Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding Hashicorp vault support #655

Merged
merged 18 commits into from May 4, 2020
Merged

Adding Hashicorp vault support #655

merged 18 commits into from May 4, 2020

Conversation

vnzongzna
Copy link
Contributor

Followup #623

gitirabassi and others added 15 commits February 5, 2020 19:15
@gitirabassi @ldue
feat: initial adding of vualt transit backend to sops
a8bc111 
initial work on integration
feat(vault): added cli coomands working for vualt"

fix(vault): fixed config with correct tests

fix(vault): added vault to keygroup and to keyservice server

fixed metadata load
@gitirabassi @ldue
feat(docs): added docs in README.md and in command help
7004d5c 
fix(doc): fix rst formatting"

fix(doc): fix rst formatting
@gitirabassi @ldue
fix(vault): addressed typos and fixes from autrilla
37d68f1 
feat(cli): moved vault to hc-vault naming
@gitirabassi @ldue
fix(test): typo while rebasing
b5a8928
@ldue
fix typos and imporve error messages for vault kms
9256361
@ldue
rename package from vault to hcvault
5350855
@ldue
refactor vault keysource url validation
b68f1f2
@ldue
add negative test cases for vault keysource
adf1b23
@ldue
add hc vault transit config option via objects
086b91f 
additional to URIs
@ldue
remove vault_example.yml
d6885b3
@ldue
streamline key name to snake case
3372156
@ldue
rename BackendPath to EnginePath for hc vault
201f661
Merge branch 'feat/hashicorp-vault' of github.com:ldue/sops into hash…
91ee88a 
…icorp-vault
@vnzongzna
correction in hc-vault-transit commands
ff1b1fd 
Signed-off-by: vnzongzna <github@vaibhavk.in>
@gitirabassi @vnzongzna
resolving conflict
331970d 
Signed-off-by: vnzongzna <github@vaibhavk.in>
@codecov-io
Copy link

codecov-io commented Apr 19, 2020
edited

Codecov Report

Merging #655 into develop will increase coverage by 1.06%.
The diff coverage is 19.95%.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop     #655      +/-   ##
===========================================
+ Coverage    37.11%   38.18%   +1.06%     
===========================================
  Files           21       23       +2     
  Lines         2891     3326     +435     
===========================================
+ Hits          1073     1270     +197     
- Misses        1724     1927     +203     
- Partials        94      129      +35
Impacted Files Coverage Δ
keyservice/keyservice.go 0.00% <0.00%> (ø)
keyservice/server.go 5.26% <0.00%> (-1.03%) ⬇️
stores/stores.go 0.00% <0.00%> (ø)
keyservice/keyservice.pb.go 4.12% <1.61%> (-0.17%) ⬇️
hcvault/keysource.go 48.12% <48.12%> (ø)
config/config.go 70.62% <54.54%> (-0.80%) ⬇️
stores/dotenv/store.go 25.00% <0.00%> (-6.86%) ⬇️
stores/dotenv/parser.go 83.33% <0.00%> (ø)
stores/json/store.go 53.19% <0.00%> (+0.18%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4bc27f6...c183564. Read the comment docs.

autrilla
autrilla suggested changes Apr 21, 2020
View reviewed changes
Copy link
Contributor

@autrilla autrilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some further changes needed, but most are just typos or rewordings.

README.rst Outdated Show resolved Hide resolved
README.rst Outdated Show resolved Hide resolved
README.rst Outdated Show resolved Hide resolved
README.rst Outdated Show resolved Hide resolved
README.rst Outdated Show resolved Hide resolved
config/config.go Outdated Show resolved Hide resolved
hcvault/keysource.go Outdated Show resolved Hide resolved
hcvault/keysource.go Outdated Show resolved Hide resolved
stores/dotenv/store.go Outdated Show resolved Hide resolved
stores/dotenv/store_test.go Outdated Show resolved Hide resolved
vnzongzna and others added 3 commits April 23, 2020 14:00
@vnzongzna @autrilla
Apply suggestions from code review
c183564 
Co-Authored-By: Adrian Utrilla <adrianutrilla@gmail.com>
@vnzongzna
allowing only hc_vault_transit_uri as input
05ad5e5 
Co-Authored-By: gitirabassi
Co-Authored-By: ldue
Signed-off-by: vnzongzna <github@vaibhavk.in>
@vnzongzna
Merge branch 'develop' into hashicorp-vault
5e9a9ed
@vnzongzna vnzongzna requested a review from autrilla April 28, 2020 20:20
autrilla
autrilla approved these changes May 4, 2020
View reviewed changes
Copy link
Contributor

@autrilla autrilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM now, thanks!

@autrilla autrilla merged commit e4abd87 into getsops:develop May 4, 2020
@vnzongzna vnzongzna deleted the hashicorp-vault branch May 6, 2020 10:44
@FWest98
Copy link

FWest98 commented May 28, 2020

Is there any information on when we can expect this in a release? For now, I am manually compiling the binaries in my docker file, but that is not ideal.

@smnbbrv smnbbrv mentioned this pull request Jun 3, 2020
Open
@l0nax
Copy link

l0nax commented Jun 4, 2020

Yea, we are also interested that a new release is created so we can use this feature via the official binaries.

rochaporto pushed a commit to rochaporto/sops that referenced this pull request Jun 22, 2020
@vnzongzna @gitirabassi
@ldue @autrilla @rochaporto
Add HashiCorp Vault support (getsops#655)
25237c5 
* feat: initial adding of vualt transit backend to sops
initial work on integration
feat(vault): added cli coomands working for vualt"

fix(vault): fixed config with correct tests

fix(vault): added vault to keygroup and to keyservice server

fixed metadata load

* feat(docs): added docs in README.md and in command help

fix(doc): fix rst formatting"

fix(doc): fix rst formatting

* fix(vault): addressed typos and fixes from autrilla

feat(cli): moved vault to hc-vault naming

* fix(test): typo while rebasing

* fix typos and imporve error messages for vault kms

* rename package from vault to hcvault

* refactor vault keysource url validation

* add negative test cases  for vault keysource

* add hc vault transit config option via objects
additional to URIs

* remove vault_example.yml

* streamline key name to snake case

* rename `BackendPath` to `EnginePath` for hc vault

* correction in hc-vault-transit commands

Signed-off-by: vnzongzna <github@vaibhavk.in>

* resolving conflict

Signed-off-by: vnzongzna <github@vaibhavk.in>

* Apply suggestions from code review

Co-Authored-By: Adrian Utrilla <adrianutrilla@gmail.com>

* allowing only hc_vault_transit_uri as input

Co-Authored-By: gitirabassi
Co-Authored-By: ldue
Signed-off-by: vnzongzna <github@vaibhavk.in>

Co-authored-by: gitirabassi <giacomo@tirabassi.eu>
Co-authored-by: ldue <larsduennwald@gmail.com>
Co-authored-by: Vaibhav Kaushik <vaibhavkaushik@vaibhavka-ltm1.internal.salesforce.com>
Co-authored-by: Adrian Utrilla <adrianutrilla@gmail.com>
This was referenced Jul 2, 2020
Closed
Closed
seh
seh reviewed Feb 24, 2021
View reviewed changes
README.rst
creation_rules:
- path_regex: \.dev\.yaml$
hc_vault_transit_uri: "$VAULT_ADDR/v1/sops/keys/secondkey"
- path_regex: \.prod\.yaml$
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was this regular expression supposed to match the file paths mentioned on line 348 below?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seh seh seh left review comments

@autrilla autrilla autrilla approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@vnzongzna @codecov-io @FWest98 @l0nax @seh @autrilla @gitirabassi @ldue