Vault Jul 18, 2019
Jeremy Collins and others added 16 commits July 19, 2019 07:45
Read encryption key from key-path
3042f1d
Build vault file based on vault name rather than letting user set it
bbcf966
Remove unused ALGORITHM field
c932c3f
Allow custom key length and key iterations
cdadb32
Add ability to remove a secret from the vault
eab7268
Merge branch 'master' into feature/vault
c7219ab
Initial work to implement CustomValue
358e3d5 
This work is intended to allow a custom value that can alter how it's serialized to state.

For VaultSecret it'll write "$(vault-lookup key vault hash)" in state.
@hyoolim
Changes DiffableField.getValue to always prefer the value in scope.
ea42d64
@hyoolim
Moves CustomValue check to where it'd work.
43ba29b
Add 'vault-lookup' to state node for VaultSecret
e044a3b
Add hash option to VaultReferenceResolver and VaulSecret
dcd6c97
All VaultSecret to hide its diff output
9ec6007
Merge branch 'master' into feature/vault
7847bb1
Fix compilation error
73f9597
Merge branch 'master' into feature/vault
8f734e6
Serialize CustomValues to state
b51a473
@beetlebugorg beetlebugorg changed the title GYRO-275: Gyro Vault Fixes #176: Gyro Vault Oct 9, 2019
@beetlebugorg beetlebugorg changed the title Fixes #176: Gyro Vault Gyro Vault Jan 29, 2020
Jeremy Collins added 3 commits February 3, 2020 13:26
Only evaluate files in the local vault
1bced32 
This fixes an issue where all files were being evaluated when loading the local vault. This would fail because the vault itself is not defined in this use case.
Allow duplicate vaults
f42d62a 
This is just a temporary fix. Need to investigate why this fails when only a single instance of a vault is defined.
Compare strings to VaultSecret.getValue()
30d3cc5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

GyroInstance methods may conflict with Cloud Specific Resources

2 participants

@beetlebugorg @hyoolim