pantheon-systems / terminus-secrets-plugin Goto Github PK
View Code? Open in Web Editor NEWA simple secrets management plugin for Terminus
License: MIT License
A simple secrets management plugin for Terminus
License: MIT License
I have installed the secrets
plugins but the command doesn't register in terminus 3.
ls -la ~/.terminus/plugins/terminus-secrets-plugin/
total 28
drwxr-xr-x 8 circleci circleci 205 Dec 13 14:24 .
drwxr-xr-x 3 circleci circleci 37 Dec 13 14:24 ..
drwxr-xr-x 2 circleci circleci 49 Feb 22 2019 .circleci
drwxr-xr-x 2 circleci circleci 42 Feb 22 2019 Commands
-rw-r--r-- 1 circleci circleci 1368 Feb 22 2019 composer.json
-rw-r--r-- 1 circleci circleci 571 Dec 13 14:24 composer.lock
-rw-r--r-- 1 circleci circleci 1254 Feb 22 2019 CONTRIBUTING.md
-rw-r--r-- 1 circleci circleci 30 Feb 22 2019 .gitignore
-rw-r--r-- 1 circleci circleci 1075 Feb 22 2019 LICENSE
-rw-r--r-- 1 circleci circleci 4502 Feb 22 2019 README.md
drwxr-xr-x 3 circleci circleci 22 Feb 22 2019 src
drwxr-xr-x 4 circleci circleci 42 Feb 22 2019 tests
drwxr-xr-x 4 circleci circleci 34 Feb 22 2019 tools
drwxr-xr-x 3 circleci circleci 42 Dec 13 14:24 vendor
When I try the secrets namespace
terminus secrets
Command "secrets" is not defined.
Step to reproduce:
Result:
https://screencast.com/t/qAoHvpRX7
I didn't get any errors but I'm not sure yet if the empty results when running the secrets.js
could be related to the bug filed by Nicolas Bowers - #10. Updating it via sftp indeed fixed the problem. Something in the file not being read by quicksilver.
The 'Usage' section of the project's README.md presents example commands that do not exactly match the description for those commands: the descriptions use a site name of sitename
, and the commands use a site name of site
.
Patch forthcoming.
Perhaps this should wait until the 1.0 launch?
A Drupal 8 example problem
Say I want to keep the SMTP Authentication config out of the database to make sure that database dumps do not copy credentials around. (Using Quicksilver to sanitize is good, but still leaves the case of direct DB access). I know that Lockr + the key module is the best approach, but SMTP and many other modules do not support it yet unfortunately.
What if the sites/default/settings.php
were to parse the secrets.json for entries like:
{ "drupal_settings":
{ "smtp.settings":
{ "smtp_username": "foo", ... }}}
Does this sound like a reasonable way to contain Drupal config to a given Pantheon environment? Am I missing an easier way to do this that is already available?
Right now this is what I get:
Connected to appserver.dev.e8f753e4-afab-460c-9820-610977cba313.drush.in.
Couldn't stat remote file: No such file or directory
File "/srv/bindings/3b30e826a0ae45e6bcd524afb3971c34/files/secrets.json" not found.
Connected to appserver.dev.e8f753e4-afab-460c-9820-610977cba313.drush.in.
Couldn't stat remote file: No such file or directory
Running 0.13.3 on OS X (installed via Homebrew). terminus secrets show
throws a fatal error:
PHP Fatal error: Uncaught Error: Class 'Terminus\Models\Collections\Sites' not found in /Users/gchaix/terminus/plugins/terminus-secrets-plugin/Commands/SecretsCommand.php:33
Changing line 10 of SecretsCommand.php from use Terminus\Models\Collections\Sites;
to use Terminus\Collections\Sites;
resolves the issue.
Currently on Terminus 3.0.6.
When I run the documented install command, terminus self:plugin:install pantheon-systems/terminus-secrets-plugin
, I get the following error:
[error] Please update Composer to enable plugin management. Run composer self-update.
Composer has been updated to 2.2.8, but running the install command for the plugin continues to give the error to update Composer.
Also, be aware that your secrets may be overwritten by filesystem sync operations. For instance, if you check the "pull files and database from Live" option when deploying to TEST, that will overwrite the TEST env with secrets (or a lack thereof) in LIVE. If you intend to use secrets.json for production, make sure you set the same file in all environments to avoid confusion.
Not trying to be negative here, but this is a really bad design/workflow.
It's really simple: include the environment in the filename: secrets.{PANTHEON_ENV}.json
secrets.custom-multidev.json
secrets.dev.json
secrets.test.json
secrets.live.json
That way, even if they are synced down, they don't overwrite each other and the plugin always choses the correct one based on the environment being targeted.
I'm running the command and getting the following error:
terminus secrets:set persch-bikes.dev loader_test_config_id xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
receiving file list ...
1 file to consider
rsync: mkstemp "/private/var/folders/f7/_swx4fg57y50ptr577xbbtsw0000gn/T/phpkMjKlo/../tmp//.secrets.json.pwESEB" failed: No such file or directory (2)
95 100% 92.77kB/s 0:00:00 (xfer#1, to-check=0/1)
sent 48 bytes received 190 bytes 52.89 bytes/sec
total size is 95 speedup is 0.40
rsync error: some files could not be transferred (code 23) at /BuildRoot/Library/Caches/com.apple.xbs/Sources/rsync/rsync-47/rsync/main.c(1400) [generator=2.6.9]
[error] Command `rsync -rlvz --size-only --ipv4 --progress --exclude=.git -e 'ssh -p 2222' dev.ea21264c-92c4-41db-b0a2-ba0a5714ad3b@appserver.dev.ea21264c-92c4-41db-b0a2-ba0a5714ad3b.drush.in:files/private/secrets.json --temp-dir=../tmp/ /private/var/folders/f7/_swx4fg57y50ptr577xbbtsw0000gn/T/phpkMjKlo` failed with exit code 23
It looks as though the plugin is attempted to rysnc down to a local directory /private/var/folders/f7/_swx4fg57y50ptr577xbbtsw0000gn/T/phpkMjKlo
.
/private/var/folders/f7/_swx4fg57y50ptr577xbbtsw0000gn/T/
exists for me locally but not
/private/var/folders/f7/_swx4fg57y50ptr577xbbtsw0000gn/T/phpkMjKlo
Could this be a permissions issue for me locally? I use this plugin in a few CircleCI scripts without a problem.
The readme say the path for the secrets.json is ~/files/private/secrets.json
but while loading it in a php file I found out that it should be /files/private/secrets.json
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.